Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa
File:                     9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa (raw, json)
Hash identifier:          VH+23ZEyZD/zIeAjQCb1brr5cQuLUhCHdf4WE3EDIV0=
Subject key identifier:   F4:56:D8:52:DB:E1:4A:21:A7:C2:48:16:9C:F1:1E:F0:B0:5B:59:31
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94D2AFB0BB8B37AC6DA68A513D479
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59692
IP address blocks:        2a03:f86:3::/48 maxlen: 48
                          2a03:f86:2::/48 maxlen: 48
                          2a03:f86:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4d:2a:fb:0b:b8:b3:7a:c6:da:68:a5:13:d4:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f456d852dbe14a21a7c248169cf11ef0b05b5931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:31:82:86:0f:df:94:7d:e9:7b:5a:14:5b:01:
                    fc:74:cf:5c:e3:4f:63:c6:a9:e1:9a:c6:c5:06:12:
                    fd:b8:24:0d:08:82:c8:b0:0d:73:2a:c8:da:ba:e4:
                    f7:2c:cd:84:e8:75:05:61:f5:31:c4:8f:35:6c:7c:
                    55:a1:14:77:ba:f4:56:1b:86:87:46:92:ab:50:24:
                    dc:79:fd:c0:99:55:c1:16:3d:9d:8d:77:2c:ea:6d:
                    e3:2d:89:64:92:04:1f:29:62:38:a3:ce:69:f1:e6:
                    b7:cf:cc:7d:5e:f8:cb:a3:94:5e:af:08:b3:32:92:
                    6b:a2:99:ad:2c:ff:98:47:69:4a:c2:d3:d6:60:d2:
                    fe:dd:75:e0:ac:93:97:90:7d:a1:f4:28:2d:73:af:
                    ee:0c:65:c3:2d:08:b5:5d:a0:0b:01:3e:dd:ad:d6:
                    be:f9:48:da:c0:23:0b:53:c7:00:6d:62:32:8d:d3:
                    88:3d:3e:b9:e3:d5:a7:8b:25:73:29:88:e4:03:9f:
                    04:d1:fe:8f:a7:6a:78:ed:3c:8b:23:ab:36:f0:1c:
                    08:3e:60:e3:b5:04:0d:9d:13:33:0d:c9:55:bf:9e:
                    48:d1:ab:a0:44:12:65:28:26:4c:89:4b:dd:a8:bb:
                    57:5e:e3:a8:2d:f7:20:b5:27:85:15:8e:d1:f9:77:
                    f0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:56:D8:52:DB:E1:4A:21:A7:C2:48:16:9C:F1:1E:F0:B0:5B:59:31
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f86:2::-2a03:f86:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3f:b4:ea:f3:6c:0d:86:93:ac:5a:37:f5:f7:26:0a:de:d0:d7:
         a8:1e:18:9f:2c:a5:a2:24:66:d2:c8:de:b1:ad:16:58:bf:51:
         30:a0:36:05:05:2c:a4:43:33:bf:8a:6b:03:d0:31:c2:58:7b:
         be:e5:64:48:fa:18:0b:86:5e:e0:96:05:30:89:be:e3:bf:56:
         cd:29:41:9c:20:dc:eb:54:ed:44:a5:5d:a7:a5:f6:fd:dc:f9:
         57:d2:cb:2a:01:73:33:aa:4b:13:14:b3:73:07:c6:d2:2d:fe:
         a8:de:42:f6:6a:2e:77:93:4b:62:1c:68:12:bc:08:c4:47:52:
         df:cb:9a:03:44:f4:09:7f:c5:6a:93:15:7d:fb:b3:c4:22:1d:
         f2:05:a6:e0:bb:22:5f:2d:87:85:2d:ff:17:e9:39:f4:b0:bb:
         86:8e:71:d9:76:d0:63:59:80:28:0e:a4:67:1d:cc:6b:b5:3e:
         34:e1:7d:74:43:33:a7:21:4b:85:dd:4f:33:fc:3a:e8:72:4c:
         0b:1d:33:77:e6:2f:0a:f3:02:b7:dc:d6:86:50:d0:2b:dd:a7:
         a7:95:05:b4:6f:f1:d4:13:eb:7c:36:83:1d:35:22:1e:69:65:
         21:47:9a:7f:55:3b:f8:21:2d:bb:3a:32:e6:09:5e:58:7d:26:
         15:25:c6:9f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuU0q+wu4s3rG2milE9R5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU2ZDg1MmRiZTE0YTIxYTdjMjQ4MTY5Y2YxMWVmMGIwNWI1OTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzGChg/flH3pe1oUWwH8dM9c409j
xqnhmsbFBhL9uCQNCILIsA1zKsjauuT3LM2E6HUFYfUxxI81bHxVoRR3uvRWG4aH
RpKrUCTcef3AmVXBFj2djXcs6m3jLYlkkgQfKWI4o85p8ea3z8x9XvjLo5Rerwiz
MpJropmtLP+YR2lKwtPWYNL+3XXgrJOXkH2h9Cgtc6/uDGXDLQi1XaALAT7drda+
+UjawCMLU8cAbWIyjdOIPT6549WniyVzKYjkA58E0f6Pp2p47TyLI6s28BwIPmDj
tQQNnRMzDclVv55I0augRBJlKCZMiUvdqLtXXuOoLfcgtSeFFY7R+XfwjwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPRW2FLb4Uohp8JIFpzxHvCwW1kxMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvOUZiWVV0dmhTaUdud2tnV25QRWU4TEJiV1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwEqAw+G
AAIDBwAqAw+GAAQwDQYJKoZIhvcNAQELBQADggEBAD+06vNsDYaTrFo39fcmCt7Q
16geGJ8spaIkZtLI3rGtFli/UTCgNgUFLKRDM7+KawPQMcJYe77lZEj6GAuGXuCW
BTCJvuO/Vs0pQZwg3OtU7USlXael9v3c+VfSyyoBczOqSxMUs3MHxtIt/qjeQvZq
LneTS2IcaBK8CMRHUt/LmgNE9Al/xWqTFX37s8QiHfIFpuC7Il8th4Ut/xfpOfSw
u4aOcdl20GNZgCgOpGcdzGu1PjThfXRDM6chS4XdTzP8OuhyTAsdM3fmLwrzArfc
1oZQ0Cvdp6eVBbRv8dQT63w2gx01Ih5pZSFHmn9VO/ghLbs6MuYJXlh9JhUlxp8=
-----END CERTIFICATE-----