Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b3fa64-f8b1-44e8-aba6-8601663395eb/1/sX41QwbxW_zW81jdhDX1m0kZpZ0.roa
File:                     sX41QwbxW_zW81jdhDX1m0kZpZ0.roa (raw, json)
Hash identifier:          8lTkLEPS92+vCiuVyxmvmH31S/VdpsecJeTdH7bwJ7I=
Subject key identifier:   B1:7E:35:43:06:F1:5B:FC:D6:F3:58:DD:84:35:F5:9B:49:19:A5:9D
Certificate issuer:       /CN=4cf9c3ec47fccf01d9305fe0d7d481b306b0d48c
Certificate serial:       018CC79530FD442AF5E95AB26BAFA290BEED
Authority key identifier: 4C:F9:C3:EC:47:FC:CF:01:D9:30:5F:E0:D7:D4:81:B3:06:B0:D4:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPnD7Ef8zwHZMF_g19SBswaw1Iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b3fa64-f8b1-44e8-aba6-8601663395eb/1/sX41QwbxW_zW81jdhDX1m0kZpZ0.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216195
IP address blocks:        2a13:fc41::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b3fa64-f8b1-44e8-aba6-8601663395eb/1/TPnD7Ef8zwHZMF_g19SBswaw1Iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b3fa64-f8b1-44e8-aba6-8601663395eb/1/TPnD7Ef8zwHZMF_g19SBswaw1Iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPnD7Ef8zwHZMF_g19SBswaw1Iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:30:fd:44:2a:f5:e9:5a:b2:6b:af:a2:90:be:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf9c3ec47fccf01d9305fe0d7d481b306b0d48c
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b17e354306f15bfcd6f358dd8435f59b4919a59d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b3:f3:c3:6c:52:98:24:25:67:56:f6:e1:01:
                    99:16:8b:6e:b5:21:19:6b:9b:43:54:53:eb:68:77:
                    f8:39:0d:2f:06:5f:6e:39:1c:08:52:4d:25:3d:b5:
                    00:43:c8:41:21:5e:d1:b7:ff:5f:e4:9b:06:ac:b0:
                    28:3b:1c:ed:9a:1e:ab:9e:ae:8a:aa:27:e8:bf:73:
                    e3:c8:ef:b8:25:34:0b:29:85:78:cb:0a:65:bb:9f:
                    0e:88:ab:88:d5:f6:ea:70:eb:29:96:7c:e5:03:e9:
                    c8:4c:68:25:ba:4b:39:ab:d7:01:3f:dc:be:ef:a2:
                    47:9a:25:4a:6f:65:27:e8:ab:4f:13:8a:ad:a5:be:
                    90:ad:73:0b:f3:c0:c0:5a:96:c5:1e:cd:73:2f:c9:
                    7d:e1:ab:bb:f9:ae:e8:4e:a9:a5:9d:2e:b3:66:cc:
                    90:3e:e0:0f:7a:f3:10:fb:c0:65:20:40:b2:92:dc:
                    56:49:e2:4f:d2:a7:bf:d8:6e:3a:83:50:5f:9c:8d:
                    0b:4b:06:3c:1f:8b:e1:3c:1f:62:24:a9:da:d5:41:
                    c2:39:7d:9b:5f:2f:c0:8f:84:a3:74:ae:c8:80:81:
                    fd:a8:9a:60:f3:39:b8:8c:93:c0:57:3d:13:42:12:
                    bd:57:b4:6f:43:70:d9:c2:d3:9c:58:02:fb:f1:fd:
                    bb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7E:35:43:06:F1:5B:FC:D6:F3:58:DD:84:35:F5:9B:49:19:A5:9D
            X509v3 Authority Key Identifier:
                keyid:4C:F9:C3:EC:47:FC:CF:01:D9:30:5F:E0:D7:D4:81:B3:06:B0:D4:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPnD7Ef8zwHZMF_g19SBswaw1Iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b3fa64-f8b1-44e8-aba6-8601663395eb/1/sX41QwbxW_zW81jdhDX1m0kZpZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b3fa64-f8b1-44e8-aba6-8601663395eb/1/TPnD7Ef8zwHZMF_g19SBswaw1Iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:fc41::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:45:99:4a:e0:a7:6a:e2:48:11:be:b6:51:38:72:79:1f:0c:
         ae:7a:f0:74:f8:84:e6:7e:1f:7a:1d:dd:7a:94:7c:fa:89:bf:
         e1:fe:4e:8a:b4:75:7e:08:d1:5c:b5:90:40:99:dc:ed:c4:60:
         65:fe:7e:a6:2e:53:6f:14:65:4f:5e:96:3d:e3:a6:b7:08:a0:
         0b:45:3b:b7:01:0b:b7:a5:bd:24:48:4a:67:bb:72:5d:5f:6b:
         9d:2c:8e:70:aa:39:2c:76:e4:00:0a:55:c7:60:df:4a:c5:11:
         50:42:e9:d6:2f:8c:ef:2e:e0:ce:d0:58:32:25:d7:aa:7a:05:
         e8:3a:d7:f0:77:41:18:7f:6e:1b:4a:a0:b8:36:eb:a4:07:58:
         d0:1d:16:26:d0:c7:e9:f7:f2:49:87:a1:4f:3d:c7:68:d7:51:
         bf:70:f7:39:c6:bf:b3:fd:8a:fe:fc:21:a1:08:3e:ac:c6:e2:
         c8:4e:8c:61:b5:39:71:ea:58:dc:73:f7:d0:1a:af:97:f3:35:
         33:ba:14:94:4b:ec:5b:26:b4:39:73:cd:65:5a:6e:29:3f:f1:
         49:58:1f:61:19:2a:49:f6:9a:98:3c:fe:66:db:36:64:23:07:
         32:19:f3:f6:b4:e5:86:32:5b:c5:a2:b8:49:32:cb:d7:22:1a:
         ef:21:c4:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlTD9RCr16Vqya6+ikL7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjljM2VjNDdmY2NmMDFkOTMwNWZlMGQ3ZDQ4MWIzMDZi
MGQ0OGMwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdlMzU0MzA2ZjE1YmZjZDZmMzU4ZGQ4NDM1ZjU5YjQ5MTlhNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7Pzw2xSmCQlZ1b24QGZFotutSEZ
a5tDVFPraHf4OQ0vBl9uORwIUk0lPbUAQ8hBIV7Rt/9f5JsGrLAoOxztmh6rnq6K
qifov3PjyO+4JTQLKYV4ywplu58OiKuI1fbqcOsplnzlA+nITGgluks5q9cBP9y+
76JHmiVKb2Un6KtPE4qtpb6QrXML88DAWpbFHs1zL8l94au7+a7oTqmlnS6zZsyQ
PuAPevMQ+8BlIECyktxWSeJP0qe/2G46g1BfnI0LSwY8H4vhPB9iJKna1UHCOX2b
Xy/Aj4SjdK7IgIH9qJpg8zm4jJPAVz0TQhK9V7RvQ3DZwtOcWAL78f27RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLF+NUMG8Vv81vNY3YQ19ZtJGaWdMB8GA1UdIwQY
MBaAFEz5w+xH/M8B2TBf4NfUgbMGsNSMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBuRDdFZjh6d0haTUZfZzE5U0Jzd2F3MUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iM2ZhNjQtZjhiMS00NGU4LWFiYTYt
ODYwMTY2MzM5NWViLzEvc1g0MVF3YnhXX3pXODFqZGhEWDFtMGtacFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iM2ZhNjQtZjhiMS00NGU4LWFiYTYtODYwMTY2MzM5NWVi
LzEvVFBuRDdFZjh6d0haTUZfZzE5U0Jzd2F3MUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhP8QQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBDRZlK4Kdq4kgRvrZROHJ5HwyuevB0+ITmfh96
Hd16lHz6ib/h/k6KtHV+CNFctZBAmdztxGBl/n6mLlNvFGVPXpY946a3CKALRTu3
AQu3pb0kSEpnu3JdX2udLI5wqjksduQAClXHYN9KxRFQQunWL4zvLuDO0FgyJdeq
egXoOtfwd0EYf24bSqC4NuukB1jQHRYm0Mfp9/JJh6FPPcdo11G/cPc5xr+z/Yr+
/CGhCD6sxuLIToxhtTlx6ljcc/fQGq+X8zUzuhSUS+xbJrQ5c81lWm4pP/FJWB9h
GSpJ9pqYPP5m2zZkIwcyGfP2tOWGMlvForhJMsvXIhrvIcSa
-----END CERTIFICATE-----