Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/09af2b-64f7-4c1d-abd4-d07464b9b378/1/MH3IVjwW7SJt9MAT4KzPRF7K5MA.roa
File:                     MH3IVjwW7SJt9MAT4KzPRF7K5MA.roa (raw, json)
Hash identifier:          Ht41CZWI8DsICxCLRKyd0Jdy1jxlkb+PLfG0wpfzudw=
Subject key identifier:   30:7D:C8:56:3C:16:ED:22:6D:F4:C0:13:E0:AC:CF:44:5E:CA:E4:C0
Certificate issuer:       /CN=fc13f7fa237f89d011233bac7328c2219ba7d62c
Certificate serial:       018CC5013E8082719878F20E401A05F5D332
Authority key identifier: FC:13:F7:FA:23:7F:89:D0:11:23:3B:AC:73:28:C2:21:9B:A7:D6:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_BP3-iN_idARIzuscyjCIZun1iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/09af2b-64f7-4c1d-abd4-d07464b9b378/1/MH3IVjwW7SJt9MAT4KzPRF7K5MA.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5401
IP address blocks:        2001:1440:201::/48 maxlen: 48
                          2001:1440:202::/48 maxlen: 48
                          2001:1440:202::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/09af2b-64f7-4c1d-abd4-d07464b9b378/1/_BP3-iN_idARIzuscyjCIZun1iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/09af2b-64f7-4c1d-abd4-d07464b9b378/1/_BP3-iN_idARIzuscyjCIZun1iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_BP3-iN_idARIzuscyjCIZun1iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3e:80:82:71:98:78:f2:0e:40:1a:05:f5:d3:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc13f7fa237f89d011233bac7328c2219ba7d62c
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=307dc8563c16ed226df4c013e0accf445ecae4c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:89:3d:17:ee:a9:82:37:34:b6:69:e4:6b:56:
                    36:70:44:9e:4e:fa:2e:c0:76:11:f4:fd:59:21:fe:
                    89:22:16:01:5a:bb:72:2a:82:c6:d7:7d:0c:ea:02:
                    9f:66:23:b5:2d:84:6a:32:6e:b5:5d:b9:02:44:58:
                    fa:b1:88:5a:fd:95:a9:92:fd:e9:b7:6b:fa:de:9f:
                    f2:43:d2:50:33:b5:a2:6e:ba:c9:ea:a0:66:10:92:
                    d5:b7:7a:e1:5c:f6:09:b8:62:8e:12:b7:47:d9:de:
                    fc:fa:28:bb:67:30:24:a0:94:c6:86:6c:7e:e4:8b:
                    42:b9:23:c8:58:c2:86:8a:48:81:2d:64:cc:6d:ee:
                    1c:67:01:46:50:55:ba:7e:86:fb:a7:c9:dd:b9:09:
                    c7:ea:61:bd:c0:9f:e9:80:72:c8:1f:16:c9:58:35:
                    5c:b2:df:36:04:db:a7:6d:05:94:50:13:4d:35:0c:
                    df:5c:d1:73:ff:0d:a1:53:e0:4c:cd:94:9c:5f:f2:
                    09:5c:4a:4f:4d:0e:11:76:0b:bb:b4:99:1e:6f:cc:
                    4e:8f:9e:d3:43:a5:35:5e:86:46:7f:34:7d:73:99:
                    7c:f4:f4:e3:9c:cc:fe:42:a6:a4:bb:2f:cc:86:04:
                    d6:ed:8e:83:51:6b:bb:5e:74:e6:55:72:95:b7:49:
                    ec:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:7D:C8:56:3C:16:ED:22:6D:F4:C0:13:E0:AC:CF:44:5E:CA:E4:C0
            X509v3 Authority Key Identifier:
                keyid:FC:13:F7:FA:23:7F:89:D0:11:23:3B:AC:73:28:C2:21:9B:A7:D6:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_BP3-iN_idARIzuscyjCIZun1iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/09af2b-64f7-4c1d-abd4-d07464b9b378/1/MH3IVjwW7SJt9MAT4KzPRF7K5MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/09af2b-64f7-4c1d-abd4-d07464b9b378/1/_BP3-iN_idARIzuscyjCIZun1iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1440:201::-2001:1440:203:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         18:7c:7b:4d:fa:aa:9d:21:14:18:35:b3:72:2b:8c:57:7f:78:
         fb:98:c4:c1:1d:0e:11:4d:18:64:9e:a0:83:08:c1:6a:f0:00:
         b8:d9:52:7f:2a:85:e4:40:6a:23:21:ec:42:af:83:6e:d3:06:
         56:b7:a5:eb:a7:94:b6:c3:33:82:eb:0f:84:67:a4:e6:a5:e0:
         52:83:07:e5:57:5d:3b:35:67:04:24:1d:1a:1d:7a:f2:08:4a:
         38:6f:fb:99:2d:ef:ae:a7:4e:21:cb:26:d8:1a:8d:08:c9:b9:
         6e:77:c7:f1:14:9f:9c:8b:14:75:e9:38:af:ad:6c:37:4a:a9:
         45:9d:0a:4f:f8:23:a9:d3:59:00:23:44:b6:9e:f3:ca:ad:08:
         0c:7d:a9:17:1b:57:ce:4f:ca:c7:8c:1d:4b:bb:ca:40:df:6d:
         19:0d:66:2c:58:43:50:8f:20:97:be:cb:b7:03:70:4f:c3:4b:
         f9:64:c3:75:4c:d8:7f:68:95:75:cc:2c:eb:b4:1f:ce:3b:b6:
         5e:ce:43:5c:fe:43:1c:cb:f0:2a:de:b7:eb:96:d0:98:f6:26:
         23:fd:a9:44:a1:64:1f:49:e1:8f:4c:4c:8a:8c:b5:38:6c:d1:
         83:f3:7f:f7:65:ac:d8:5c:e2:2d:50:b9:ed:a6:e9:75:bf:fd:
         0a:39:c6:33
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFAT6AgnGYePIOQBoF9dMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTNmN2ZhMjM3Zjg5ZDAxMTIzM2JhYzczMjhjMjIxOWJh
N2Q2MmMwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDdkYzg1NjNjMTZlZDIyNmRmNGMwMTNlMGFjY2Y0NDVlY2FlNGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYk9F+6pgjc0tmnka1Y2cESeTvou
wHYR9P1ZIf6JIhYBWrtyKoLG130M6gKfZiO1LYRqMm61XbkCRFj6sYha/ZWpkv3p
t2v63p/yQ9JQM7WibrrJ6qBmEJLVt3rhXPYJuGKOErdH2d78+ii7ZzAkoJTGhmx+
5ItCuSPIWMKGikiBLWTMbe4cZwFGUFW6fob7p8nduQnH6mG9wJ/pgHLIHxbJWDVc
st82BNunbQWUUBNNNQzfXNFz/w2hU+BMzZScX/IJXEpPTQ4Rdgu7tJkeb8xOj57T
Q6U1XoZGfzR9c5l89PTjnMz+Qqakuy/MhgTW7Y6DUWu7XnTmVXKVt0ns4wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDB9yFY8Fu0ibfTAE+Csz0ReyuTAMB8GA1UdIwQY
MBaAFPwT9/ojf4nQESM7rHMowiGbp9YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JQMy1pTl9pZEFSSXp1c2N5akNJWnVuMWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wOWFmMmItNjRmNy00YzFkLWFiZDQt
ZDA3NDY0YjliMzc4LzEvTUgzSVZqd1c3U0p0OU1BVDRLelBSRjdLNU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wOWFmMmItNjRmNy00YzFkLWFiZDQtZDA3NDY0YjliMzc4
LzEvX0JQMy1pTl9pZEFSSXp1c2N5akNJWnVuMWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAgARRA
AgEDBwIgARRAAgAwDQYJKoZIhvcNAQELBQADggEBABh8e036qp0hFBg1s3IrjFd/
ePuYxMEdDhFNGGSeoIMIwWrwALjZUn8qheRAaiMh7EKvg27TBla3peunlLbDM4Lr
D4RnpOal4FKDB+VXXTs1ZwQkHRodevIISjhv+5kt766nTiHLJtgajQjJuW53x/EU
n5yLFHXpOK+tbDdKqUWdCk/4I6nTWQAjRLae88qtCAx9qRcbV85PyseMHUu7ykDf
bRkNZixYQ1CPIJe+y7cDcE/DS/lkw3VM2H9olXXMLOu0H847tl7OQ1z+QxzL8Cre
t+uW0Jj2JiP9qUShZB9J4Y9MTIqMtThs0YPzf/dlrNhc4i1Que2m6XW//Qo5xjM=
-----END CERTIFICATE-----