Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/3Fed1hywEKLDFaFJPavU3fCLS1E.roa
File:                     3Fed1hywEKLDFaFJPavU3fCLS1E.roa (raw, json)
Hash identifier:          BklcIvpOrK1or8Bp9v1HEMvniPgQAG+Hc+0lDpTVq7Q=
Subject key identifier:   DC:57:9D:D6:1C:B0:10:A2:C3:15:A1:49:3D:AB:D4:DD:F0:8B:4B:51
Certificate issuer:       /CN=19193cd0cfb9395989358e0396312cfbb1c88ffe
Certificate serial:       018CC50045675369841188062D2C99D120FB
Authority key identifier: 19:19:3C:D0:CF:B9:39:59:89:35:8E:03:96:31:2C:FB:B1:C8:8F:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GRk80M-5OVmJNY4DljEs-7HIj_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/3Fed1hywEKLDFaFJPavU3fCLS1E.roa
Signing time:             Mon 01 Jan 2024 12:29:38 +0000
ROA not before:           Mon 01 Jan 2024 12:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211238
IP address blocks:        2a02:6ea0:1000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/GRk80M-5OVmJNY4DljEs-7HIj_4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/GRk80M-5OVmJNY4DljEs-7HIj_4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GRk80M-5OVmJNY4DljEs-7HIj_4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:45:67:53:69:84:11:88:06:2d:2c:99:d1:20:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19193cd0cfb9395989358e0396312cfbb1c88ffe
        Validity
            Not Before: Jan  1 12:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc579dd61cb010a2c315a1493dabd4ddf08b4b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:04:e1:18:c2:1e:a1:4e:95:3b:fa:03:40:20:
                    e0:a4:dd:2c:49:59:9b:43:7f:1c:12:ae:20:69:4f:
                    92:30:dc:ce:6f:92:48:77:fe:6b:13:2c:a7:ba:dc:
                    6e:4e:09:0d:86:11:a2:29:2e:71:7b:c6:b6:f3:98:
                    02:2e:8c:23:2d:c2:31:21:37:69:9f:6d:fd:3f:a2:
                    89:2b:32:2a:d1:bf:5e:e2:f9:f0:79:f5:5b:09:fc:
                    92:1e:7e:51:22:84:ee:d2:17:24:51:98:0d:67:47:
                    e9:d8:36:d5:d6:f9:a1:aa:be:b3:5b:be:b8:fa:09:
                    e5:e9:23:69:9e:f8:85:5e:d3:f8:33:b5:fe:8f:12:
                    43:dc:54:ea:41:2e:ed:1b:3e:20:fb:7c:e9:f1:e7:
                    6c:7f:ef:bd:f6:6b:32:7e:b3:fa:f7:54:e1:eb:23:
                    11:03:9c:53:87:fb:04:5b:80:cc:2f:b4:49:b7:e0:
                    8c:ac:02:ce:06:ba:f3:ec:be:c8:d3:1a:cb:e8:ba:
                    d8:d5:cb:37:37:ec:aa:03:65:5c:c3:5b:7f:4e:d9:
                    6d:ca:1e:08:ad:c1:76:71:53:a2:38:da:10:f7:68:
                    e0:cc:b9:05:4b:39:78:39:95:ea:3b:c9:f5:42:12:
                    1d:68:b5:53:12:42:76:b5:71:83:14:de:40:e5:56:
                    84:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:57:9D:D6:1C:B0:10:A2:C3:15:A1:49:3D:AB:D4:DD:F0:8B:4B:51
            X509v3 Authority Key Identifier:
                keyid:19:19:3C:D0:CF:B9:39:59:89:35:8E:03:96:31:2C:FB:B1:C8:8F:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GRk80M-5OVmJNY4DljEs-7HIj_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/3Fed1hywEKLDFaFJPavU3fCLS1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/GRk80M-5OVmJNY4DljEs-7HIj_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6ea0:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         00:c8:73:09:b3:bc:a2:e2:ac:3c:6c:73:e8:61:3c:8c:2a:f8:
         38:90:67:8a:b0:bf:f6:2c:6e:92:c5:81:63:b2:13:11:28:b0:
         b6:a0:6e:3d:2f:fc:a8:5e:91:77:e7:19:6e:30:a8:e9:cd:af:
         2a:4d:b1:50:4e:e1:37:b2:95:96:69:f5:4e:76:69:0f:69:ab:
         75:9a:a2:e5:39:74:69:e4:cb:3d:92:82:2e:4c:22:68:7c:5b:
         7c:30:73:dc:51:ca:71:94:82:e0:bc:41:f4:ea:d8:16:44:5a:
         44:a6:8c:e3:f0:e4:78:c8:fe:ca:6c:30:0c:42:09:9f:49:28:
         35:c5:4f:6c:04:f0:f9:eb:3f:92:b7:20:6d:cd:38:27:e6:5b:
         fd:fc:49:f4:ca:db:50:1b:fc:f4:7e:44:ca:3e:f1:2b:e8:df:
         9a:8c:24:92:7e:a0:c3:aa:7b:f5:ec:e1:d8:f4:8e:60:57:9c:
         7b:97:0f:91:00:97:bf:ec:d4:fa:3b:13:72:f3:8b:e2:ca:b3:
         89:60:55:53:65:4e:82:81:69:78:34:08:e1:ec:57:c9:a0:31:
         48:28:20:39:01:44:74:d5:66:f3:48:6f:62:04:28:78:87:72:
         02:72:2e:9f:dd:68:54:03:b3:92:89:6b:a6:2d:c3:61:9a:e0:
         f7:d8:4b:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFAEVnU2mEEYgGLSyZ0SD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MTkzY2QwY2ZiOTM5NTk4OTM1OGUwMzk2MzEyY2ZiYjFj
ODhmZmUwHhcNMjQwMTAxMTIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU3OWRkNjFjYjAxMGEyYzMxNWExNDkzZGFiZDRkZGYwOGI0YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAThGMIeoU6VO/oDQCDgpN0sSVmb
Q38cEq4gaU+SMNzOb5JId/5rEyynutxuTgkNhhGiKS5xe8a285gCLowjLcIxITdp
n239P6KJKzIq0b9e4vnwefVbCfySHn5RIoTu0hckUZgNZ0fp2DbV1vmhqr6zW764
+gnl6SNpnviFXtP4M7X+jxJD3FTqQS7tGz4g+3zp8edsf++99msyfrP691Th6yMR
A5xTh/sEW4DML7RJt+CMrALOBrrz7L7I0xrL6LrY1cs3N+yqA2Vcw1t/Ttltyh4I
rcF2cVOiONoQ92jgzLkFSzl4OZXqO8n1QhIdaLVTEkJ2tXGDFN5A5VaECQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNxXndYcsBCiwxWhST2r1N3wi0tRMB8GA1UdIwQY
MBaAFBkZPNDPuTlZiTWOA5YxLPuxyI/+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JrODBNLTVPVm1KTlk0RGxqRXMtN0hJal80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8wZDY4ZDQtYWRiMy00ZmY5LWI3OGEt
NGVmOWQwN2M0NDA1LzEvM0ZlZDFoeXdFS0xERmFGSlBhdlUzZkNMUzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8wZDY4ZDQtYWRiMy00ZmY5LWI3OGEtNGVmOWQwN2M0NDA1
LzEvR1JrODBNLTVPVm1KTlk0RGxqRXMtN0hJal80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgJuoBAw
DQYJKoZIhvcNAQELBQADggEBAADIcwmzvKLirDxsc+hhPIwq+DiQZ4qwv/YsbpLF
gWOyExEosLagbj0v/KhekXfnGW4wqOnNrypNsVBO4TeylZZp9U52aQ9pq3WaouU5
dGnkyz2Sgi5MImh8W3wwc9xRynGUguC8QfTq2BZEWkSmjOPw5HjI/spsMAxCCZ9J
KDXFT2wE8PnrP5K3IG3NOCfmW/38SfTK21Ab/PR+RMo+8Svo35qMJJJ+oMOqe/Xs
4dj0jmBXnHuXD5EAl7/s1Po7E3Lzi+LKs4lgVVNlToKBaXg0COHsV8mgMUgoIDkB
RHTVZvNIb2IEKHiHcgJyLp/daFQDs5KJa6Ytw2Ga4PfYS9Y=
-----END CERTIFICATE-----