Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/sFoTxQ6Gm90qZG4sUc2jeApVsS4.roa
File:                     sFoTxQ6Gm90qZG4sUc2jeApVsS4.roa (raw, json)
Hash identifier:          74WQf6mTUSnPPvHI5udi5Qm/cVykUsHLW0yubS1l5YA=
Subject key identifier:   B0:5A:13:C5:0E:86:9B:DD:2A:64:6E:2C:51:CD:A3:78:0A:55:B1:2E
Certificate issuer:       /CN=d50697943676399ac5cac6a3e476545af0df49dd
Certificate serial:       018CC56E298735C64F6808C461DB11BCB526
Authority key identifier: D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/sFoTxQ6Gm90qZG4sUc2jeApVsS4.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5411
IP address blocks:        2a03:9b80:4000::/34 maxlen: 34
                          2a03:9b80:6000::/35 maxlen: 35
                          2a03:9b80:4000::/35 maxlen: 35

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:29:87:35:c6:4f:68:08:c4:61:db:11:bc:b5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d50697943676399ac5cac6a3e476545af0df49dd
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b05a13c50e869bdd2a646e2c51cda3780a55b12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:40:d0:75:0a:13:c3:cf:66:2b:5c:ef:d9:32:
                    a5:2f:bf:d9:03:f6:46:74:8c:c1:24:3c:bd:1a:35:
                    40:99:87:a5:b4:04:91:98:d8:a7:b5:8f:b8:f9:51:
                    7d:21:de:9c:0c:68:b9:1a:ef:87:e5:62:a2:1a:41:
                    b7:4f:12:9c:d6:50:dc:42:80:77:3c:5c:e6:7d:b4:
                    3e:65:97:7c:e2:a4:2d:c8:1b:55:44:1a:17:81:7d:
                    7f:47:5c:c8:35:07:81:b9:11:8b:db:10:c2:7e:d6:
                    54:1f:79:c4:65:56:32:e2:98:9e:42:a9:3b:99:b3:
                    8c:d2:77:42:d2:6f:58:b8:aa:da:a7:87:cb:da:ef:
                    39:e5:5a:32:ed:73:4e:4e:44:53:9f:b0:e7:43:38:
                    e9:68:a9:12:12:bf:10:74:9e:72:b2:61:a3:d7:89:
                    eb:39:0e:b1:0a:48:43:f0:85:d4:76:a3:45:04:87:
                    01:95:f0:b2:6b:d5:11:91:bd:08:64:7e:31:8b:4a:
                    c5:9d:ca:6e:ce:71:dd:b0:61:ec:80:c3:00:e0:58:
                    9f:2e:7b:78:22:67:fd:0c:57:1f:18:27:93:24:36:
                    81:0c:01:6b:71:ed:32:5c:77:40:22:79:43:49:a3:
                    d0:ca:6c:fc:1d:71:1b:be:f8:f9:9c:70:32:ba:bd:
                    fe:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5A:13:C5:0E:86:9B:DD:2A:64:6E:2C:51:CD:A3:78:0A:55:B1:2E
            X509v3 Authority Key Identifier:
                keyid:D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/sFoTxQ6Gm90qZG4sUc2jeApVsS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9b80:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         39:21:5f:d4:f0:7e:8b:8c:be:70:fb:cc:88:12:4d:84:c7:d1:
         ab:37:19:ad:37:45:86:6a:30:4b:51:27:a7:df:4d:e4:5d:08:
         1f:21:ee:a8:6b:3a:aa:0b:df:78:0b:3d:3d:06:b0:de:95:bc:
         6e:3b:2a:ca:ff:92:ab:d8:59:df:ce:68:80:bc:a7:86:7d:7a:
         14:d7:2a:68:6c:8d:89:5d:fa:2a:85:9a:49:6f:9c:81:71:d3:
         fb:89:78:f5:73:24:d6:4c:b4:02:1d:9a:9f:de:12:33:09:13:
         e0:45:fc:07:49:bb:21:7f:a0:fd:e5:a8:a0:78:39:01:b1:e0:
         35:08:f3:d4:12:14:18:03:66:18:59:53:a7:a5:d8:8f:43:ba:
         5e:b0:c7:1c:35:04:4f:2e:4b:04:b5:74:9e:de:c1:19:f3:b2:
         db:db:fd:88:ae:20:17:12:bc:63:d3:18:27:2d:24:b4:e6:af:
         a8:cb:5b:e1:51:0d:7a:55:fa:70:bf:b9:78:98:52:b1:b3:35:
         9b:51:9e:01:ed:a1:17:a7:7e:a1:71:0b:62:03:b9:24:7e:56:
         33:a1:a1:10:3f:45:b5:ca:a6:b8:26:28:67:71:50:da:57:33:
         9d:1a:af:44:53:1d:38:3c:b0:68:e7:79:c0:e8:22:6a:9f:15:
         da:2b:8b:bc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbimHNcZPaAjEYdsRvLUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDY5Nzk0MzY3NjM5OWFjNWNhYzZhM2U0NzY1NDVhZjBk
ZjQ5ZGQwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDVhMTNjNTBlODY5YmRkMmE2NDZlMmM1MWNkYTM3ODBhNTViMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0DQdQoTw89mK1zv2TKlL7/ZA/ZG
dIzBJDy9GjVAmYeltASRmNintY+4+VF9Id6cDGi5Gu+H5WKiGkG3TxKc1lDcQoB3
PFzmfbQ+ZZd84qQtyBtVRBoXgX1/R1zINQeBuRGL2xDCftZUH3nEZVYy4pieQqk7
mbOM0ndC0m9YuKrap4fL2u855Voy7XNOTkRTn7DnQzjpaKkSEr8QdJ5ysmGj14nr
OQ6xCkhD8IXUdqNFBIcBlfCya9URkb0IZH4xi0rFncpuznHdsGHsgMMA4FifLnt4
Imf9DFcfGCeTJDaBDAFrce0yXHdAInlDSaPQymz8HXEbvvj5nHAyur3+dQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLBaE8UOhpvdKmRuLFHNo3gKVbEuMB8GA1UdIwQY
MBaAFNUGl5Q2djmaxcrGo+R2VFrw30ndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2Yt
OGQyM2FjNWNiNTAyLzEvc0ZvVHhRNkdtOTBxWkc0c1VjMmplQXBWc1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2YtOGQyM2FjNWNiNTAy
LzEvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgObgEAw
DQYJKoZIhvcNAQELBQADggEBADkhX9TwfouMvnD7zIgSTYTH0as3Ga03RYZqMEtR
J6ffTeRdCB8h7qhrOqoL33gLPT0GsN6VvG47Ksr/kqvYWd/OaIC8p4Z9ehTXKmhs
jYld+iqFmklvnIFx0/uJePVzJNZMtAIdmp/eEjMJE+BF/AdJuyF/oP3lqKB4OQGx
4DUI89QSFBgDZhhZU6el2I9Dul6wxxw1BE8uSwS1dJ7ewRnzstvb/YiuIBcSvGPT
GCctJLTmr6jLW+FRDXpV+nC/uXiYUrGzNZtRngHtoRenfqFxC2IDuSR+VjOhoRA/
RbXKprgmKGdxUNpXM50ar0RTHTg8sGjnecDoImqfFdori7w=
-----END CERTIFICATE-----