Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/4_x--v8D-BSwBlonOxDMXx3zUg4.roa
File:                     4_x--v8D-BSwBlonOxDMXx3zUg4.roa (raw, json)
Hash identifier:          LaUusazMLTlNZZzLMeIYh9iYsJTnfmutudXO/oKCcqs=
Subject key identifier:   E3:FC:7E:FA:FF:03:F8:14:B0:06:5A:27:3B:10:CC:5F:1D:F3:52:0E
Certificate issuer:       /CN=97893182b16718983bc008c8d087f8ddca3d8614
Certificate serial:       018CC7260EFB22CED48B2DD720A2F7EEB662
Authority key identifier: 97:89:31:82:B1:67:18:98:3B:C0:08:C8:D0:87:F8:DD:CA:3D:86:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l4kxgrFnGJg7wAjI0If43co9hhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/4_x--v8D-BSwBlonOxDMXx3zUg4.roa
Signing time:             Mon 01 Jan 2024 22:30:09 +0000
ROA not before:           Mon 01 Jan 2024 22:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29018
IP address blocks:        2a0b:1306:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/l4kxgrFnGJg7wAjI0If43co9hhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/l4kxgrFnGJg7wAjI0If43co9hhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l4kxgrFnGJg7wAjI0If43co9hhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:0e:fb:22:ce:d4:8b:2d:d7:20:a2:f7:ee:b6:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97893182b16718983bc008c8d087f8ddca3d8614
        Validity
            Not Before: Jan  1 22:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3fc7efaff03f814b0065a273b10cc5f1df3520e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4e:7d:71:b1:12:e6:34:6b:4a:37:f8:f7:7c:
                    0c:27:02:92:13:43:cf:46:3a:06:5c:0b:fd:c4:09:
                    18:4a:0d:9a:37:ce:ee:c3:7d:22:b5:79:3e:66:7d:
                    8b:c6:b7:58:7a:41:f3:bf:f2:94:48:8f:72:ee:19:
                    e8:de:f9:4a:9d:af:16:e3:29:1f:9a:48:a4:cc:58:
                    a3:d3:03:81:2c:f5:28:75:37:bc:71:2e:c8:85:33:
                    82:aa:85:30:ee:61:3e:ad:2c:10:23:ba:24:ae:af:
                    7f:20:de:a0:07:5b:27:05:6a:25:22:ad:5b:b0:e9:
                    5c:e8:31:a0:74:5d:d6:7a:43:9e:63:d4:ec:1d:0e:
                    63:e3:87:52:a7:5a:04:97:2b:80:18:8e:0b:09:5d:
                    bc:ca:e6:72:c9:4f:56:0d:53:8c:44:69:ee:7e:b2:
                    5f:dd:6a:51:c7:2c:dc:ca:00:80:56:89:24:0f:c6:
                    49:ea:27:6d:04:9a:15:9b:32:d5:42:26:7d:65:9c:
                    76:76:3a:f2:ab:7c:6a:35:e9:03:89:e9:26:2f:24:
                    f8:96:d4:d2:55:9c:4d:0f:69:71:de:d7:1a:45:60:
                    02:04:fc:8a:03:06:39:f3:b2:05:f5:a6:17:af:ef:
                    90:9b:70:af:27:fc:37:47:11:60:71:f6:05:6a:45:
                    bf:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:FC:7E:FA:FF:03:F8:14:B0:06:5A:27:3B:10:CC:5F:1D:F3:52:0E
            X509v3 Authority Key Identifier:
                keyid:97:89:31:82:B1:67:18:98:3B:C0:08:C8:D0:87:F8:DD:CA:3D:86:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l4kxgrFnGJg7wAjI0If43co9hhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/4_x--v8D-BSwBlonOxDMXx3zUg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/l4kxgrFnGJg7wAjI0If43co9hhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1306:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:a3:85:ed:b6:8e:34:37:79:ae:25:b6:16:a1:f9:b4:9d:bf:
         3a:27:67:d1:4b:a4:87:74:52:fd:eb:97:3c:c8:e8:61:57:f0:
         b2:48:11:a5:c1:b4:dc:60:d4:dd:c2:20:df:a1:46:b5:93:7b:
         b5:61:d2:ec:a0:42:da:19:78:1b:e9:5c:41:b4:87:2c:dd:8e:
         ea:b3:b1:20:24:0b:e4:74:aa:07:88:73:28:4b:3d:5d:11:11:
         ce:7e:f4:65:11:38:51:1b:dc:4b:5e:0f:d8:eb:0d:50:6a:59:
         1b:a3:7d:d0:bd:2a:61:50:42:e0:cf:c5:d6:7f:25:c3:e2:40:
         e5:e9:f0:c6:a7:7a:2b:51:a5:c0:8b:9e:e1:b4:6d:6d:b2:e8:
         22:2c:8c:1d:1f:70:88:16:08:5e:93:b3:3e:c9:ba:60:7f:8d:
         aa:e4:29:7b:54:bc:e9:7e:80:48:1e:21:fb:30:20:2c:d8:79:
         e0:21:6c:d3:17:e3:d8:98:88:c7:33:67:f6:e4:ba:6c:8b:4c:
         4d:69:4c:07:33:a9:2e:1f:9d:e5:28:b8:d5:04:c7:c0:47:4e:
         84:b1:1a:d9:24:43:63:a8:85:f3:e8:7f:2c:d7:b2:b4:ec:0a:
         6a:aa:b4:4c:12:02:61:41:49:e5:8c:25:03:be:f6:c8:eb:3d:
         ec:0d:02:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJg77Is7Uiy3XIKL37rZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ODkzMTgyYjE2NzE4OTgzYmMwMDhjOGQwODdmOGRkY2Ez
ZDg2MTQwHhcNMjQwMTAxMjIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2ZjN2VmYWZmMDNmODE0YjAwNjVhMjczYjEwY2M1ZjFkZjM1MjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU59cbES5jRrSjf493wMJwKSE0PP
RjoGXAv9xAkYSg2aN87uw30itXk+Zn2LxrdYekHzv/KUSI9y7hno3vlKna8W4ykf
mkikzFij0wOBLPUodTe8cS7IhTOCqoUw7mE+rSwQI7okrq9/IN6gB1snBWolIq1b
sOlc6DGgdF3WekOeY9TsHQ5j44dSp1oElyuAGI4LCV28yuZyyU9WDVOMRGnufrJf
3WpRxyzcygCAVokkD8ZJ6idtBJoVmzLVQiZ9ZZx2djryq3xqNekDiekmLyT4ltTS
VZxND2lx3tcaRWACBPyKAwY587IF9aYXr++Qm3CvJ/w3RxFgcfYFakW/AQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOP8fvr/A/gUsAZaJzsQzF8d81IOMB8GA1UdIwQY
MBaAFJeJMYKxZxiYO8AIyNCH+N3KPYYUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDRreGdyRm5HSmc3d0FqSTBJZjQzY285aGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xMjAwNDMtMTczMy00YzcyLWFkNDct
YmMwZTUxMWMyMGNlLzEvNF94LS12OEQtQlN3Qmxvbk94RE1YeDN6VWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xMjAwNDMtMTczMy00YzcyLWFkNDctYmMwZTUxMWMyMGNl
LzEvbDRreGdyRm5HSmc3d0FqSTBJZjQzY285aGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsTBgAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBqo4Xtto40N3muJbYWofm0nb86J2fRS6SHdFL9
65c8yOhhV/CySBGlwbTcYNTdwiDfoUa1k3u1YdLsoELaGXgb6VxBtIcs3Y7qs7Eg
JAvkdKoHiHMoSz1dERHOfvRlEThRG9xLXg/Y6w1Qalkbo33QvSphUELgz8XWfyXD
4kDl6fDGp3orUaXAi57htG1tsugiLIwdH3CIFghek7M+ybpgf42q5Cl7VLzpfoBI
HiH7MCAs2HngIWzTF+PYmIjHM2f25Lpsi0xNaUwHM6kuH53lKLjVBMfAR06EsRrZ
JENjqIXz6H8s17K07ApqqrRMEgJhQUnljCUDvvbI6z3sDQJ2
-----END CERTIFICATE-----