Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/KTrwANLcxnWEYW-ek78rR33hKq0.roa
File:                     KTrwANLcxnWEYW-ek78rR33hKq0.roa (raw, json)
Hash identifier:          xejdCVJtlTmimSbniNPlRdOgxzhnub1fRr8Dm4yqRvo=
Subject key identifier:   29:3A:F0:00:D2:DC:C6:75:84:61:6F:9E:93:BF:2B:47:7D:E1:2A:AD
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94E29B0BCC831BC6C10C39BFEDE32
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/KTrwANLcxnWEYW-ek78rR33hKq0.roa
Signing time:             Mon 01 Jan 2024 20:31:22 +0000
ROA not before:           Mon 01 Jan 2024 20:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61102
IP address blocks:        2a03:f80:972::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4e:29:b0:bc:c8:31:bc:6c:10:c3:9b:fe:de:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=293af000d2dcc67584616f9e93bf2b477de12aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:04:fe:21:7d:57:7c:04:fa:a9:a6:d4:b2:05:
                    2b:82:98:4a:2d:5b:54:ed:60:be:69:87:e7:56:3f:
                    62:a1:34:9b:ae:a9:9a:b6:95:0c:5e:3d:a8:eb:df:
                    c3:bb:9c:c8:99:34:d0:2a:dd:5e:dd:fe:28:91:ba:
                    1b:9b:3f:da:df:36:55:eb:b2:a6:68:3f:21:3b:ba:
                    f5:03:64:fa:c9:8c:8e:10:cd:70:83:c5:05:fa:af:
                    1b:69:bf:99:8b:1d:6c:a5:12:ff:ac:5f:e8:48:b5:
                    fe:bc:41:16:f9:77:1a:70:17:16:33:35:e0:a6:a5:
                    66:e2:d1:2b:c2:f4:1a:76:17:4a:0f:74:15:82:b8:
                    0e:a3:12:a6:76:00:19:b8:d4:4e:55:63:c5:b3:5c:
                    c1:47:aa:98:37:e9:47:76:04:ca:23:78:57:76:a4:
                    17:f3:49:70:96:97:f9:6a:c8:61:16:f6:63:ff:a8:
                    34:31:61:98:49:d8:23:89:b0:67:77:eb:e3:bd:cc:
                    60:db:a0:b5:48:6b:67:38:37:84:90:ed:27:11:0a:
                    fc:6c:de:94:a6:fc:09:b4:a4:20:fc:cb:e0:5f:ba:
                    74:9f:64:1c:37:a3:fc:25:5a:21:db:da:5e:7a:d4:
                    2e:23:b4:9b:c8:4a:e1:1f:66:cb:ad:6e:8c:a1:06:
                    37:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3A:F0:00:D2:DC:C6:75:84:61:6F:9E:93:BF:2B:47:7D:E1:2A:AD
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/KTrwANLcxnWEYW-ek78rR33hKq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f80:972::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:89:15:57:28:6b:d8:52:35:3f:55:f0:01:3c:c0:e4:86:88:
         9d:ff:85:69:34:8f:e7:8d:32:d1:f8:8a:94:bb:49:fc:19:8b:
         d5:e1:d3:cc:ff:57:ea:b9:37:dd:e8:91:cb:30:d3:b4:0d:f0:
         61:b2:82:13:a8:7c:0c:79:2a:76:6b:bd:1d:58:21:84:fc:1f:
         4a:b6:98:28:65:57:f8:da:00:c0:a7:3e:11:67:0d:70:af:c9:
         34:60:ff:64:6e:7c:e2:63:32:0a:39:51:e0:15:61:c4:59:74:
         c4:97:83:d4:fa:12:d6:05:ee:fe:a0:f1:74:7d:aa:52:8b:7e:
         b6:5a:da:62:d4:33:d6:f3:09:99:7c:32:e4:95:89:9b:06:c0:
         93:64:16:37:20:e0:df:06:43:36:8e:c4:c0:fc:50:88:99:12:
         56:c8:68:06:ec:97:a9:e4:d9:a3:51:5e:9a:49:92:dd:15:3e:
         1c:36:2b:69:9a:39:13:8f:16:35:4a:89:0f:46:9d:20:2f:e0:
         fc:c6:f2:67:80:a5:b0:f0:09:2a:7b:eb:fd:c9:39:29:95:03:
         92:62:1c:45:4f:e0:b2:24:4a:61:68:bf:d8:d7:25:75:66:44:
         64:bf:03:00:70:06:ea:95:41:34:58:ce:ac:02:f7:da:25:f2:
         5c:4e:0d:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuU4psLzIMbxsEMOb/t4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNhZjAwMGQyZGNjNjc1ODQ2MTZmOWU5M2JmMmI0NzdkZTEyYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgT+IX1XfAT6qabUsgUrgphKLVtU
7WC+aYfnVj9ioTSbrqmatpUMXj2o69/Du5zImTTQKt1e3f4okbobmz/a3zZV67Km
aD8hO7r1A2T6yYyOEM1wg8UF+q8bab+Zix1spRL/rF/oSLX+vEEW+XcacBcWMzXg
pqVm4tErwvQadhdKD3QVgrgOoxKmdgAZuNROVWPFs1zBR6qYN+lHdgTKI3hXdqQX
80lwlpf5ashhFvZj/6g0MWGYSdgjibBnd+vjvcxg26C1SGtnODeEkO0nEQr8bN6U
pvwJtKQg/MvgX7p0n2QcN6P8JVoh29peetQuI7SbyErhH2bLrW6MoQY3HQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCk68ADS3MZ1hGFvnpO/K0d94SqtMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvS1Ryd0FOTGN4bldFWVctZWs3OHJSMzNoS3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPgAly
MA0GCSqGSIb3DQEBCwUAA4IBAQB9iRVXKGvYUjU/VfABPMDkhoid/4VpNI/njTLR
+IqUu0n8GYvV4dPM/1fquTfd6JHLMNO0DfBhsoITqHwMeSp2a70dWCGE/B9Ktpgo
ZVf42gDApz4RZw1wr8k0YP9kbnziYzIKOVHgFWHEWXTEl4PU+hLWBe7+oPF0fapS
i362Wtpi1DPW8wmZfDLklYmbBsCTZBY3IODfBkM2jsTA/FCImRJWyGgG7Jep5Nmj
UV6aSZLdFT4cNitpmjkTjxY1SokPRp0gL+D8xvJngKWw8Akqe+v9yTkplQOSYhxF
T+CyJEphaL/Y1yV1ZkRkvwMAcAbqlUE0WM6sAvfaJfJcTg0O
-----END CERTIFICATE-----