Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/4qftpIAdQbg1YEL6rma0VXQgAxY.roa
File:                     4qftpIAdQbg1YEL6rma0VXQgAxY.roa (raw, json)
Hash identifier:          bUzWcJF6xrYZtZ0kCnyjHzNsSj2KkJEepQPKPlgYZrI=
Subject key identifier:   E2:A7:ED:A4:80:1D:41:B8:35:60:42:FA:AE:66:B4:55:74:20:03:16
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0C6E57BF89ECBBC675959679F068
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/4qftpIAdQbg1YEL6rma0VXQgAxY.roa
Signing time:             Mon 01 Jan 2024 16:29:41 +0000
ROA not before:           Mon 01 Jan 2024 16:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203531
IP address blocks:        2a05:b0c6:1000::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0c:6e:57:bf:89:ec:bb:c6:75:95:96:79:f0:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2a7eda4801d41b8356042faae66b45574200316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6c:2c:11:3c:e7:2a:09:c6:a1:7f:37:81:02:
                    95:70:2b:9d:59:d4:d0:3a:e9:96:dd:97:7f:9a:03:
                    74:21:53:70:8b:5a:29:68:47:af:19:0f:50:b3:c2:
                    1b:21:7d:2e:0c:58:e1:23:86:a9:3f:66:07:19:5e:
                    32:e5:bc:7f:fb:05:80:73:61:e2:9b:98:ea:53:5d:
                    7b:a5:bc:4e:f9:69:3c:fb:87:a2:c4:34:03:f5:d7:
                    f6:c4:ed:9a:06:51:93:a6:73:76:69:33:9a:dc:f2:
                    f9:0b:bd:b4:4a:37:d4:15:d0:bb:67:be:ce:70:55:
                    8b:16:66:61:9e:e5:09:4d:15:db:17:3a:1e:93:58:
                    2a:20:74:d2:0a:51:45:b6:ea:6c:31:5b:13:f1:fd:
                    d4:ea:3c:91:95:d4:d9:ef:81:57:b6:26:a4:2b:f4:
                    1c:61:72:2c:2d:20:df:16:5a:a7:f9:c0:b3:29:bd:
                    24:78:92:90:25:32:3e:df:0c:2c:ae:8b:5d:a4:a7:
                    3f:d3:c5:c2:98:12:58:e3:c2:46:69:49:be:5b:ef:
                    3d:91:df:f4:4b:54:2f:29:02:77:c9:6c:8a:0f:40:
                    21:c6:ca:e6:17:e9:d2:f1:65:a6:ca:37:3e:1b:c6:
                    83:fb:c6:cf:ff:8e:cb:81:e4:c0:64:32:74:74:fe:
                    a7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A7:ED:A4:80:1D:41:B8:35:60:42:FA:AE:66:B4:55:74:20:03:16
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/4qftpIAdQbg1YEL6rma0VXQgAxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c6:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:c3:28:dd:fa:8f:ef:9e:32:bf:90:3a:9d:75:ae:91:32:61:
         97:f6:47:04:31:6e:f8:5a:5d:6a:9d:ad:bd:92:bd:f0:ea:8c:
         f2:d0:7d:8a:5d:a5:50:2f:c8:54:50:ec:d1:3b:49:c8:45:5f:
         b5:6f:9c:ed:74:03:de:27:36:67:fe:a0:1c:d1:df:67:6f:f8:
         ab:06:8c:5e:bf:56:3f:78:7f:66:c2:79:e7:47:11:9f:77:8e:
         d4:31:22:b5:fd:c3:07:25:75:99:40:be:ae:59:1b:5e:83:4f:
         9b:92:f8:61:86:78:27:bc:20:8a:54:e1:38:7d:7f:84:35:4c:
         ef:41:60:57:e8:3a:e7:1d:45:80:60:f9:87:21:63:93:40:5b:
         61:d0:4d:ef:3d:ae:7b:c9:35:ef:4f:b8:23:08:50:f0:d1:d2:
         26:3a:70:c1:38:00:98:97:85:f9:b0:e6:38:7c:94:53:dc:30:
         45:c5:b3:2f:8e:6b:24:a2:31:99:f5:a3:93:8b:2f:bc:9a:1b:
         99:ae:e5:2a:54:d6:32:42:d4:db:8d:b5:f8:e8:d7:dc:3b:54:
         53:29:42:3f:0b:da:c4:3b:40:8a:88:ab:7e:1b:52:cf:a1:b0:
         a1:c0:ff:25:a0:4f:bb:68:73:f5:10:85:4a:8c:be:5c:07:3e:
         66:f3:4f:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3AxuV7+J7LvGdZWWefBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmE3ZWRhNDgwMWQ0MWI4MzU2MDQyZmFhZTY2YjQ1NTc0MjAwMzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2wsETznKgnGoX83gQKVcCudWdTQ
OumW3Zd/mgN0IVNwi1opaEevGQ9Qs8IbIX0uDFjhI4apP2YHGV4y5bx/+wWAc2Hi
m5jqU117pbxO+Wk8+4eixDQD9df2xO2aBlGTpnN2aTOa3PL5C720SjfUFdC7Z77O
cFWLFmZhnuUJTRXbFzoek1gqIHTSClFFtupsMVsT8f3U6jyRldTZ74FXtiakK/Qc
YXIsLSDfFlqn+cCzKb0keJKQJTI+3wwsrotdpKc/08XCmBJY48JGaUm+W+89kd/0
S1QvKQJ3yWyKD0AhxsrmF+nS8WWmyjc+G8aD+8bP/47LgeTAZDJ0dP6n7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOKn7aSAHUG4NWBC+q5mtFV0IAMWMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvNHFmdHBJQWRRYmcxWUVMNnJtYTBWWFFnQXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgWwxhAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4wyjd+o/vnjK/kDqdda6RMmGX9kcEMW74Wl1q
na29kr3w6ozy0H2KXaVQL8hUUOzRO0nIRV+1b5ztdAPeJzZn/qAc0d9nb/irBoxe
v1Y/eH9mwnnnRxGfd47UMSK1/cMHJXWZQL6uWRteg0+bkvhhhngnvCCKVOE4fX+E
NUzvQWBX6DrnHUWAYPmHIWOTQFth0E3vPa57yTXvT7gjCFDw0dImOnDBOACYl4X5
sOY4fJRT3DBFxbMvjmskojGZ9aOTiy+8mhuZruUqVNYyQtTbjbX46NfcO1RTKUI/
C9rEO0CKiKt+G1LPobChwP8loE+7aHP1EIVKjL5cBz5m80+K
-----END CERTIFICATE-----