Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/zfXYGBzA_tpglrjvSoEwWjE4_14.roa
File:                     zfXYGBzA_tpglrjvSoEwWjE4_14.roa (raw, json)
Hash identifier:          Uex0OYVZZJJCfsOzEs1AGU4u8qSZAYL1cL+VndwIoQE=
Subject key identifier:   CD:F5:D8:18:1C:C0:FE:DA:60:96:B8:EF:4A:81:30:5A:31:38:FF:5E
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500E1F689C58DD27A949A53A9C4D87A
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/zfXYGBzA_tpglrjvSoEwWjE4_14.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62217
IP address blocks:        2a06:3e80::/32 maxlen: 32
                          2a04:a140::/32 maxlen: 32
                          2a05:2d00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e1:f6:89:c5:8d:d2:7a:94:9a:53:a9:c4:d8:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdf5d8181cc0feda6096b8ef4a81305a3138ff5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:32:01:7b:3b:01:cc:b4:00:bd:a2:85:c7:4f:
                    26:2c:fe:0a:df:5a:99:fa:79:55:3b:2b:0f:0a:dc:
                    6a:78:fe:9c:04:9c:cd:47:ae:bf:7a:92:50:f7:b5:
                    f5:df:1e:ab:a7:df:b5:ed:96:9d:5d:e7:1e:95:94:
                    0d:1f:63:ca:a7:9e:cc:03:91:db:6a:5a:13:df:94:
                    1b:b1:53:50:0f:f2:65:01:67:fc:87:cf:d3:dd:65:
                    ea:da:2a:5e:18:f0:23:f5:8f:be:f1:cc:01:26:b6:
                    2a:5f:2e:82:7b:38:97:5e:cb:91:6e:fc:cc:d1:c0:
                    b6:ec:cb:9a:af:52:56:35:24:d3:1d:74:0f:b4:ad:
                    8f:89:56:a4:a5:9e:11:d7:3c:5b:ca:d1:be:ab:26:
                    35:32:e2:c3:e5:e5:76:c7:e4:7b:e4:cd:af:0b:99:
                    36:60:10:cf:a7:e3:8d:12:c8:f7:32:54:74:1e:8f:
                    0d:fa:a0:d1:86:7a:f7:a1:73:14:90:e4:d6:08:fb:
                    c4:c1:a4:da:3f:00:42:88:9d:c4:6f:ff:1f:0a:67:
                    20:da:db:c1:03:28:73:99:0c:01:7a:3c:cb:51:d4:
                    1b:34:38:23:34:a8:f4:b3:17:61:c9:45:bb:ad:92:
                    33:8e:6f:70:d2:0e:23:01:a5:43:31:ba:2c:af:75:
                    aa:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F5:D8:18:1C:C0:FE:DA:60:96:B8:EF:4A:81:30:5A:31:38:FF:5E
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/zfXYGBzA_tpglrjvSoEwWjE4_14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a140::/32
                  2a05:2d00::/32
                  2a06:3e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:90:0e:be:79:75:2e:98:e5:0f:c4:84:22:86:30:a2:6e:e0:
         8c:ff:80:88:af:29:db:2c:e4:6a:72:2c:28:84:7b:74:1f:ea:
         ab:0c:91:10:6e:81:90:11:97:f2:c3:88:b9:d7:0d:c5:a9:88:
         31:4d:ea:f0:22:65:16:3a:2a:fa:96:92:10:82:b0:d7:2e:bb:
         10:2e:7c:3a:41:c4:c2:34:4b:bb:94:a5:1b:6a:78:15:10:02:
         a5:b5:28:eb:11:3e:47:e7:b8:bc:e8:97:18:1c:5e:3a:cf:b6:
         e2:cd:b0:f3:1c:a1:2b:df:0d:58:1b:05:5d:0d:61:a6:a8:59:
         c5:42:9e:1d:3c:35:17:d6:c8:38:2e:7f:be:d9:fc:fc:14:9b:
         9d:2f:d6:55:7e:36:d0:4e:fe:2a:91:0b:57:ae:97:a8:08:b6:
         82:66:04:59:43:bb:fc:e6:09:53:49:13:06:2d:99:26:12:98:
         16:bd:8d:a1:9d:de:6e:01:4c:2c:08:3d:36:aa:e5:8d:88:ae:
         90:af:05:73:db:98:b4:2f:b5:15:3c:7a:4a:a9:d7:a6:97:a3:
         f6:dc:ef:2a:bf:8b:32:57:93:c3:31:8d:a5:59:cb:75:d5:dc:
         54:48:ff:05:ef:b9:dc:49:a2:5f:09:34:36:e8:5e:41:31:6c:
         6c:d5:c4:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAOH2icWN0nqUmlOpxNh6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGY1ZDgxODFjYzBmZWRhNjA5NmI4ZWY0YTgxMzA1YTMxMzhmZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDIBezsBzLQAvaKFx08mLP4K31qZ
+nlVOysPCtxqeP6cBJzNR66/epJQ97X13x6rp9+17ZadXecelZQNH2PKp57MA5Hb
aloT35QbsVNQD/JlAWf8h8/T3WXq2ipeGPAj9Y++8cwBJrYqXy6CeziXXsuRbvzM
0cC27Muar1JWNSTTHXQPtK2PiVakpZ4R1zxbytG+qyY1MuLD5eV2x+R75M2vC5k2
YBDPp+ONEsj3MlR0Ho8N+qDRhnr3oXMUkOTWCPvEwaTaPwBCiJ3Eb/8fCmcg2tvB
AyhzmQwBejzLUdQbNDgjNKj0sxdhyUW7rZIzjm9w0g4jAaVDMbosr3WqyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM312BgcwP7aYJa470qBMFoxOP9eMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvemZYWUdCekFfdHBnbHJqdlNvRXdXakU0XzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgShQAMF
ACoFLQADBQAqBj6AMA0GCSqGSIb3DQEBCwUAA4IBAQAbkA6+eXUumOUPxIQihjCi
buCM/4CIrynbLORqciwohHt0H+qrDJEQboGQEZfyw4i51w3FqYgxTerwImUWOir6
lpIQgrDXLrsQLnw6QcTCNEu7lKUbangVEAKltSjrET5H57i86JcYHF46z7bizbDz
HKEr3w1YGwVdDWGmqFnFQp4dPDUX1sg4Ln++2fz8FJudL9ZVfjbQTv4qkQtXrpeo
CLaCZgRZQ7v85glTSRMGLZkmEpgWvY2hnd5uAUwsCD02quWNiK6QrwVz25i0L7UV
PHpKqdeml6P23O8qv4syV5PDMY2lWct11dxUSP8F77ncSaJfCTQ26F5BMWxs1cSV
-----END CERTIFICATE-----