Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FdcDF9-EEjKKMXTPuEcgAmNf1LM.roa
File:                     FdcDF9-EEjKKMXTPuEcgAmNf1LM.roa (raw, json)
Hash identifier:          vGZWrjVXF37dF/6VN1JYRKT7kHJq1JroswDNbXD6Qjc=
Subject key identifier:   15:D7:03:17:DF:84:12:32:8A:31:74:CF:B8:47:20:02:63:5F:D4:B3
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018E7723E6FE2CD61BE38AEB73F4C5572AE7
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FdcDF9-EEjKKMXTPuEcgAmNf1LM.roa
Signing time:             Mon 25 Mar 2024 19:43:45 +0000
ROA not before:           Mon 25 Mar 2024 19:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200709
IP address blocks:        2a02:610:fffa::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:77:23:e6:fe:2c:d6:1b:e3:8a:eb:73:f4:c5:57:2a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar 25 19:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15d70317df8412328a3174cfb8472002635fd4b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3a:9e:4a:07:9f:ff:bd:23:56:fe:7b:96:0f:
                    13:fa:0e:88:dc:7f:71:e7:76:59:d7:5c:52:3a:77:
                    a3:83:a3:8c:c5:64:23:03:a3:cb:4e:1b:71:ec:26:
                    42:d6:74:a9:14:be:30:65:12:0d:29:d4:50:e8:a6:
                    34:f1:35:fc:22:a3:1a:6a:79:59:bd:2d:d6:c3:d8:
                    67:9f:19:5e:db:61:f6:7d:5d:83:e9:24:27:54:fe:
                    17:dd:5b:5f:e7:0c:05:aa:a2:a5:c9:a2:43:d9:d0:
                    31:e5:86:fd:a2:03:55:5e:d8:1b:70:fc:15:a7:a6:
                    e8:85:d8:06:46:99:4a:d5:1f:65:bb:2f:a5:8d:78:
                    1f:35:27:58:de:62:6a:32:8e:66:f1:bb:0f:fb:3f:
                    c4:0c:e8:f6:73:f8:82:89:5a:d1:ff:8b:f7:51:34:
                    ff:47:dc:28:3e:44:0e:ec:50:a8:3d:af:c5:70:a2:
                    23:ac:34:8e:76:e4:8e:77:8c:5f:9c:af:06:b6:11:
                    85:21:ad:5e:9e:2f:9d:b8:85:17:81:e8:67:42:07:
                    22:15:77:d8:28:2b:d3:a6:fb:24:f7:52:2e:79:11:
                    d2:30:aa:82:03:a5:f6:ad:56:78:98:d9:d1:89:3a:
                    d5:9f:59:d8:50:e1:4d:e0:26:f0:b7:e1:0e:85:da:
                    4b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:D7:03:17:DF:84:12:32:8A:31:74:CF:B8:47:20:02:63:5F:D4:B3
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FdcDF9-EEjKKMXTPuEcgAmNf1LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:610:fffa::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:94:c2:84:6e:f3:f0:95:74:3b:2b:fa:7e:ac:e9:7d:4d:69:
         4a:85:c6:a2:12:f0:a5:73:a6:43:1a:9e:41:77:28:21:15:1e:
         f8:fc:44:bd:d2:08:97:9f:ff:88:b3:08:e1:ad:6c:2f:e1:80:
         8b:48:03:9d:54:41:f5:2f:95:60:2f:b2:eb:f7:40:3f:a0:dd:
         c9:22:49:57:50:74:64:14:44:1a:26:87:44:da:f6:b7:f6:86:
         28:10:5d:70:e3:1e:d6:93:6e:b9:bb:4f:07:db:a8:b5:91:3a:
         17:ba:5d:d2:c8:b9:0c:1e:4c:0b:2b:25:9a:e1:86:50:e8:95:
         b6:cb:c1:ce:7a:ac:d3:57:9a:91:7f:77:b8:b6:18:99:72:36:
         8f:04:04:b6:8e:86:c2:3d:91:f0:18:c7:6f:13:d6:f9:01:cb:
         2f:78:1c:dd:c3:34:ea:49:7e:ba:45:c9:ed:4c:66:a6:24:0c:
         77:9a:9b:a2:34:6f:99:9b:8b:c5:92:4d:ec:a1:e1:05:d3:0a:
         6c:73:e0:cb:c7:bd:07:60:21:1e:94:eb:77:88:51:f0:89:2f:
         4e:85:63:d1:31:8b:0d:e3:27:13:eb:0d:00:7d:f1:89:2f:ad:
         7d:a9:b1:55:6d:44:97:ae:e8:64:5c:e7:be:59:2a:33:c4:96:
         d4:55:b7:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY53I+b+LNYb44rrc/TFVyrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMzI1MTk0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWQ3MDMxN2RmODQxMjMyOGEzMTc0Y2ZiODQ3MjAwMjYzNWZkNGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTqeSgef/70jVv57lg8T+g6I3H9x
53ZZ11xSOnejg6OMxWQjA6PLThtx7CZC1nSpFL4wZRINKdRQ6KY08TX8IqMaanlZ
vS3Ww9hnnxle22H2fV2D6SQnVP4X3Vtf5wwFqqKlyaJD2dAx5Yb9ogNVXtgbcPwV
p6bohdgGRplK1R9luy+ljXgfNSdY3mJqMo5m8bsP+z/EDOj2c/iCiVrR/4v3UTT/
R9woPkQO7FCoPa/FcKIjrDSOduSOd4xfnK8GthGFIa1eni+duIUXgehnQgciFXfY
KCvTpvsk91IueRHSMKqCA6X2rVZ4mNnRiTrVn1nYUOFN4Cbwt+EOhdpLUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBXXAxffhBIyijF0z7hHIAJjX9SzMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvRmRjREY5LUVFaktLTVhUUHVFY2dBbU5mMUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIGEP/6
MA0GCSqGSIb3DQEBCwUAA4IBAQColMKEbvPwlXQ7K/p+rOl9TWlKhcaiEvClc6ZD
Gp5BdyghFR74/ES90giXn/+IswjhrWwv4YCLSAOdVEH1L5VgL7Lr90A/oN3JIklX
UHRkFEQaJodE2va39oYoEF1w4x7Wk265u08H26i1kToXul3SyLkMHkwLKyWa4YZQ
6JW2y8HOeqzTV5qRf3e4thiZcjaPBAS2jobCPZHwGMdvE9b5AcsveBzdwzTqSX66
RcntTGamJAx3mpuiNG+Zm4vFkk3soeEF0wpsc+DLx70HYCEelOt3iFHwiS9OhWPR
MYsN4ycT6w0AffGJL619qbFVbUSXruhkXOe+WSozxJbUVbfM
-----END CERTIFICATE-----