Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Dv0hh37M2hm4arOUOQNcVTTXj0s.roa
File:                     Dv0hh37M2hm4arOUOQNcVTTXj0s.roa (raw, json)
Hash identifier:          UiOSeWwtqPmBU1nd1teVdEncT7dGj8RSi/WUkeS47I4=
Subject key identifier:   0E:FD:21:87:7E:CC:DA:19:B8:6A:B3:94:39:03:5C:55:34:D7:8F:4B
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD7C2022551530D191BA44D194B43
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Dv0hh37M2hm4arOUOQNcVTTXj0s.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43478
IP address blocks:        2a02:2698:5000::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d7:c2:02:25:51:53:0d:19:1b:a4:4d:19:4b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0efd21877eccda19b86ab39439035c5534d78f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6b:97:95:2b:ca:44:02:71:53:e3:43:e7:1b:
                    c0:1e:8b:04:c7:23:99:a1:fe:8d:1b:f1:b5:c3:16:
                    21:24:b3:7c:4c:3f:8e:ef:dc:62:3c:e6:89:ef:af:
                    70:05:0e:c6:9e:fa:b9:e8:73:62:dd:f1:30:46:5b:
                    94:6e:41:68:d0:39:d3:05:e9:e5:10:0e:2d:d8:2f:
                    87:9c:cb:41:9a:a4:8d:78:84:05:c0:c9:18:fe:34:
                    ac:01:b8:0d:b0:a7:4f:7d:bb:b5:fd:4e:05:fa:e4:
                    ef:5c:b1:8c:26:17:af:f5:a7:93:ac:38:19:22:e3:
                    49:66:e8:c4:7a:b9:5e:f8:4a:5c:0c:6f:8e:ff:ff:
                    71:43:97:31:ed:31:e0:03:7f:ce:73:45:01:6f:4c:
                    36:c0:20:5e:5a:2b:11:eb:bf:8a:05:17:29:d5:45:
                    ed:34:2f:70:cf:6a:04:f2:a7:ad:ff:aa:3b:cf:5d:
                    b8:cb:c5:92:a6:4c:e6:d8:fe:ca:65:86:b3:7f:c7:
                    81:2b:2e:bb:5a:9e:f5:8e:07:5f:0c:7d:1c:45:e7:
                    6d:42:f4:35:ac:4f:02:a0:ad:ef:3c:c9:df:7e:4f:
                    b4:82:69:fa:4c:ea:77:3d:18:37:13:a3:a3:33:be:
                    cb:3e:16:c4:33:01:1e:c6:d5:37:67:5b:11:9d:f0:
                    05:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:FD:21:87:7E:CC:DA:19:B8:6A:B3:94:39:03:5C:55:34:D7:8F:4B
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Dv0hh37M2hm4arOUOQNcVTTXj0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:5000::/38

    Signature Algorithm: sha256WithRSAEncryption
         6c:3a:36:69:88:2e:03:f7:94:92:5d:ba:5a:0f:46:74:e9:8d:
         6c:0e:d6:28:17:c2:a4:e2:c6:b7:72:ef:e0:2c:ce:c0:6e:d6:
         b9:87:57:1b:64:d7:60:25:40:29:71:8b:0e:17:9b:aa:82:dc:
         35:c7:c6:1d:37:14:38:04:2e:66:0b:e5:20:37:0e:99:29:3d:
         f4:c4:5a:f5:2d:45:c9:b5:e7:a7:8a:46:94:e1:9c:51:44:9f:
         84:93:11:88:fb:85:e4:c8:fc:ae:42:96:9b:63:6a:05:b0:08:
         35:45:ee:f2:bb:93:d7:9c:5d:e9:4f:20:fe:40:cd:8f:7d:cc:
         a2:d2:81:5a:88:b3:b7:28:17:f0:ae:f8:cc:0e:83:cf:26:1b:
         f4:ac:e4:bb:2f:ae:94:1d:80:47:9e:c9:12:81:9a:df:38:a1:
         2d:50:a9:36:3e:e6:30:3c:27:ca:a4:3b:42:24:6f:7a:1b:09:
         3d:6b:ba:a2:55:87:27:9b:7d:68:12:8d:f8:70:de:a5:39:e7:
         36:cc:f7:a3:1d:ad:19:96:5c:26:02:e5:b2:ad:39:d6:cf:e7:
         cf:23:71:a6:48:25:49:06:d2:39:93:fe:61:19:4c:a9:39:69:
         22:a7:b6:16:41:e1:e4:28:47:55:59:47:df:56:ef:52:da:ab:
         7c:9c:1e:2a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNfCAiVRUw0ZG6RNGUtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWZkMjE4NzdlY2NkYTE5Yjg2YWIzOTQzOTAzNWM1NTM0ZDc4ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGuXlSvKRAJxU+ND5xvAHosExyOZ
of6NG/G1wxYhJLN8TD+O79xiPOaJ769wBQ7Gnvq56HNi3fEwRluUbkFo0DnTBenl
EA4t2C+HnMtBmqSNeIQFwMkY/jSsAbgNsKdPfbu1/U4F+uTvXLGMJhev9aeTrDgZ
IuNJZujEerle+EpcDG+O//9xQ5cx7THgA3/Oc0UBb0w2wCBeWisR67+KBRcp1UXt
NC9wz2oE8qet/6o7z124y8WSpkzm2P7KZYazf8eBKy67Wp71jgdfDH0cRedtQvQ1
rE8CoK3vPMnffk+0gmn6TOp3PRg3E6OjM77LPhbEMwEextU3Z1sRnfAFgQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA79IYd+zNoZuGqzlDkDXFU0149LMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvRHYwaGgzN00yaG00YXJPVU9RTmNWVFRYajBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmFAw
DQYJKoZIhvcNAQELBQADggEBAGw6NmmILgP3lJJduloPRnTpjWwO1igXwqTixrdy
7+AszsBu1rmHVxtk12AlQClxiw4Xm6qC3DXHxh03FDgELmYL5SA3DpkpPfTEWvUt
Rcm156eKRpThnFFEn4STEYj7heTI/K5ClptjagWwCDVF7vK7k9ecXelPIP5AzY99
zKLSgVqIs7coF/Cu+MwOg88mG/Ss5LsvrpQdgEeeyRKBmt84oS1QqTY+5jA8J8qk
O0Ikb3obCT1ruqJVhyebfWgSjfhw3qU55zbM96MdrRmWXCYC5bKtOdbP588jcaZI
JUkG0jmT/mEZTKk5aSKnthZB4eQoR1VZR99W71Laq3ycHio=
-----END CERTIFICATE-----