Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/DG4ridp-MWB2AA-npxQOwU7Y3as.roa
File:                     DG4ridp-MWB2AA-npxQOwU7Y3as.roa (raw, json)
Hash identifier:          i9PnLBqaxGRUUUYOZRAqlK2xnuJFwfWo91s+FnMrpSo=
Subject key identifier:   0C:6E:2B:89:DA:7E:31:60:76:00:0F:A7:A7:14:0E:C1:4E:D8:DD:AB
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCE3744F36E367C4C09CA85C3EB3EA
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/DG4ridp-MWB2AA-npxQOwU7Y3as.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59713
IP address blocks:        2a02:2698:3800::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e3:74:4f:36:e3:67:c4:c0:9c:a8:5c:3e:b3:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c6e2b89da7e316076000fa7a7140ec14ed8ddab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:bd:37:ad:01:b5:aa:2d:74:44:3e:70:70:c7:
                    34:c2:49:2f:f1:b7:2c:d5:28:48:42:9c:0f:81:23:
                    f0:71:2c:17:21:3f:a9:d8:fb:4a:b3:79:32:06:5b:
                    4e:2d:01:9d:ea:4d:c5:45:7c:1a:67:46:74:15:88:
                    17:19:5c:0e:60:bb:79:07:32:d6:66:5e:9f:c6:ee:
                    c7:46:27:9a:16:bb:a6:a4:80:61:86:33:e6:0e:54:
                    51:dc:b6:1c:98:b9:0e:68:6f:e1:a9:4f:ed:0b:26:
                    59:d5:d0:5b:16:c7:ac:70:95:51:0c:78:8c:2e:a5:
                    91:28:d4:7d:45:b0:5f:e4:99:13:ae:b3:60:bc:e0:
                    a0:96:fa:75:bf:03:41:55:ef:f3:d2:c9:4b:a0:ec:
                    a0:1b:ba:fd:48:86:d2:c7:20:e4:87:c8:83:b4:3e:
                    7f:b3:07:2c:da:fa:7f:36:d3:3f:cc:f1:0d:de:ba:
                    a7:81:ee:75:dc:79:c4:53:78:12:32:9b:b6:78:10:
                    34:9a:7c:da:11:12:80:21:67:b8:25:f7:c8:a1:f7:
                    66:6c:be:d4:85:71:ae:d8:cc:3d:3f:d1:ca:f2:e9:
                    17:76:6b:c1:0a:89:cf:1b:c9:24:1d:0b:e1:ce:5c:
                    e6:13:26:bc:5f:7d:bd:8b:4e:3f:f9:93:72:d1:12:
                    46:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:6E:2B:89:DA:7E:31:60:76:00:0F:A7:A7:14:0E:C1:4E:D8:DD:AB
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/DG4ridp-MWB2AA-npxQOwU7Y3as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:3800::/38

    Signature Algorithm: sha256WithRSAEncryption
         9e:67:d6:98:ba:5a:c5:5e:f3:91:67:aa:31:56:6f:76:01:cc:
         42:32:8e:22:1e:a3:d2:8e:67:cb:37:2d:0b:e4:07:38:9b:28:
         0c:b7:36:9e:10:8b:91:1e:83:3e:03:74:d2:77:f8:04:63:b5:
         c7:db:6d:8e:d6:d0:3f:9a:7c:74:35:09:48:d9:56:49:d7:1f:
         bf:a4:15:b2:16:c5:23:e2:78:31:0d:f8:d6:96:2d:6f:94:8e:
         29:0a:94:3d:3d:a7:0f:37:10:55:a0:2f:8e:a2:09:ae:18:39:
         8d:3a:b9:ad:ec:f6:99:33:ca:f1:f2:03:e3:13:b2:93:03:46:
         43:f5:79:43:1e:80:9c:4b:3a:e2:af:09:56:66:dd:89:4e:75:
         a8:06:1a:61:de:4a:12:a6:2d:30:2f:53:68:ae:b8:d7:33:36:
         21:02:ca:cc:3e:e3:8f:30:ad:d6:56:e9:59:8c:cd:42:3a:68:
         34:f2:af:cc:1a:c5:83:0b:c1:0d:d2:7b:4a:93:e0:c7:5a:56:
         9a:7d:aa:b7:5f:6b:be:7e:26:b8:0e:d7:b0:f9:91:49:2c:87:
         4b:95:8d:63:e9:0f:62:62:92:2b:a5:a2:0d:51:f5:98:72:80:
         3d:43:4a:bb:fc:55:c2:75:a6:82:36:c6:38:66:0f:37:28:d5:
         88:bc:4b:cf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvON0TzbjZ8TAnKhcPrPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzZlMmI4OWRhN2UzMTYwNzYwMDBmYTdhNzE0MGVjMTRlZDhkZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAib03rQG1qi10RD5wcMc0wkkv8bcs
1ShIQpwPgSPwcSwXIT+p2PtKs3kyBltOLQGd6k3FRXwaZ0Z0FYgXGVwOYLt5BzLW
Zl6fxu7HRieaFrumpIBhhjPmDlRR3LYcmLkOaG/hqU/tCyZZ1dBbFsescJVRDHiM
LqWRKNR9RbBf5JkTrrNgvOCglvp1vwNBVe/z0slLoOygG7r9SIbSxyDkh8iDtD5/
swcs2vp/NtM/zPEN3rqnge513HnEU3gSMpu2eBA0mnzaERKAIWe4JffIofdmbL7U
hXGu2Mw9P9HK8ukXdmvBConPG8kkHQvhzlzmEya8X329i04/+ZNy0RJGHQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAxuK4nafjFgdgAPp6cUDsFO2N2rMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvREc0cmlkcC1NV0IyQUEtbnB4UU93VTdZM2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmDgw
DQYJKoZIhvcNAQELBQADggEBAJ5n1pi6WsVe85FnqjFWb3YBzEIyjiIeo9KOZ8s3
LQvkBzibKAy3Np4Qi5Eegz4DdNJ3+ARjtcfbbY7W0D+afHQ1CUjZVknXH7+kFbIW
xSPieDEN+NaWLW+UjikKlD09pw83EFWgL46iCa4YOY06ua3s9pkzyvHyA+MTspMD
RkP1eUMegJxLOuKvCVZm3YlOdagGGmHeShKmLTAvU2iuuNczNiECysw+448wrdZW
6VmMzUI6aDTyr8waxYMLwQ3Se0qT4MdaVpp9qrdfa75+JrgO17D5kUksh0uVjWPp
D2Jikiulog1R9ZhygD1DSrv8VcJ1poI2xjhmDzco1Yi8S88=
-----END CERTIFICATE-----