Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/AfiwHuz1_fE3uWHyqmYCo7emZ3I.roa
File:                     AfiwHuz1_fE3uWHyqmYCo7emZ3I.roa (raw, json)
Hash identifier:          N0wU3ONbWhNXpsxuJEOndCoXX/06wSPyuJ2YS0JuIVs=
Subject key identifier:   01:F8:B0:1E:EC:F5:FD:F1:37:B9:61:F2:AA:66:02:A3:B7:A6:67:72
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018DEA34D87A6F39DAD82F1F5792CDDFC4D4
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/AfiwHuz1_fE3uWHyqmYCo7emZ3I.roa
Signing time:             Tue 27 Feb 2024 10:55:48 +0000
ROA not before:           Tue 27 Feb 2024 10:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34224
IP address blocks:        2a01:3e0:2004::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:34:d8:7a:6f:39:da:d8:2f:1f:57:92:cd:df:c4:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Feb 27 10:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f8b01eecf5fdf137b961f2aa6602a3b7a66772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2f:fa:66:75:8e:e7:5b:cc:7c:3b:5f:1a:82:
                    7a:f9:3d:33:df:a8:d6:f5:9e:85:9c:d7:e0:21:16:
                    ba:56:41:28:56:ec:69:e1:9c:5a:9b:45:3f:c6:1c:
                    aa:93:71:0c:11:ef:ef:d0:c8:c7:ac:ed:ef:ed:72:
                    85:fd:b3:e5:5f:4b:b6:80:90:fd:ab:38:ae:9a:6c:
                    e8:76:76:78:94:59:d6:52:9f:64:17:8e:70:f8:52:
                    bc:87:36:b8:08:9b:9b:74:29:2a:9c:7a:70:d1:8b:
                    17:20:9b:cc:26:a5:8c:d9:48:14:f9:4e:dd:b2:ca:
                    03:3f:06:49:83:c3:16:d2:fa:7a:f4:2b:3c:f5:80:
                    0d:e9:3f:ea:ec:0b:b8:52:e9:bf:5a:2e:be:3f:5b:
                    2f:5d:c4:4e:0a:d8:6f:66:63:b4:1a:84:47:d7:8e:
                    5f:da:23:d6:b2:9e:01:3c:87:5f:d4:2b:08:bf:bf:
                    30:f9:22:79:1f:8a:38:46:34:b3:6f:10:f7:34:0a:
                    0f:7e:f7:7e:68:1c:59:ec:55:36:70:8e:2c:71:b5:
                    33:0f:38:b3:83:b9:9b:b8:a2:dc:90:c9:25:f5:1e:
                    6e:59:f9:2a:3e:a2:61:f2:6e:f9:c7:65:6f:51:a4:
                    b1:9d:e4:e9:4c:93:20:19:cf:95:c0:f0:f5:d7:02:
                    a0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F8:B0:1E:EC:F5:FD:F1:37:B9:61:F2:AA:66:02:A3:B7:A6:67:72
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/AfiwHuz1_fE3uWHyqmYCo7emZ3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3e0:2004::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:f0:e6:f2:fb:35:06:b1:0d:33:51:b1:c0:01:a6:d3:a3:5d:
         ef:b6:1c:63:dc:45:32:a8:81:a4:e7:c2:87:4c:3e:0e:99:d6:
         3d:34:3b:8b:55:ba:2d:7b:a5:22:07:e8:6b:21:99:86:80:7a:
         f5:e7:7c:d1:c1:c5:55:8c:5f:26:94:1d:5b:b1:60:af:24:15:
         65:3d:4a:75:9a:e0:58:7b:fe:6c:28:e1:c8:af:a2:78:4b:df:
         3c:b9:05:a5:c4:b1:87:6b:0f:5a:5c:37:c9:f1:9c:c4:cc:ca:
         14:16:ce:e5:f6:29:c4:b9:b9:58:87:16:50:6f:0e:c6:1d:51:
         64:db:0f:fb:25:9f:1a:86:54:bd:ef:99:d6:84:b4:b7:c9:53:
         ef:72:10:c1:cf:d7:0b:b5:85:f3:82:92:bb:8f:28:cd:17:09:
         3a:99:86:e0:13:98:e3:c6:33:2a:8f:30:c7:73:1f:40:46:72:
         1e:ee:41:14:a9:b6:33:a8:27:34:66:aa:3f:5d:f0:9d:ed:84:
         f0:fb:c6:b4:0e:7f:2d:e9:9a:37:63:55:f3:52:6a:fa:b2:e6:
         8d:d0:ec:c5:c6:92:14:0d:ec:3b:7b:7b:1b:21:c3:2b:52:d7:
         df:53:b1:88:ae:c9:23:a6:f8:05:ee:cf:18:e5:cc:91:8f:45:
         6d:b8:1c:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3qNNh6bzna2C8fV5LN38TUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMjI3MTA1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWY4YjAxZWVjZjVmZGYxMzdiOTYxZjJhYTY2MDJhM2I3YTY2NzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli/6ZnWO51vMfDtfGoJ6+T0z36jW
9Z6FnNfgIRa6VkEoVuxp4Zxam0U/xhyqk3EMEe/v0MjHrO3v7XKF/bPlX0u2gJD9
qziummzodnZ4lFnWUp9kF45w+FK8hza4CJubdCkqnHpw0YsXIJvMJqWM2UgU+U7d
ssoDPwZJg8MW0vp69Cs89YAN6T/q7Au4Uum/Wi6+P1svXcROCthvZmO0GoRH145f
2iPWsp4BPIdf1CsIv78w+SJ5H4o4RjSzbxD3NAoPfvd+aBxZ7FU2cI4scbUzDziz
g7mbuKLckMkl9R5uWfkqPqJh8m75x2VvUaSxneTpTJMgGc+VwPD11wKgYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAH4sB7s9f3xN7lh8qpmAqO3pmdyMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvQWZpd0h1ejFfZkUzdVdIeXFtWUNvN2VtWjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgED4CAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBf8Oby+zUGsQ0zUbHAAabTo13vthxj3EUyqIGk
58KHTD4OmdY9NDuLVbote6UiB+hrIZmGgHr153zRwcVVjF8mlB1bsWCvJBVlPUp1
muBYe/5sKOHIr6J4S988uQWlxLGHaw9aXDfJ8ZzEzMoUFs7l9inEublYhxZQbw7G
HVFk2w/7JZ8ahlS975nWhLS3yVPvchDBz9cLtYXzgpK7jyjNFwk6mYbgE5jjxjMq
jzDHcx9ARnIe7kEUqbYzqCc0Zqo/XfCd7YTw+8a0Dn8t6Zo3Y1XzUmr6suaN0OzF
xpIUDew7e3sbIcMrUtffU7GIrskjpvgF7s8Y5cyRj0VtuBwn
-----END CERTIFICATE-----