Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MiNIIdqxkJOUS8j9g2f6H6zG8ug.roa
File:                     MiNIIdqxkJOUS8j9g2f6H6zG8ug.roa (raw, json)
Hash identifier:          u09YLFrfiU81AjQBeKYvvw+hw6igExOP0g6tpx4YmLg=
Subject key identifier:   32:23:48:21:DA:B1:90:93:94:4B:C8:FD:83:67:FA:1F:AC:C6:F2:E8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E8AF3EC65FC8AC8622DBD296950EF05F8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MiNIIdqxkJOUS8j9g2f6H6zG8ug.roa
Signing time:             Fri 29 Mar 2024 16:03:45 +0000
ROA not before:           Fri 29 Mar 2024 16:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198771
IP address blocks:        2a00:1728:2b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8a:f3:ec:65:fc:8a:c8:62:2d:bd:29:69:50:ef:05:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 29 16:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32234821dab19093944bc8fd8367fa1facc6f2e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e5:ab:3b:ad:66:70:64:2c:c1:44:71:1e:51:
                    29:b0:91:c0:0c:a1:a8:4c:7f:b0:da:d3:3a:50:44:
                    a0:24:61:14:b4:b1:02:8e:29:b7:80:61:a7:c2:ee:
                    1e:f3:b5:78:d7:a3:ea:91:cc:aa:08:d7:61:d7:8d:
                    eb:7b:d9:28:c4:5f:9d:cb:8b:02:d9:70:92:7c:7d:
                    2c:92:df:b8:27:bf:cc:ad:22:b2:04:a9:7e:ee:dc:
                    53:50:94:e3:c4:69:a8:2b:dc:8b:5b:1b:d0:79:df:
                    c3:d2:2a:7e:55:c8:68:0b:24:17:c5:ca:7b:ae:68:
                    b8:6e:63:3b:db:9a:09:fa:e2:4d:3d:ff:46:7e:71:
                    19:ef:06:ed:c8:84:ab:b3:84:ea:3f:ec:fb:7f:1e:
                    c9:b3:54:8f:25:91:9b:c5:9e:4e:d0:73:79:11:f9:
                    07:c3:5b:a3:00:8c:7d:06:fe:98:db:53:49:72:9f:
                    e7:c8:9c:51:8a:79:ac:14:42:d7:ed:0b:e3:c5:b3:
                    0b:02:48:db:53:b6:72:70:7e:d5:3e:d9:c1:cc:c1:
                    78:01:45:96:bd:70:e6:eb:d2:09:99:ab:09:10:41:
                    c7:3b:ab:48:8c:65:12:06:a1:cb:de:34:28:47:e5:
                    34:d8:d2:1d:d7:d8:fe:f8:38:12:de:82:1c:d2:c6:
                    4f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:23:48:21:DA:B1:90:93:94:4B:C8:FD:83:67:FA:1F:AC:C6:F2:E8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MiNIIdqxkJOUS8j9g2f6H6zG8ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1728:2b::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:43:66:8e:7a:9d:c5:30:a7:0a:a1:83:34:2a:73:df:38:6f:
         09:63:e1:dd:74:37:c1:63:1a:81:f2:9c:60:13:c2:86:5a:b4:
         e6:79:9d:e5:73:6c:0d:a4:8c:8b:1c:40:54:c4:42:a8:45:02:
         b3:84:3b:28:dc:1b:35:6b:68:9e:9f:ba:98:aa:ab:71:bd:18:
         d1:c2:b1:94:d2:37:d7:43:75:92:d7:1d:f4:ea:d0:4a:5f:bb:
         bf:71:a9:da:a6:84:c3:f6:f2:3c:54:2d:f0:c5:02:00:e2:92:
         31:c3:cd:89:64:cc:69:4e:58:ab:a6:be:ba:71:20:09:e1:dc:
         b2:3a:a8:20:05:f8:81:6c:19:5f:bd:49:3e:5d:c2:f2:f8:c5:
         da:61:8b:be:33:a2:fa:68:4d:c0:2a:80:82:32:62:e9:d2:95:
         94:c2:9c:b6:12:29:9c:7a:8b:31:2c:9a:36:db:4d:a7:59:50:
         80:66:cd:11:54:51:ab:b6:c4:cf:65:76:8e:33:70:b6:11:a4:
         5d:bf:df:b1:06:b5:0c:56:40:d1:89:23:a8:dc:f6:94:16:c8:
         06:8c:10:b1:d0:db:61:dd:25:50:8b:21:ad:62:38:8c:14:ff:
         77:b4:ec:6c:48:5d:cb:97:6a:a6:76:81:2e:78:23:d8:08:bb:
         9b:f0:36:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6K8+xl/IrIYi29KWlQ7wX4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzI5MTYwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjIzNDgyMWRhYjE5MDkzOTQ0YmM4ZmQ4MzY3ZmExZmFjYzZmMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuWrO61mcGQswURxHlEpsJHADKGo
TH+w2tM6UESgJGEUtLECjim3gGGnwu4e87V416PqkcyqCNdh143re9koxF+dy4sC
2XCSfH0skt+4J7/MrSKyBKl+7txTUJTjxGmoK9yLWxvQed/D0ip+VchoCyQXxcp7
rmi4bmM725oJ+uJNPf9GfnEZ7wbtyISrs4TqP+z7fx7Js1SPJZGbxZ5O0HN5EfkH
w1ujAIx9Bv6Y21NJcp/nyJxRinmsFELX7QvjxbMLAkjbU7ZycH7VPtnBzMF4AUWW
vXDm69IJmasJEEHHO6tIjGUSBqHL3jQoR+U02NId19j++DgS3oIc0sZPJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDIjSCHasZCTlEvI/YNn+h+sxvLoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTWlOSUlkcXhrSk9VUzhqOWcyZjZINnpHOHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAXKAAr
MA0GCSqGSIb3DQEBCwUAA4IBAQCcQ2aOep3FMKcKoYM0KnPfOG8JY+HddDfBYxqB
8pxgE8KGWrTmeZ3lc2wNpIyLHEBUxEKoRQKzhDso3Bs1a2ien7qYqqtxvRjRwrGU
0jfXQ3WS1x306tBKX7u/canapoTD9vI8VC3wxQIA4pIxw82JZMxpTlirpr66cSAJ
4dyyOqggBfiBbBlfvUk+XcLy+MXaYYu+M6L6aE3AKoCCMmLp0pWUwpy2Eimceosx
LJo2202nWVCAZs0RVFGrtsTPZXaOM3C2EaRdv9+xBrUMVkDRiSOo3PaUFsgGjBCx
0Nth3SVQiyGtYjiMFP93tOxsSF3Ll2qmdoEueCPYCLub8DbJ
-----END CERTIFICATE-----