Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/PbkJxqA5PmNFabqTw1fKGFVkjV0.roa
File:                     PbkJxqA5PmNFabqTw1fKGFVkjV0.roa (raw, json)
Hash identifier:          mDjtZOTD8H5hXGsyS+GZVD0fycZ0nmfA1pzJGIv3NDE=
Subject key identifier:   3D:B9:09:C6:A0:39:3E:63:45:69:BA:93:C3:57:CA:18:55:64:8D:5D
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       018CCA99F6DE20FA2B073090991DC05E0016
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/PbkJxqA5PmNFabqTw1fKGFVkjV0.roa
Signing time:             Tue 02 Jan 2024 14:35:37 +0000
ROA not before:           Tue 02 Jan 2024 14:35:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12302
IP address blocks:        2a01:8fa::/32 maxlen: 32
                          2a01:878::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:f6:de:20:fa:2b:07:30:90:99:1d:c0:5e:00:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 14:35:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db909c6a0393e634569ba93c357ca1855648d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:29:20:53:f4:1a:bd:32:76:be:b9:23:84:3a:
                    7d:6d:d3:45:60:c7:70:19:d4:5b:77:02:dc:a0:9d:
                    72:da:c4:e1:82:1b:1b:f9:cb:22:ea:08:c8:3c:29:
                    4c:51:05:5d:38:11:a8:1d:48:19:b5:60:01:fa:6d:
                    8b:88:cd:37:33:0a:e4:88:ca:56:7e:65:cf:96:7d:
                    c7:ec:e5:d7:ab:7f:41:e8:6a:12:1f:99:3f:60:60:
                    b1:31:9f:4c:7d:69:3b:dd:d5:e9:0b:39:eb:ba:ae:
                    e9:e2:34:a8:77:06:14:d8:f2:53:6d:18:63:d6:7d:
                    e6:b3:4f:dd:58:71:6d:55:c7:89:cd:50:3e:4e:8d:
                    f8:af:1b:f4:b6:d7:f3:13:08:7a:50:88:d2:ed:d6:
                    c1:3c:4b:68:1d:4b:79:aa:d6:ba:a8:f6:45:f2:d8:
                    ed:0b:15:8f:27:1c:5f:12:1d:80:b3:50:49:bf:c5:
                    a6:10:df:0b:cd:ce:d0:45:6b:6c:bb:64:e2:a0:c8:
                    3c:dd:c0:69:48:ab:0f:22:d3:35:21:38:51:ac:a0:
                    6d:fe:2d:51:1f:f3:2c:16:39:09:65:47:01:6e:83:
                    dd:2b:e1:87:b2:38:5e:30:26:73:c5:ed:8c:68:f2:
                    c5:88:f6:76:b8:55:d2:76:59:9d:2e:9d:48:f2:6e:
                    6d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B9:09:C6:A0:39:3E:63:45:69:BA:93:C3:57:CA:18:55:64:8D:5D
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/PbkJxqA5PmNFabqTw1fKGFVkjV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:878::/32
                  2a01:8fa::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:96:e5:62:c9:1b:a8:e3:ff:2d:4f:97:4a:79:cb:76:f3:76:
         2c:fe:20:05:6d:44:66:ff:ae:53:d2:e4:5f:61:95:f7:e8:a3:
         ab:76:28:65:62:0e:ec:75:4c:f8:d0:fa:c5:34:03:14:c2:e1:
         10:2c:d2:b5:68:9a:27:88:53:7d:b4:a9:aa:7d:9c:6e:f8:2e:
         5a:7a:82:77:50:30:fb:fc:25:f0:20:df:e4:04:78:24:98:80:
         10:b7:c5:d4:89:19:57:73:94:68:b7:74:04:56:63:64:86:24:
         57:9e:99:e0:38:82:3f:4b:0d:c7:17:74:23:74:c4:ea:34:61:
         fc:25:83:42:a7:df:98:aa:59:54:1c:6d:4c:fb:73:fb:05:05:
         aa:6a:2a:1c:1e:67:ef:60:ba:82:6e:1f:30:aa:b8:e6:b5:b7:
         a0:73:12:d0:e4:1d:5e:61:9a:0a:ef:67:f8:1e:50:e9:73:78:
         19:ff:d8:d8:1f:85:de:c5:2f:bc:e2:74:bb:19:1d:0b:9c:76:
         37:7f:60:55:19:d2:c9:e2:74:6c:61:10:b7:ff:07:d8:93:9c:
         2d:be:c1:00:41:ec:c2:ca:74:89:49:de:1f:fa:18:ea:e8:65:
         c9:ed:ac:80:1c:8c:b1:39:8f:22:91:7c:83:d6:23:07:b5:e8:
         eb:3d:e4:1a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKmfbeIPorBzCQmR3AXgAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjQwMTAyMTQzNTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI5MDljNmEwMzkzZTYzNDU2OWJhOTNjMzU3Y2ExODU1NjQ4ZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxikgU/QavTJ2vrkjhDp9bdNFYMdw
GdRbdwLcoJ1y2sThghsb+csi6gjIPClMUQVdOBGoHUgZtWAB+m2LiM03MwrkiMpW
fmXPln3H7OXXq39B6GoSH5k/YGCxMZ9MfWk73dXpCznruq7p4jSodwYU2PJTbRhj
1n3ms0/dWHFtVceJzVA+To34rxv0ttfzEwh6UIjS7dbBPEtoHUt5qta6qPZF8tjt
CxWPJxxfEh2As1BJv8WmEN8Lzc7QRWtsu2TioMg83cBpSKsPItM1IThRrKBt/i1R
H/MsFjkJZUcBboPdK+GHsjheMCZzxe2MaPLFiPZ2uFXSdlmdLp1I8m5twwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD25CcagOT5jRWm6k8NXyhhVZI1dMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvUGJrSnhxQTVQbU5GYWJxVHcxZktHRlZralYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgEIeAMF
ACoBCPowDQYJKoZIhvcNAQELBQADggEBAI+W5WLJG6jj/y1Pl0p5y3bzdiz+IAVt
RGb/rlPS5F9hlffoo6t2KGViDux1TPjQ+sU0AxTC4RAs0rVomieIU320qap9nG74
Llp6gndQMPv8JfAg3+QEeCSYgBC3xdSJGVdzlGi3dARWY2SGJFeemeA4gj9LDccX
dCN0xOo0Yfwlg0Kn35iqWVQcbUz7c/sFBapqKhweZ+9guoJuHzCquOa1t6BzEtDk
HV5hmgrvZ/geUOlzeBn/2Ngfhd7FL7zidLsZHQucdjd/YFUZ0snidGxhELf/B9iT
nC2+wQBB7MLKdIlJ3h/6GOroZcntrIAcjLE5jyKRfIPWIwe16Os95Bo=
-----END CERTIFICATE-----