Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/PD79CufWsAn3sQd4KY0rWG8tuw0.roa
File:                     PD79CufWsAn3sQd4KY0rWG8tuw0.roa (raw, json)
Hash identifier:          ydtWXsgHsS3B+Dkrf9mRdY4++Zk+7SXieOvRV/PlsfI=
Subject key identifier:   3C:3E:FD:0A:E7:D6:B0:09:F7:B1:07:78:29:8D:2B:58:6F:2D:BB:0D
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B948F474DA5394AEC9AED1CA3A7A0A
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/PD79CufWsAn3sQd4KY0rWG8tuw0.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34305
IP address blocks:        2a03:f85:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:48:f4:74:da:53:94:ae:c9:ae:d1:ca:3a:7a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c3efd0ae7d6b009f7b10778298d2b586f2dbb0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e1:fe:90:4b:8e:c0:ab:76:12:15:13:23:6b:
                    5a:12:94:db:5f:fe:c3:2a:ab:78:e6:36:ea:2e:72:
                    80:e5:62:8a:28:4e:e2:b3:72:6a:a6:ea:d8:02:29:
                    00:00:ca:68:fc:d1:b5:b5:0a:12:1b:f8:28:0f:f4:
                    15:ca:87:27:fb:df:ea:f6:36:1a:aa:49:0c:d6:b0:
                    71:c2:8e:e5:e2:cb:48:83:f0:42:e4:65:3d:53:dd:
                    5f:e3:90:29:ca:a0:38:65:ca:61:67:d6:03:5c:c4:
                    b9:1d:7d:29:4e:12:df:73:32:57:e4:bc:3a:5a:bc:
                    6d:00:51:1d:f6:67:19:0f:71:a2:0e:59:c2:1e:9d:
                    ab:53:53:bb:f4:6e:ee:13:3c:3a:94:6e:41:b2:48:
                    3c:36:7a:8b:26:ad:e8:23:b3:c0:8c:c1:66:26:93:
                    0e:64:85:da:66:0b:13:9a:25:1b:9d:7a:1c:69:72:
                    76:77:8e:ca:dc:c0:0c:43:cc:e2:50:5b:90:4a:69:
                    a5:19:ae:58:6e:1e:f4:e0:3c:b4:7e:c4:91:23:15:
                    40:3e:1c:54:04:46:0d:34:df:d6:2e:11:da:ca:3d:
                    14:16:4a:16:b2:a1:34:a0:ea:ce:cd:98:52:bf:e2:
                    67:f0:36:96:0f:0f:f6:e7:d3:85:bc:f9:80:71:61:
                    37:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:3E:FD:0A:E7:D6:B0:09:F7:B1:07:78:29:8D:2B:58:6F:2D:BB:0D
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/PD79CufWsAn3sQd4KY0rWG8tuw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:4e:39:01:57:b3:d7:df:4d:61:5b:cf:bf:03:29:de:b9:9b:
         08:6f:4a:04:7a:b5:eb:e2:2b:fd:14:b4:b2:67:b1:46:7c:c6:
         3d:db:6e:25:7a:ac:27:3f:01:6f:c9:80:f4:ac:f6:ac:f4:93:
         5d:d3:b4:de:97:b7:7b:63:e6:60:00:50:d5:c8:a0:6e:f0:f3:
         71:c4:f9:cb:cd:d7:d3:f9:6a:c5:e0:7c:18:df:3e:fb:24:3f:
         a7:61:92:ae:ab:e6:7c:5d:e6:14:92:18:da:3d:60:69:2c:df:
         7a:82:da:e7:3c:2d:15:c0:2e:e7:13:6f:23:83:30:dc:78:bd:
         2b:64:15:38:04:4a:64:db:23:35:bc:26:c7:64:81:f0:69:4b:
         f0:d8:3d:8d:6f:42:fa:70:93:94:c4:91:9d:36:f2:28:9d:50:
         e6:fb:df:86:c3:f6:4a:b2:72:8b:5c:38:49:66:41:89:90:3b:
         de:bd:ac:c9:8a:f4:f6:0c:88:7d:44:7c:60:78:19:03:48:7e:
         df:8b:f1:5f:c1:97:b5:78:8f:f2:5d:34:e4:57:59:81:fe:27:
         ba:cc:1b:ae:1d:f9:1d:ba:6e:f8:a1:86:84:3e:39:56:97:a0:
         c9:c0:2a:e8:67:93:ae:2d:94:86:34:d2:3b:70:7d:96:24:06:
         21:7d:74:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuUj0dNpTlK7JrtHKOnoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzNlZmQwYWU3ZDZiMDA5ZjdiMTA3NzgyOThkMmI1ODZmMmRiYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOH+kEuOwKt2EhUTI2taEpTbX/7D
Kqt45jbqLnKA5WKKKE7is3JqpurYAikAAMpo/NG1tQoSG/goD/QVyocn+9/q9jYa
qkkM1rBxwo7l4stIg/BC5GU9U91f45ApyqA4ZcphZ9YDXMS5HX0pThLfczJX5Lw6
WrxtAFEd9mcZD3GiDlnCHp2rU1O79G7uEzw6lG5Bskg8NnqLJq3oI7PAjMFmJpMO
ZIXaZgsTmiUbnXocaXJ2d47K3MAMQ8ziUFuQSmmlGa5Ybh704Dy0fsSRIxVAPhxU
BEYNNN/WLhHayj0UFkoWsqE0oOrOzZhSv+Jn8DaWDw/259OFvPmAcWE3jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDw+/Qrn1rAJ97EHeCmNK1hvLbsNMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvUEQ3OUN1ZldzQW4zc1FkNEtZMHJXRzh0dXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBFTjkBV7PX301hW8+/AyneuZsIb0oEerXr4iv9
FLSyZ7FGfMY9224leqwnPwFvyYD0rPas9JNd07Tel7d7Y+ZgAFDVyKBu8PNxxPnL
zdfT+WrF4HwY3z77JD+nYZKuq+Z8XeYUkhjaPWBpLN96gtrnPC0VwC7nE28jgzDc
eL0rZBU4BEpk2yM1vCbHZIHwaUvw2D2Nb0L6cJOUxJGdNvIonVDm+9+Gw/ZKsnKL
XDhJZkGJkDvevazJivT2DIh9RHxgeBkDSH7fi/FfwZe1eI/yXTTkV1mB/ie6zBuu
Hfkdum74oYaEPjlWl6DJwCroZ5OuLZSGNNI7cH2WJAYhfXRX
-----END CERTIFICATE-----