Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/P4weekf1aKUcnkp8fHX-k_Gt_sI.roa
File:                     P4weekf1aKUcnkp8fHX-k_Gt_sI.roa (raw, json)
Hash identifier:          fIq9ZB4SDhzeK0PefN08AJbeELON7JjrHLasilYncFM=
Subject key identifier:   3F:8C:1E:7A:47:F5:68:A5:1C:9E:4A:7C:7C:75:FE:93:F1:AD:FE:C2
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94D6C855F60ADD7D486817FAFF171
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/P4weekf1aKUcnkp8fHX-k_Gt_sI.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60729
IP address blocks:        2a03:f85:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 05:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4d:6c:85:5f:60:ad:d7:d4:86:81:7f:af:f1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8c1e7a47f568a51c9e4a7c7c75fe93f1adfec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:3d:ff:4c:5c:b3:e0:07:e4:eb:eb:37:0f:
                    17:4d:25:d0:e7:56:8b:f3:6c:4b:a0:61:22:8f:a3:
                    68:09:5d:14:b5:a1:70:44:23:13:53:96:d8:35:6d:
                    e4:a6:4c:e0:f4:ed:b4:d5:32:18:32:82:81:78:e5:
                    b5:f9:87:82:a3:27:58:e1:b3:6d:3c:f1:a9:fe:38:
                    e6:7a:77:2d:25:79:66:df:d4:a6:a9:02:7c:aa:42:
                    7b:f9:c2:d5:b8:f0:fb:fe:50:1b:2b:fc:69:da:75:
                    51:06:28:00:66:77:c1:b1:1b:05:ff:50:71:c7:6d:
                    e9:c2:45:ec:df:ae:1f:df:09:2b:79:93:6d:ce:b0:
                    78:f3:89:1c:c0:a5:cc:14:77:80:e5:ba:76:c3:6c:
                    dc:40:d4:e6:5b:d0:a2:4e:0d:2f:3c:9c:a9:0c:e3:
                    da:af:85:f4:82:7b:d2:57:f5:a3:bf:99:9f:14:29:
                    3c:4c:fc:b5:9f:9d:33:a0:05:d4:fa:c4:bb:88:d6:
                    fd:da:75:0c:64:19:5f:9b:01:be:c5:aa:46:65:1f:
                    ac:9f:ae:d0:cd:16:90:58:b5:53:1c:b6:14:40:65:
                    2d:4c:f8:51:e5:a6:e9:d2:ad:be:cf:e7:6a:a6:16:
                    01:1c:b6:04:35:38:cd:ea:93:1c:20:d2:25:8e:bc:
                    9e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8C:1E:7A:47:F5:68:A5:1C:9E:4A:7C:7C:75:FE:93:F1:AD:FE:C2
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/P4weekf1aKUcnkp8fHX-k_Gt_sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:c4:e4:ab:c7:cd:75:53:d3:73:3f:ba:a3:77:27:0d:a2:c9:
         99:5a:81:55:bd:44:22:c8:8f:d5:17:1e:98:0d:19:18:8d:3a:
         fb:e8:ae:ae:68:22:88:7f:05:f4:7f:8a:d9:f8:65:d7:5d:80:
         87:73:33:ad:3f:db:8f:5b:f9:8c:8a:bd:dd:f0:53:f4:21:49:
         77:a3:40:84:08:cc:9e:58:fc:04:1f:6a:1d:fc:db:10:ee:66:
         62:fc:8d:a1:e4:26:be:ac:ee:ca:82:0c:18:3e:5a:23:e2:47:
         6d:3d:d2:00:f2:0f:3a:0c:f2:be:74:3c:9c:58:b3:82:3c:72:
         84:95:f0:c0:61:55:12:6c:7d:17:16:0e:5c:c0:7c:74:ad:8c:
         f4:7a:ca:82:17:25:c1:f2:ac:8c:12:92:d9:eb:cc:f5:94:a4:
         e4:64:98:c8:1a:d2:cc:57:56:9b:db:b2:78:ff:05:d4:d1:cd:
         d0:46:77:d9:2a:58:4e:25:88:b8:54:70:fa:59:69:2f:65:bc:
         7a:81:86:87:40:57:39:45:34:3a:90:d7:25:b2:35:29:27:a4:
         82:16:64:9f:77:82:48:4a:04:44:46:43:f2:23:1c:b3:6b:db:
         7d:61:ad:2a:7a:f8:4a:b9:ab:19:04:22:24:32:dc:82:48:4c:
         7d:d5:b4:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuU1shV9grdfUhoF/r/FxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhjMWU3YTQ3ZjU2OGE1MWM5ZTRhN2M3Yzc1ZmU5M2YxYWRmZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA89/0xcs+AH5OvrNw8XTSXQ51aL
82xLoGEij6NoCV0UtaFwRCMTU5bYNW3kpkzg9O201TIYMoKBeOW1+YeCoydY4bNt
PPGp/jjmenctJXlm39SmqQJ8qkJ7+cLVuPD7/lAbK/xp2nVRBigAZnfBsRsF/1Bx
x23pwkXs364f3wkreZNtzrB484kcwKXMFHeA5bp2w2zcQNTmW9CiTg0vPJypDOPa
r4X0gnvSV/Wjv5mfFCk8TPy1n50zoAXU+sS7iNb92nUMZBlfmwG+xapGZR+sn67Q
zRaQWLVTHLYUQGUtTPhR5abp0q2+z+dqphYBHLYENTjN6pMcINIljryeSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD+MHnpH9WilHJ5KfHx1/pPxrf7CMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvUDR3ZWVrZjFhS1VjbmtwOGZIWC1rX0d0X3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBexOSrx811U9NzP7qjdycNosmZWoFVvUQiyI/V
Fx6YDRkYjTr76K6uaCKIfwX0f4rZ+GXXXYCHczOtP9uPW/mMir3d8FP0IUl3o0CE
CMyeWPwEH2od/NsQ7mZi/I2h5Ca+rO7KggwYPloj4kdtPdIA8g86DPK+dDycWLOC
PHKElfDAYVUSbH0XFg5cwHx0rYz0esqCFyXB8qyMEpLZ68z1lKTkZJjIGtLMV1ab
27J4/wXU0c3QRnfZKlhOJYi4VHD6WWkvZbx6gYaHQFc5RTQ6kNclsjUpJ6SCFmSf
d4JISgRERkPyIxyza9t9Ya0qevhKuasZBCIkMtyCSEx91bS3
-----END CERTIFICATE-----