Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/243LcNwDLzASFwYrHUjs2ff_EwQ.roa
File:                     243LcNwDLzASFwYrHUjs2ff_EwQ.roa (raw, json)
Hash identifier:          8HxC0wEpKmtP4YbFxPrVR+b17RHG3Cqk6n0QbQWrq18=
Subject key identifier:   DB:8D:CB:70:DC:03:2F:30:12:17:06:2B:1D:48:EC:D9:F7:FF:13:04
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0F3AFBD0BE16CA7D3562F758E8FF
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/243LcNwDLzASFwYrHUjs2ff_EwQ.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400818
IP address blocks:        2a05:b0c7:1800::/48 maxlen: 48
                          2a05:b0c7:1800::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0f:3a:fb:d0:be:16:ca:7d:35:62:f7:58:e8:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db8dcb70dc032f301217062b1d48ecd9f7ff1304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:31:b6:c1:6d:a8:cd:37:95:f9:41:6b:1e:dc:
                    8d:45:4d:6b:82:de:4d:de:c9:c7:57:dc:57:f5:47:
                    20:d8:0a:c8:24:e7:8b:20:92:df:f0:db:eb:4d:c1:
                    8f:9b:8a:22:e1:34:05:cd:26:81:db:2b:bc:ca:68:
                    22:af:35:f5:48:b0:e6:69:5e:0e:49:53:9f:48:40:
                    b4:ff:01:26:f1:50:e2:fd:c4:58:0b:a1:1f:b7:38:
                    60:25:f3:0d:00:4a:e3:6d:5e:eb:59:44:71:ce:d9:
                    3e:ae:58:4d:19:c1:86:07:77:65:c9:51:d9:15:7c:
                    2e:e1:73:2e:73:20:60:74:b4:e7:fb:2a:9c:a4:40:
                    26:30:a1:76:a9:1c:58:4a:c9:8b:36:e9:f5:52:3f:
                    9d:55:87:4e:b1:f9:bd:44:17:df:4a:c4:5f:1e:a8:
                    52:f1:a8:84:dc:74:64:42:ef:a3:7a:ae:7f:69:17:
                    69:6c:77:9f:e1:27:f8:78:fe:0e:66:a3:a2:98:d5:
                    bb:ba:91:13:18:cd:bd:65:a2:3c:52:30:39:ca:76:
                    8d:6e:c4:21:2b:28:83:9a:4d:f9:0c:52:67:a6:a7:
                    9a:af:14:46:05:96:d0:c7:ff:66:db:31:bc:65:bf:
                    30:7f:09:3c:39:c3:77:23:51:a0:ee:7d:4d:37:09:
                    8d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8D:CB:70:DC:03:2F:30:12:17:06:2B:1D:48:EC:D9:F7:FF:13:04
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/243LcNwDLzASFwYrHUjs2ff_EwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:1800::/44

    Signature Algorithm: sha256WithRSAEncryption
         23:a0:4a:f1:cd:1d:e4:86:44:1d:ee:23:a4:b1:da:1a:06:e4:
         07:d0:38:2c:e4:5b:7a:64:39:d8:61:26:ab:e7:a7:8a:6c:92:
         cf:ad:05:08:ff:ea:d4:9a:ae:a1:f6:7e:e6:98:0f:1c:b4:63:
         40:de:b6:1d:a9:6d:28:f9:4d:be:97:72:51:25:98:f2:76:b0:
         1b:ea:e0:1c:26:fd:4f:1f:88:9e:87:5d:1a:7c:41:b3:e0:4a:
         43:ba:58:df:21:56:9f:af:2a:2b:b0:c8:8c:c4:7f:4a:22:b0:
         40:16:66:f8:95:54:79:b4:39:a6:ee:01:ec:aa:ee:f9:35:e6:
         2a:1c:4e:84:d4:d2:fa:b9:c1:66:23:10:cc:9a:ce:03:ef:54:
         43:8e:81:70:0d:91:47:4a:04:16:aa:f6:de:db:bf:d2:13:31:
         f0:69:44:07:b7:15:1e:0c:f1:db:3e:91:54:74:db:ba:e4:ba:
         ff:1f:64:31:7a:2d:7d:45:4d:ff:49:3a:67:d8:9b:99:38:7c:
         c2:76:5d:8b:79:79:11:a5:66:1c:5d:ae:71:7d:e1:0b:d4:0d:
         17:7e:ac:eb:4f:15:db:ff:52:66:f6:be:35:7a:f2:42:dc:22:
         36:83:cf:b2:5a:96:88:07:9c:bb:6b:f0:dc:2b:28:06:52:9e:
         21:7f:f7:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3A86+9C+Fsp9NWL3WOj/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhkY2I3MGRjMDMyZjMwMTIxNzA2MmIxZDQ4ZWNkOWY3ZmYxMzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTG2wW2ozTeV+UFrHtyNRU1rgt5N
3snHV9xX9Ucg2ArIJOeLIJLf8NvrTcGPm4oi4TQFzSaB2yu8ymgirzX1SLDmaV4O
SVOfSEC0/wEm8VDi/cRYC6EftzhgJfMNAErjbV7rWURxztk+rlhNGcGGB3dlyVHZ
FXwu4XMucyBgdLTn+yqcpEAmMKF2qRxYSsmLNun1Uj+dVYdOsfm9RBffSsRfHqhS
8aiE3HRkQu+jeq5/aRdpbHef4Sf4eP4OZqOimNW7upETGM29ZaI8UjA5ynaNbsQh
KyiDmk35DFJnpqearxRGBZbQx/9m2zG8Zb8wfwk8OcN3I1Gg7n1NNwmNLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuNy3DcAy8wEhcGKx1I7Nn3/xMEMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvMjQzTGNOd0RMekFTRndZckhVanMyZmZfRXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgWwxxgA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjoErxzR3khkQd7iOksdoaBuQH0Dgs5Ft6ZDnY
YSar56eKbJLPrQUI/+rUmq6h9n7mmA8ctGNA3rYdqW0o+U2+l3JRJZjydrAb6uAc
Jv1PH4ieh10afEGz4EpDuljfIVafryorsMiMxH9KIrBAFmb4lVR5tDmm7gHsqu75
NeYqHE6E1NL6ucFmIxDMms4D71RDjoFwDZFHSgQWqvbe27/SEzHwaUQHtxUeDPHb
PpFUdNu65Lr/H2Qxei19RU3/STpn2JuZOHzCdl2LeXkRpWYcXa5xfeEL1A0Xfqzr
TxXb/1Jm9r41evJC3CI2g8+yWpaIB5y7a/DcKygGUp4hf/eu
-----END CERTIFICATE-----