Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/3jp4ppFmHngnnz78f9iMfE4SULI.roa
File:                     3jp4ppFmHngnnz78f9iMfE4SULI.roa (raw, json)
Hash identifier:          pOKRPAlv8OcF9TRcEq5dWqG03KHrtX42id/THLtve2o=
Subject key identifier:   DE:3A:78:A6:91:66:1E:78:27:9F:3E:FC:7F:D8:8C:7C:4E:12:50:B2
Certificate issuer:       /CN=4dbd0b135a7dfd6b6aa1b1849eb163402de8e1b1
Certificate serial:       019306FB6F2174E3E3A4359E30872C5D5398
Authority key identifier: 4D:BD:0B:13:5A:7D:FD:6B:6A:A1:B1:84:9E:B1:63:40:2D:E8:E1:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/3jp4ppFmHngnnz78f9iMfE4SULI.roa
Signing time:             Thu 07 Nov 2024 14:16:01 +0000
ROA not before:           Thu 07 Nov 2024 14:16:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25160
IP address blocks:        2a10:d700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:06:fb:6f:21:74:e3:e3:a4:35:9e:30:87:2c:5d:53:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dbd0b135a7dfd6b6aa1b1849eb163402de8e1b1
        Validity
            Not Before: Nov  7 14:16:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de3a78a691661e78279f3efc7fd88c7c4e1250b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fb:06:ea:04:c2:33:71:6f:59:71:63:fd:74:
                    54:8b:61:33:fd:28:d9:fa:cc:83:bf:9a:9f:be:de:
                    61:87:25:fb:fb:a7:74:82:31:14:af:7a:37:44:3f:
                    f1:1c:d3:a4:7f:9b:a0:46:64:c8:e3:d7:c5:86:a9:
                    7e:b3:90:bc:93:64:86:17:e8:29:83:a5:67:2c:f9:
                    7b:df:ee:07:8c:b3:54:23:dc:49:6a:32:6d:1d:21:
                    35:45:8a:74:24:0a:78:58:66:4e:32:7a:b8:a8:71:
                    41:59:9f:60:ea:b6:95:21:9d:55:3a:cf:ee:53:b9:
                    66:d5:ca:a7:0a:89:5f:64:0d:11:7e:89:88:6b:f5:
                    f1:da:c9:94:00:da:95:fe:1c:39:05:ec:b3:a2:09:
                    cd:80:24:02:90:da:1c:2a:70:f5:b1:0f:7f:d4:fa:
                    ab:98:a8:fb:77:ca:00:88:2b:3f:be:f3:f4:62:4f:
                    96:93:22:a2:73:43:85:3b:98:f2:c2:39:d5:81:31:
                    58:f3:71:5b:dc:a0:7a:78:3e:f3:b2:83:c5:dc:56:
                    3e:c8:32:c9:89:d5:be:53:e0:be:6e:74:c6:53:e4:
                    2f:c1:e5:c5:67:02:ce:82:3c:86:bd:48:b7:c4:00:
                    c0:9c:be:48:2a:ab:dc:2f:30:eb:a1:32:ff:1f:4f:
                    05:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:3A:78:A6:91:66:1E:78:27:9F:3E:FC:7F:D8:8C:7C:4E:12:50:B2
            X509v3 Authority Key Identifier:
                keyid:4D:BD:0B:13:5A:7D:FD:6B:6A:A1:B1:84:9E:B1:63:40:2D:E8:E1:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tb0LE1p9_WtqobGEnrFjQC3o4bE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/3jp4ppFmHngnnz78f9iMfE4SULI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/247ee2-2365-4768-977f-fefa1abaedcf/1/Tb0LE1p9_WtqobGEnrFjQC3o4bE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:d700::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:74:ea:23:bc:76:66:05:97:ce:9c:d2:c5:05:26:be:5c:d4:
         84:ee:75:32:ec:15:0e:6f:5a:b9:f9:e4:38:3e:2b:e6:13:c8:
         83:d9:40:0c:ec:9a:79:df:fb:03:53:a8:ea:1c:43:e2:86:dd:
         15:d4:06:30:8c:f1:e6:77:3c:99:c5:83:96:ab:01:b5:33:5c:
         a4:14:a2:cf:52:7f:99:c6:05:06:2a:46:f3:0c:77:a1:53:ff:
         b9:e8:b7:50:b9:5f:96:be:78:3a:42:c4:fe:f8:03:1c:f5:89:
         3f:b5:a3:c9:cd:4d:dc:7e:ca:21:43:b4:87:97:3d:70:39:61:
         81:d2:cc:f9:c5:62:22:68:5a:34:e4:8e:d4:86:5e:a5:ea:54:
         c1:13:2f:5b:16:cf:c4:7d:ec:1d:80:32:ee:bc:74:39:07:4e:
         e9:2c:1d:c5:17:ba:f4:a5:85:97:34:41:ec:33:1e:40:83:40:
         78:00:62:f9:1d:80:cb:9f:5b:3f:f7:db:88:39:2c:17:ec:76:
         bb:bb:3f:35:68:12:05:2a:fe:01:45:c1:0b:72:12:b3:d8:46:
         ef:59:3c:f9:80:00:c2:3e:46:0d:5b:61:38:c9:54:fd:49:a9:
         73:7e:0d:e4:82:87:ab:bc:62:be:58:d8:7d:cc:1a:bc:86:6d:
         a3:d9:e1:96
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMG+28hdOPjpDWeMIcsXVOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYmQwYjEzNWE3ZGZkNmI2YWExYjE4NDllYjE2MzQwMmRl
OGUxYjEwHhcNMjQxMTA3MTQxNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTNhNzhhNjkxNjYxZTc4Mjc5ZjNlZmM3ZmQ4OGM3YzRlMTI1MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PsG6gTCM3FvWXFj/XRUi2Ez/SjZ
+syDv5qfvt5hhyX7+6d0gjEUr3o3RD/xHNOkf5ugRmTI49fFhql+s5C8k2SGF+gp
g6VnLPl73+4HjLNUI9xJajJtHSE1RYp0JAp4WGZOMnq4qHFBWZ9g6raVIZ1VOs/u
U7lm1cqnColfZA0RfomIa/Xx2smUANqV/hw5BeyzognNgCQCkNocKnD1sQ9/1Pqr
mKj7d8oAiCs/vvP0Yk+WkyKic0OFO5jywjnVgTFY83Fb3KB6eD7zsoPF3FY+yDLJ
idW+U+C+bnTGU+QvweXFZwLOgjyGvUi3xADAnL5IKqvcLzDroTL/H08FyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN46eKaRZh54J58+/H/YjHxOElCyMB8GA1UdIwQY
MBaAFE29CxNaff1raqGxhJ6xY0At6OGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGIwTEUxcDlfV3Rxb2JHRW5yRmpRQzNvNGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8yNDdlZTItMjM2NS00NzY4LTk3N2Yt
ZmVmYTFhYmFlZGNmLzEvM2pwNHBwRm1Ibmdubno3OGY5aU1mRTRTVUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8yNDdlZTItMjM2NS00NzY4LTk3N2YtZmVmYTFhYmFlZGNm
LzEvVGIwTEUxcDlfV3Rxb2JHRW5yRmpRQzNvNGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDXADAN
BgkqhkiG9w0BAQsFAAOCAQEADnTqI7x2ZgWXzpzSxQUmvlzUhO51MuwVDm9aufnk
OD4r5hPIg9lADOyaed/7A1Oo6hxD4obdFdQGMIzx5nc8mcWDlqsBtTNcpBSiz1J/
mcYFBipG8wx3oVP/uei3ULlflr54OkLE/vgDHPWJP7Wjyc1N3H7KIUO0h5c9cDlh
gdLM+cViImhaNOSO1IZepepUwRMvWxbPxH3sHYAy7rx0OQdO6SwdxRe69KWFlzRB
7DMeQINAeABi+R2Ay59bP/fbiDksF+x2u7s/NWgSBSr+AUXBC3ISs9hG71k8+YAA
wj5GDVthOMlU/Umpc34N5IKHq7xivljYfcwavIZto9nhlg==
-----END CERTIFICATE-----