Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/P3d0hMDzpnWmmvvZffbbWYQIi9U.roa
File:                     P3d0hMDzpnWmmvvZffbbWYQIi9U.roa (raw, json)
Hash identifier:          CMzo0yfhmf8AiXZGglyDkJDYjHqOZQJBtJb1oGFsGgw=
Subject key identifier:   3F:77:74:84:C0:F3:A6:75:A6:9A:FB:D9:7D:F6:DB:59:84:08:8B:D5
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC5015BDF2EDE78684FF11F2DBD1DA99E
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/P3d0hMDzpnWmmvvZffbbWYQIi9U.roa
Signing time:             Mon 01 Jan 2024 12:30:49 +0000
ROA not before:           Mon 01 Jan 2024 12:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213252
IP address blocks:        2a0f:6580:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:5b:df:2e:de:78:68:4f:f1:1f:2d:bd:1d:a9:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f777484c0f3a675a69afbd97df6db5984088bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:44:1d:ea:32:db:e7:20:29:24:4f:b8:1b:7e:
                    bc:4b:f1:40:f8:2d:eb:6a:de:a2:4a:45:bb:06:12:
                    0f:c8:de:18:8a:39:73:db:d4:d0:32:f7:d1:9a:87:
                    4d:43:c5:8e:e3:07:3a:74:21:dc:57:6e:c5:bd:87:
                    fa:fe:e3:d5:fe:d3:a4:3c:ee:44:98:76:a4:e2:a0:
                    46:d6:30:d2:da:e0:07:09:57:82:c2:0d:7c:cd:42:
                    3a:b8:95:cb:56:df:4e:cd:65:b9:af:c2:cf:94:ad:
                    e9:9b:9b:13:6f:f6:5c:01:77:6f:51:de:0a:b3:d5:
                    40:c8:6e:22:dd:57:97:09:bf:d8:81:fd:3f:00:7d:
                    dc:6b:82:c4:76:51:c0:99:6b:ce:92:a4:fe:7b:4f:
                    3f:65:a9:39:0c:1f:96:52:c5:fc:07:4f:de:eb:b4:
                    f5:48:c5:40:2d:0a:58:0b:61:17:be:ea:03:07:5c:
                    e7:4b:94:d9:ae:3b:a3:94:16:7e:ba:b5:84:85:de:
                    f8:64:ad:78:88:35:24:f0:39:90:ac:50:94:e2:14:
                    19:7f:60:b1:46:b8:2c:e0:cf:7a:d0:ab:97:54:7b:
                    41:53:b7:c9:3c:59:0e:88:36:95:f7:5f:2f:ea:c0:
                    1b:33:cb:af:97:23:b5:d8:f8:92:6e:4a:e4:ba:84:
                    b5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:77:74:84:C0:F3:A6:75:A6:9A:FB:D9:7D:F6:DB:59:84:08:8B:D5
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/P3d0hMDzpnWmmvvZffbbWYQIi9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:76:38:b9:a2:84:cc:2f:ca:60:28:c8:ee:3c:68:e0:a8:c4:
         d4:53:c2:81:f8:2c:50:86:72:62:58:50:f3:06:78:b2:9e:97:
         66:2f:a8:8f:b2:3f:b7:7c:39:4a:bb:35:e1:07:1c:b9:19:b5:
         a6:e6:c2:60:fb:58:58:68:88:57:df:ea:c1:e1:e0:e1:b6:32:
         8d:a3:49:93:68:01:d0:76:b2:59:78:19:d0:63:eb:d9:e2:7b:
         ee:d2:e8:5b:27:f8:43:20:c4:4c:e6:65:18:9c:ac:0a:62:d5:
         d6:00:ef:cc:9b:d5:8c:20:68:74:fb:f4:f2:f0:85:b5:70:30:
         e5:20:6c:e5:bf:5f:8d:2e:03:8d:fb:cc:5c:69:e7:bd:ab:35:
         c9:42:36:5a:6e:26:5b:eb:9a:55:40:00:d6:33:95:e9:d4:01:
         96:cd:97:45:0f:1d:8b:d5:3d:9e:ba:af:9e:b5:2e:18:88:ae:
         80:ed:71:38:11:98:75:3b:93:d1:d1:68:56:ca:3f:bb:55:fa:
         02:b6:d3:04:2b:fc:8a:58:ce:d9:12:c4:75:f3:a5:4a:2c:6d:
         34:8d:46:1d:47:27:df:3a:fa:f2:17:74:bd:06:b2:4f:82:d0:
         6b:3e:62:8f:98:96:25:09:2e:a4:7d:b7:b9:33:14:80:2f:bb:
         f1:d5:72:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAVvfLt54aE/xHy29HameMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjc3NzQ4NGMwZjNhNjc1YTY5YWZiZDk3ZGY2ZGI1OTg0MDg4YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkQd6jLb5yApJE+4G368S/FA+C3r
at6iSkW7BhIPyN4Yijlz29TQMvfRmodNQ8WO4wc6dCHcV27FvYf6/uPV/tOkPO5E
mHak4qBG1jDS2uAHCVeCwg18zUI6uJXLVt9OzWW5r8LPlK3pm5sTb/ZcAXdvUd4K
s9VAyG4i3VeXCb/Ygf0/AH3ca4LEdlHAmWvOkqT+e08/Zak5DB+WUsX8B0/e67T1
SMVALQpYC2EXvuoDB1znS5TZrjujlBZ+urWEhd74ZK14iDUk8DmQrFCU4hQZf2Cx
Rrgs4M960KuXVHtBU7fJPFkOiDaV918v6sAbM8uvlyO12PiSbkrkuoS1xwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD93dITA86Z1ppr72X3221mECIvVMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvUDNkMGhNRHpwbldtbXZ2WmZmYmJXWVFJaTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAAdji5ooTML8pgKMjuPGjgqMTUU8KB+CxQhnJi
WFDzBniynpdmL6iPsj+3fDlKuzXhBxy5GbWm5sJg+1hYaIhX3+rB4eDhtjKNo0mT
aAHQdrJZeBnQY+vZ4nvu0uhbJ/hDIMRM5mUYnKwKYtXWAO/Mm9WMIGh0+/Ty8IW1
cDDlIGzlv1+NLgON+8xcaee9qzXJQjZabiZb65pVQADWM5Xp1AGWzZdFDx2L1T2e
uq+etS4YiK6A7XE4EZh1O5PR0WhWyj+7VfoCttMEK/yKWM7ZEsR186VKLG00jUYd
RyffOvryF3S9BrJPgtBrPmKPmJYlCS6kfbe5MxSAL7vx1XI4
-----END CERTIFICATE-----