Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/NGODsLdZ5tVyqZ0U0spcYPzQvBU.roa
File:                     NGODsLdZ5tVyqZ0U0spcYPzQvBU.roa (raw, json)
Hash identifier:          MkIoJXVsZV20CBynpmqPSE9q89SXeLTUilG1Lb/Dge8=
Subject key identifier:   34:63:83:B0:B7:59:E6:D5:72:A9:9D:14:D2:CA:5C:60:FC:D0:BC:15
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       0192A3D9401F6FA6543C08461324642F2C31
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/NGODsLdZ5tVyqZ0U0spcYPzQvBU.roa
Signing time:             Sat 19 Oct 2024 08:16:16 +0000
ROA not before:           Sat 19 Oct 2024 08:16:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208626
IP address blocks:        2a0f:4305::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a3:d9:40:1f:6f:a6:54:3c:08:46:13:24:64:2f:2c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Oct 19 08:16:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=346383b0b759e6d572a99d14d2ca5c60fcd0bc15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4e:0c:72:5c:3c:89:16:ac:e8:c0:71:84:fe:
                    6d:2b:3f:cf:11:b3:88:87:04:39:89:83:c3:c5:35:
                    cd:36:ce:8f:b7:ed:05:76:59:ac:06:ea:56:6f:a1:
                    50:59:7c:e4:9c:b5:fa:50:5f:13:47:60:4a:b1:ac:
                    b9:58:6c:a1:aa:8c:a7:09:a4:7e:66:69:7a:5a:57:
                    fa:e5:23:13:87:a8:87:ab:6e:61:17:56:cc:46:b7:
                    c4:13:1f:9e:50:0b:43:93:7b:91:18:50:f9:f8:01:
                    43:d0:6d:b3:7e:dd:ac:b9:55:e3:19:fb:0f:dd:69:
                    35:bf:1b:09:b9:d2:47:7a:fe:19:67:05:b2:a7:45:
                    85:38:0f:8c:8b:30:fa:b7:00:64:c8:2b:af:98:2f:
                    85:6b:29:54:30:9a:24:5e:75:bb:6d:1d:0f:dc:d4:
                    3f:54:c4:cf:28:58:34:81:e1:c7:31:b6:d9:3a:cf:
                    d8:af:ce:31:4c:d5:37:7d:fa:b0:42:73:e0:a9:43:
                    2d:b4:8b:f2:ba:ec:76:77:27:b6:b9:fe:39:d9:0c:
                    e1:01:49:c2:45:2b:e5:e1:be:59:77:2a:40:ba:a6:
                    f4:a6:e6:09:65:aa:53:ef:5b:d6:b8:66:a6:3b:ba:
                    c1:2c:b1:f2:b0:cb:45:36:91:31:fd:ef:76:24:81:
                    d4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:63:83:B0:B7:59:E6:D5:72:A9:9D:14:D2:CA:5C:60:FC:D0:BC:15
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/NGODsLdZ5tVyqZ0U0spcYPzQvBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4305::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:63:91:31:4b:d5:fc:ef:1b:9d:cf:33:82:05:cd:be:f2:39:
         ea:44:49:d7:97:24:72:d2:7f:15:ca:36:a4:70:89:c7:a5:92:
         e0:5c:97:30:1b:26:a8:7a:c3:c3:48:8f:b6:d4:be:48:87:52:
         72:59:28:c0:6f:f4:fc:b7:2b:72:d5:9e:00:61:f4:e0:22:27:
         9e:84:b7:2b:65:d2:2a:9a:c6:43:a7:06:fe:c7:05:03:a5:56:
         3f:a5:27:a8:f7:ee:2d:f7:c5:87:85:fe:2a:04:bf:6a:7a:27:
         d2:94:aa:2b:56:f5:4f:8a:56:77:60:23:d3:a6:e8:70:35:fb:
         82:4d:fb:f2:a1:b9:7d:31:d6:93:38:18:78:e1:a8:b9:9d:4f:
         be:ef:9c:fc:fd:00:c7:ce:15:b2:c1:30:b6:66:7e:ba:6f:2a:
         25:88:e8:39:c8:74:9a:4d:4e:17:6e:98:cd:fd:01:c8:9a:1f:
         f9:9c:33:09:d1:b2:b1:b1:0c:16:9d:1c:91:42:94:dd:4e:48:
         68:12:51:68:91:0b:a4:4a:74:40:a8:30:75:cb:dd:8a:a9:be:
         e6:4c:db:83:7b:c2:78:20:66:34:f4:97:09:ae:ed:53:65:57:
         1b:87:68:31:f2:60:09:71:bc:dc:c8:09:23:be:e4:9f:ec:d2:
         fe:72:dc:c1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKj2UAfb6ZUPAhGEyRkLywxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQxMDE5MDgxNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDYzODNiMGI3NTllNmQ1NzJhOTlkMTRkMmNhNWM2MGZjZDBiYzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk4Mclw8iRas6MBxhP5tKz/PEbOI
hwQ5iYPDxTXNNs6Pt+0FdlmsBupWb6FQWXzknLX6UF8TR2BKsay5WGyhqoynCaR+
Zml6Wlf65SMTh6iHq25hF1bMRrfEEx+eUAtDk3uRGFD5+AFD0G2zft2suVXjGfsP
3Wk1vxsJudJHev4ZZwWyp0WFOA+MizD6twBkyCuvmC+FaylUMJokXnW7bR0P3NQ/
VMTPKFg0geHHMbbZOs/Yr84xTNU3ffqwQnPgqUMttIvyuux2dye2uf452QzhAUnC
RSvl4b5ZdypAuqb0puYJZapT71vWuGamO7rBLLHysMtFNpEx/e92JIHUVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDRjg7C3WebVcqmdFNLKXGD80LwVMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvTkdPRHNMZFo1dFZ5cVowVTBzcGNZUHpRdkJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg9DBTAN
BgkqhkiG9w0BAQsFAAOCAQEAoWORMUvV/O8bnc8zggXNvvI56kRJ15ckctJ/Fco2
pHCJx6WS4FyXMBsmqHrDw0iPttS+SIdSclkowG/0/LcrctWeAGH04CInnoS3K2XS
KprGQ6cG/scFA6VWP6UnqPfuLffFh4X+KgS/anon0pSqK1b1T4pWd2Aj06bocDX7
gk378qG5fTHWkzgYeOGouZ1Pvu+c/P0Ax84VssEwtmZ+um8qJYjoOch0mk1OF26Y
zf0ByJof+ZwzCdGysbEMFp0ckUKU3U5IaBJRaJELpEp0QKgwdcvdiqm+5kzbg3vC
eCBmNPSXCa7tU2VXG4doMfJgCXG83MgJI77kn+zS/nLcwQ==
-----END CERTIFICATE-----