Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/CshPQv3WitwH-Tw1DnNWXIT-fyE.roa
File:                     CshPQv3WitwH-Tw1DnNWXIT-fyE.roa (raw, json)
Hash identifier:          xOxFUSmIw+yw97rCwcMw24fBJYrzbSHSkY5uHpKAF3c=
Subject key identifier:   0A:C8:4F:42:FD:D6:8A:DC:07:F9:3C:35:0E:73:56:5C:84:FE:7F:21
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       018CC348EF25E0393BB7AD6F0500CBE7A76C
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/CshPQv3WitwH-Tw1DnNWXIT-fyE.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202818
IP address blocks:        2001:4cd0:dc00:1200::/56 maxlen: 56
                          2001:4cd0:dc00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ef:25:e0:39:3b:b7:ad:6f:05:00:cb:e7:a7:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ac84f42fdd68adc07f93c350e73565c84fe7f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:69:e2:30:23:51:70:b5:2b:4a:70:5f:2c:a4:
                    c7:2c:6c:a3:c9:fb:45:a5:8a:fd:53:24:d6:85:1e:
                    2b:10:f4:f7:61:ee:f2:a5:14:c7:2d:fb:84:fe:75:
                    7e:94:97:9b:ed:71:c3:9d:96:15:06:fe:2a:47:58:
                    d7:df:7b:d3:ac:60:5c:5c:36:06:d4:4d:de:95:a5:
                    f1:35:f1:a1:65:c3:02:fb:2f:73:a7:fb:1a:f4:06:
                    f2:26:01:68:e4:ac:0e:d3:64:59:be:a9:2e:fc:a3:
                    6d:cf:08:f1:78:0f:e4:a1:de:0c:5d:a3:ed:16:01:
                    19:d2:b6:39:b7:ea:96:4d:ad:56:53:7b:71:bc:52:
                    30:12:22:9d:93:72:50:46:1b:d9:a6:c0:05:d1:56:
                    9a:d1:7f:98:26:92:3b:70:c3:ea:4d:d3:44:4b:42:
                    8e:ef:24:09:3f:e0:e1:c6:95:6f:f9:b1:fe:db:87:
                    aa:c7:5f:45:79:c3:59:98:b2:e3:23:44:ed:1f:2d:
                    6a:b7:1b:ba:47:9e:c9:8a:26:e8:54:5c:14:f3:8b:
                    40:a0:1d:8f:d0:52:60:38:3a:f0:df:01:d8:77:dc:
                    c3:45:5f:f0:5b:44:c5:34:16:7e:83:25:b1:36:ee:
                    86:78:70:bd:0c:01:1c:6b:88:ca:3c:0f:5c:a3:aa:
                    4b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:C8:4F:42:FD:D6:8A:DC:07:F9:3C:35:0E:73:56:5C:84:FE:7F:21
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/CshPQv3WitwH-Tw1DnNWXIT-fyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4cd0:dc00::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:3f:b4:15:b3:a2:68:15:1c:90:2f:74:7f:f2:4d:e8:70:1c:
         95:af:b5:68:b3:08:bb:0b:dd:b6:85:e7:93:dd:e1:c1:ea:75:
         52:a8:8d:e8:16:90:23:13:af:9b:47:2d:b6:28:a9:a7:49:74:
         39:bd:45:1f:fa:90:70:d3:92:89:6e:8e:2c:a8:8c:b5:90:2b:
         b8:bb:9d:15:1b:7b:d3:e5:d0:e2:77:45:34:3b:bf:23:95:17:
         f1:c2:85:56:a3:09:25:4e:28:84:63:e1:03:71:f3:43:e9:9c:
         c9:c8:e0:dc:e9:0b:f9:58:8f:5b:49:df:b9:6d:91:cd:b1:0d:
         9a:b9:a3:1a:7e:ae:0f:91:83:58:2d:ab:46:94:e5:23:72:17:
         aa:af:42:20:3d:5b:af:2c:f0:96:f0:6c:f3:ab:09:70:c8:a6:
         92:c1:a8:ba:52:3c:f0:11:4b:ec:46:83:03:9d:ab:86:24:04:
         01:9b:37:d1:43:21:24:38:63:f9:9d:fc:0f:13:d2:05:10:68:
         95:0a:a7:df:0a:08:74:da:90:bc:65:55:a6:d9:78:cc:e3:04:
         34:a6:b5:ae:89:c5:49:44:22:dc:ad:60:de:82:ef:0e:c0:f6:
         03:4d:0b:fb:28:52:91:c1:16:6d:f5:74:e4:b6:1a:71:55:e2:
         eb:6e:2b:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSO8l4Dk7t61vBQDL56dsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWM4NGY0MmZkZDY4YWRjMDdmOTNjMzUwZTczNTY1Yzg0ZmU3ZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWniMCNRcLUrSnBfLKTHLGyjyftF
pYr9UyTWhR4rEPT3Ye7ypRTHLfuE/nV+lJeb7XHDnZYVBv4qR1jX33vTrGBcXDYG
1E3elaXxNfGhZcMC+y9zp/sa9AbyJgFo5KwO02RZvqku/KNtzwjxeA/kod4MXaPt
FgEZ0rY5t+qWTa1WU3txvFIwEiKdk3JQRhvZpsAF0Vaa0X+YJpI7cMPqTdNES0KO
7yQJP+DhxpVv+bH+24eqx19FecNZmLLjI0TtHy1qtxu6R57JiiboVFwU84tAoB2P
0FJgODrw3wHYd9zDRV/wW0TFNBZ+gyWxNu6GeHC9DAEca4jKPA9co6pLdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFArIT0L91orcB/k8NQ5zVlyE/n8hMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvQ3NoUFF2M1dpdHdILVR3MURuTldYSVQtZnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFM0NwA
MA0GCSqGSIb3DQEBCwUAA4IBAQBRP7QVs6JoFRyQL3R/8k3ocByVr7Voswi7C922
heeT3eHB6nVSqI3oFpAjE6+bRy22KKmnSXQ5vUUf+pBw05KJbo4sqIy1kCu4u50V
G3vT5dDid0U0O78jlRfxwoVWowklTiiEY+EDcfND6ZzJyODc6Qv5WI9bSd+5bZHN
sQ2auaMafq4PkYNYLatGlOUjcheqr0IgPVuvLPCW8GzzqwlwyKaSwai6UjzwEUvs
RoMDnauGJAQBmzfRQyEkOGP5nfwPE9IFEGiVCqffCgh02pC8ZVWm2XjM4wQ0prWu
icVJRCLcrWDegu8OwPYDTQv7KFKRwRZt9XTkthpxVeLrbivW
-----END CERTIFICATE-----