Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/kNSoD3kL7jtcH2kfuW4ffXi86LU.roa
File:                     kNSoD3kL7jtcH2kfuW4ffXi86LU.roa (raw, json)
Hash identifier:          WYn03slDHpvflZBwUiVz+sybtOHqXvpBLTtearOQ3Jo=
Subject key identifier:   90:D4:A8:0F:79:0B:EE:3B:5C:1F:69:1F:B9:6E:1F:7D:78:BC:E8:B5
Certificate issuer:       /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial:       018CC801BBCF0472F6E570E641BD7C805B8A
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/kNSoD3kL7jtcH2kfuW4ffXi86LU.roa
Signing time:             Tue 02 Jan 2024 02:30:05 +0000
ROA not before:           Tue 02 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58076
IP address blocks:        2a03:97c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:bb:cf:04:72:f6:e5:70:e6:41:bd:7c:80:5b:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
        Validity
            Not Before: Jan  2 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90d4a80f790bee3b5c1f691fb96e1f7d78bce8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:97:3e:d6:13:ed:79:0c:f9:b3:84:77:d5:81:
                    12:1a:bb:96:47:8b:78:cc:67:9e:3d:66:b6:2f:a7:
                    30:b1:04:b4:88:86:a7:64:33:40:8b:0c:d6:f6:29:
                    c5:85:43:a6:dc:1c:bc:c4:4b:c6:dc:5f:42:92:78:
                    d3:ae:6b:fc:4e:d6:9b:5d:7f:d4:80:ab:2e:3f:a9:
                    a4:32:59:e4:54:65:81:73:b3:98:e1:c7:c9:b4:55:
                    43:46:f2:a4:1a:28:99:98:e3:42:c2:73:ec:da:fa:
                    19:20:a1:26:84:58:94:73:ff:e5:ac:50:35:40:01:
                    9d:4d:2d:a6:89:4d:ea:bb:bc:da:2a:72:97:bb:6a:
                    08:8f:fc:57:84:45:6f:76:b5:c9:86:f0:c4:dc:57:
                    8e:25:0e:d0:f5:d4:08:cc:d8:55:cc:73:f7:fd:75:
                    fb:9d:8b:ef:d9:30:3c:6c:60:7e:18:fd:8b:4f:8d:
                    56:3a:01:12:ff:20:b9:d9:4a:0a:06:17:02:e9:0f:
                    6f:a1:4f:66:dc:0a:04:80:e3:e1:ec:52:38:e6:07:
                    b5:81:35:4d:8c:ce:f7:18:73:2c:ff:ab:5e:79:10:
                    cb:f1:7a:cf:2d:8f:75:d8:bb:c8:d8:70:ed:77:ca:
                    9b:8a:7f:ae:a6:10:80:14:43:c1:e3:73:46:6c:3b:
                    ee:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D4:A8:0F:79:0B:EE:3B:5C:1F:69:1F:B9:6E:1F:7D:78:BC:E8:B5
            X509v3 Authority Key Identifier:
                keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/kNSoD3kL7jtcH2kfuW4ffXi86LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:97c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:3e:fb:f1:4b:bd:6c:66:3e:26:c8:95:55:35:0a:87:db:f0:
         35:9d:f6:c3:e3:e0:ed:fd:c0:c7:bf:e4:45:ac:1b:28:ce:02:
         39:d7:65:64:17:74:46:3b:d2:b7:13:9a:e7:17:a6:00:56:5c:
         8f:a6:5c:0d:85:fb:9d:3d:3f:1e:57:3f:57:f4:5d:df:d9:5d:
         9b:86:ec:04:c5:05:25:f3:4d:64:f1:06:0a:e9:23:bc:41:91:
         0e:91:42:1f:17:6a:82:52:95:16:86:a8:1c:d9:a7:37:b7:89:
         ba:66:04:27:a6:86:b3:90:94:12:44:4d:62:18:ba:66:a4:2d:
         a3:af:a3:3c:8a:31:c4:b1:60:ad:9b:c6:68:0c:9e:2d:71:0f:
         91:a2:4f:1c:bb:16:0a:13:41:9a:25:f6:62:f6:48:c6:f5:52:
         50:8f:bb:67:dd:62:20:55:20:27:ed:19:51:b9:8f:61:d0:7c:
         c4:b9:ec:73:e9:04:56:3a:33:96:dc:aa:0e:53:ec:01:60:c9:
         d7:75:eb:39:49:c9:91:63:14:ae:e6:c1:d4:5b:6c:ed:1d:79:
         aa:6e:d8:5b:82:be:ec:df:77:29:63:1f:84:70:c1:ea:76:97:
         93:0a:c6:83:f6:a0:7c:61:4f:e5:c3:d2:07:1e:d1:c8:2b:40:
         3f:ec:c6:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAbvPBHL25XDmQb18gFuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjQwMTAyMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQ0YTgwZjc5MGJlZTNiNWMxZjY5MWZiOTZlMWY3ZDc4YmNlOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Jc+1hPteQz5s4R31YESGruWR4t4
zGeePWa2L6cwsQS0iIanZDNAiwzW9inFhUOm3By8xEvG3F9CknjTrmv8TtabXX/U
gKsuP6mkMlnkVGWBc7OY4cfJtFVDRvKkGiiZmONCwnPs2voZIKEmhFiUc//lrFA1
QAGdTS2miU3qu7zaKnKXu2oIj/xXhEVvdrXJhvDE3FeOJQ7Q9dQIzNhVzHP3/XX7
nYvv2TA8bGB+GP2LT41WOgES/yC52UoKBhcC6Q9voU9m3AoEgOPh7FI45ge1gTVN
jM73GHMs/6teeRDL8XrPLY912LvI2HDtd8qbin+uphCAFEPB43NGbDvu2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJDUqA95C+47XB9pH7luH314vOi1MB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEva05Tb0Qza0w3anRjSDJrZnVXNGZmWGk4NkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgOXwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCdPvvxS71sZj4myJVVNQqH2/A1nfbD4+Dt/cDH
v+RFrBsozgI512VkF3RGO9K3E5rnF6YAVlyPplwNhfudPT8eVz9X9F3f2V2bhuwE
xQUl801k8QYK6SO8QZEOkUIfF2qCUpUWhqgc2ac3t4m6ZgQnpoazkJQSRE1iGLpm
pC2jr6M8ijHEsWCtm8ZoDJ4tcQ+Rok8cuxYKE0GaJfZi9kjG9VJQj7tn3WIgVSAn
7RlRuY9h0HzEuexz6QRWOjOW3KoOU+wBYMnXdes5ScmRYxSu5sHUW2ztHXmqbthb
gr7s33cpYx+EcMHqdpeTCsaD9qB8YU/lw9IHHtHIK0A/7MYl
-----END CERTIFICATE-----