Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Sef28NKppSJav9L25T-eCc8LWHg.roa
File:                     Sef28NKppSJav9L25T-eCc8LWHg.roa (raw, json)
Hash identifier:          eVRNJvOmTnXMBrADlfqwv9vwpSUzjLsPa4lc8cWhfu0=
Subject key identifier:   49:E7:F6:F0:D2:A9:A5:22:5A:BF:D2:F6:E5:3F:9E:09:CF:0B:58:78
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94ED56665BB9D47A7369E5B7B62B6
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Sef28NKppSJav9L25T-eCc8LWHg.roa
Signing time:             Mon 01 Jan 2024 20:31:22 +0000
ROA not before:           Mon 01 Jan 2024 20:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196689
IP address blocks:        2a03:f85:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4e:d5:66:65:bb:9d:47:a7:36:9e:5b:7b:62:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49e7f6f0d2a9a5225abfd2f6e53f9e09cf0b5878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e8:1b:fb:f0:22:62:13:45:15:fe:81:c0:74:
                    a2:68:53:0a:6b:f7:28:10:90:24:0e:da:41:1e:24:
                    4b:a3:d0:70:5f:bb:f8:f6:5b:f2:c1:91:b7:41:ed:
                    e8:3c:ad:ca:90:b7:fe:e9:a5:d8:21:f6:4d:87:c1:
                    22:f5:0e:b3:ce:e0:f8:88:5a:cf:0e:3e:52:e2:3a:
                    76:5a:8f:8f:8b:03:8f:80:d1:9b:76:7e:5e:ab:6a:
                    04:0e:be:7b:04:9f:8f:e5:9b:03:bb:92:b4:64:dd:
                    00:46:1c:46:c0:8f:6f:01:84:f9:d0:e0:60:0c:0a:
                    cd:da:d8:9e:83:97:40:3e:50:0d:6c:24:30:99:ec:
                    3e:20:ca:f1:59:34:07:91:ae:14:f8:18:ab:bd:6a:
                    1e:d8:ab:65:74:42:cf:5d:52:50:cc:5a:d2:98:e2:
                    01:1a:39:c2:60:4b:64:57:90:9c:48:46:6f:df:d0:
                    11:cc:3a:dc:67:69:e8:c9:c0:67:26:9a:19:e1:3d:
                    74:a8:94:9a:43:c1:6b:fe:44:9a:d8:bf:c2:8b:69:
                    46:8c:fb:33:91:40:00:4e:81:35:75:0d:4b:20:cd:
                    8e:f8:6b:25:4f:6f:d1:26:38:26:55:31:b8:84:b6:
                    66:7c:56:6d:38:7d:31:a6:68:1d:88:80:46:a6:de:
                    43:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:E7:F6:F0:D2:A9:A5:22:5A:BF:D2:F6:E5:3F:9E:09:CF:0B:58:78
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Sef28NKppSJav9L25T-eCc8LWHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:9b:8d:78:bf:9a:c6:c0:09:4e:93:99:33:c5:64:b1:a7:72:
         2d:b8:57:2b:de:40:4e:82:11:f9:58:c5:bc:8a:72:34:2f:6b:
         c8:92:4f:e6:e0:64:ac:ac:fa:2f:f2:5e:16:e8:c4:a8:ad:9c:
         bf:af:ce:ca:77:5b:5f:4c:f2:5b:b1:15:13:a2:36:d7:b9:e5:
         5f:a0:a3:1a:bb:75:8d:cc:1c:52:bf:b0:c9:98:26:1b:16:39:
         cc:71:bd:fb:01:a3:12:31:c5:3b:91:e6:91:4f:4d:42:b0:db:
         e8:d2:aa:36:20:17:4f:59:47:a8:e9:ba:ba:78:6e:1a:61:7d:
         df:20:05:a5:c8:19:8a:bf:67:d1:a2:ef:68:db:2b:19:f5:82:
         96:82:47:28:2b:ea:46:1e:1d:36:5b:04:ad:35:15:56:46:92:
         79:92:ea:13:7e:2f:e4:c7:04:b6:4c:0e:f1:f0:d6:be:1e:b2:
         ea:eb:0a:e8:6e:97:de:9b:ad:e5:ca:f9:63:cc:71:d4:f7:8a:
         12:7d:c2:18:1d:26:c0:7c:c8:b4:c3:84:8e:93:9d:54:58:ff:
         3a:90:b3:bb:9a:c4:ec:15:54:07:2d:c7:38:5e:93:95:52:10:
         24:d4:4e:ef:0f:30:7a:d1:08:34:fb:a6:c6:6b:1b:73:13:8e:
         41:e7:4e:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuU7VZmW7nUenNp5be2K2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWU3ZjZmMGQyYTlhNTIyNWFiZmQyZjZlNTNmOWUwOWNmMGI1ODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgegb+/AiYhNFFf6BwHSiaFMKa/co
EJAkDtpBHiRLo9BwX7v49lvywZG3Qe3oPK3KkLf+6aXYIfZNh8Ei9Q6zzuD4iFrP
Dj5S4jp2Wo+PiwOPgNGbdn5eq2oEDr57BJ+P5ZsDu5K0ZN0ARhxGwI9vAYT50OBg
DArN2tieg5dAPlANbCQwmew+IMrxWTQHka4U+BirvWoe2KtldELPXVJQzFrSmOIB
GjnCYEtkV5CcSEZv39ARzDrcZ2noycBnJpoZ4T10qJSaQ8Fr/kSa2L/Ci2lGjPsz
kUAAToE1dQ1LIM2O+GslT2/RJjgmVTG4hLZmfFZtOH0xpmgdiIBGpt5DjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEnn9vDSqaUiWr/S9uU/ngnPC1h4MB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvU2VmMjhOS3BwU0phdjlMMjVULWVDYzhMV0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBMm414v5rGwAlOk5kzxWSxp3ItuFcr3kBOghH5
WMW8inI0L2vIkk/m4GSsrPov8l4W6MSorZy/r87Kd1tfTPJbsRUTojbXueVfoKMa
u3WNzBxSv7DJmCYbFjnMcb37AaMSMcU7keaRT01CsNvo0qo2IBdPWUeo6bq6eG4a
YX3fIAWlyBmKv2fRou9o2ysZ9YKWgkcoK+pGHh02WwStNRVWRpJ5kuoTfi/kxwS2
TA7x8Na+HrLq6wrobpfem63lyvljzHHU94oSfcIYHSbAfMi0w4SOk51UWP86kLO7
msTsFVQHLcc4XpOVUhAk1E7vDzB60Qg0+6bGaxtzE45B507Q
-----END CERTIFICATE-----