Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/93uDTqiDk5Y6zluqZBHW7E0mnxY.roa
File:                     93uDTqiDk5Y6zluqZBHW7E0mnxY.roa (raw, json)
Hash identifier:          NcVLCSXVplDv7JYafVZ09Z2FfV0ZL/eLS2c6flhO1kA=
Subject key identifier:   F7:7B:83:4E:A8:83:93:96:3A:CE:5B:AA:64:11:D6:EC:4D:26:9F:16
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0E4B39B445F29298D0D9774BDE18
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/93uDTqiDk5Y6zluqZBHW7E0mnxY.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211139
IP address blocks:        2a05:b0c6:6006::/48 maxlen: 48
                          2a05:b0c6:6000::/48 maxlen: 48
                          2a05:b0c6:6007::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0e:4b:39:b4:45:f2:92:98:d0:d9:77:4b:de:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f77b834ea88393963ace5baa6411d6ec4d269f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:77:27:f9:48:a9:e1:11:08:e2:62:bc:95:99:
                    55:9e:01:9a:5e:31:6d:9e:25:73:bc:ff:cd:24:89:
                    fe:51:5b:1e:86:05:bc:5c:b3:1a:75:a3:fb:1a:de:
                    74:f2:ec:74:85:24:0b:8a:1e:20:b7:a1:26:fd:03:
                    13:11:e6:8c:e2:c1:23:d2:08:3d:7c:c0:19:67:81:
                    97:3c:44:78:c0:25:ea:f9:97:93:18:b3:d2:65:3d:
                    67:52:b3:6a:51:90:4e:80:c5:87:4d:ac:74:d9:25:
                    f7:02:15:a6:7f:0f:1c:fe:03:a7:bf:ba:04:cd:87:
                    aa:cf:64:9e:0d:7e:af:d9:ec:bf:9b:fa:40:2d:81:
                    67:97:a6:62:30:be:9e:ef:57:9a:39:3b:22:36:5c:
                    b8:e7:b6:71:c6:68:64:1e:3a:74:47:a1:64:1b:88:
                    b6:10:d2:42:f9:37:8d:1a:8b:51:1d:14:f5:9c:d2:
                    e1:90:5e:80:e0:6e:ad:42:29:9b:79:74:2d:e4:67:
                    6f:0d:c8:71:b8:e5:5b:d3:10:7e:14:af:2c:ca:8f:
                    a4:d3:de:80:3e:85:b1:4d:c3:dc:1e:94:60:2d:3b:
                    c6:00:3b:43:28:0f:6a:57:4b:e3:0c:98:a8:49:27:
                    18:e9:b1:c1:0b:b6:31:a2:81:6b:7d:d9:2c:4b:a1:
                    53:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:7B:83:4E:A8:83:93:96:3A:CE:5B:AA:64:11:D6:EC:4D:26:9F:16
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/93uDTqiDk5Y6zluqZBHW7E0mnxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c6:6000::/48
                  2a05:b0c6:6006::/47

    Signature Algorithm: sha256WithRSAEncryption
         55:87:32:2d:59:a7:ff:ba:3a:f3:99:6f:49:7f:b6:ad:4d:d4:
         21:93:c6:69:07:25:84:f0:28:84:16:da:6e:8d:90:58:37:88:
         07:7c:bb:0e:62:bf:a2:29:0d:2d:98:42:91:9d:7b:d9:e5:89:
         90:37:2d:74:54:9e:c1:cc:ec:d5:3d:ff:11:58:6d:e7:2b:ce:
         12:b8:20:2a:36:2c:86:d1:91:4b:c1:66:de:6e:f1:00:cb:3c:
         a0:d5:dd:77:80:0c:9d:5d:9e:dc:00:c2:15:60:ba:c3:73:d7:
         18:1b:0b:28:09:60:0e:ba:c5:80:61:4e:be:9b:ce:2d:c2:20:
         5b:e9:2c:19:94:b6:99:fd:36:f7:31:e2:d2:d4:64:6f:01:36:
         2a:58:14:f9:54:fa:06:38:fb:cd:3e:21:66:d6:93:73:de:d6:
         fc:7d:ba:b2:7d:09:43:10:dd:40:87:e1:31:93:c1:78:87:d7:
         cc:ea:25:4f:f5:bb:8c:f3:96:dc:a2:a8:2c:18:81:d8:f9:e3:
         aa:15:a9:fd:d9:a5:42:77:83:57:4b:85:56:2b:fa:d9:04:8c:
         4d:b2:ca:a8:6e:7e:78:db:82:4a:9d:28:9c:63:29:44:76:69:
         f5:7b:96:bc:56:60:05:8b:0c:c6:7c:2a:f9:fe:d9:c5:0e:47:
         c6:0b:8b:e6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3A5LObRF8pKY0Nl3S94YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzdiODM0ZWE4ODM5Mzk2M2FjZTViYWE2NDExZDZlYzRkMjY5ZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Hcn+Uip4REI4mK8lZlVngGaXjFt
niVzvP/NJIn+UVsehgW8XLMadaP7Gt508ux0hSQLih4gt6Em/QMTEeaM4sEj0gg9
fMAZZ4GXPER4wCXq+ZeTGLPSZT1nUrNqUZBOgMWHTax02SX3AhWmfw8c/gOnv7oE
zYeqz2SeDX6v2ey/m/pALYFnl6ZiML6e71eaOTsiNly457ZxxmhkHjp0R6FkG4i2
ENJC+TeNGotRHRT1nNLhkF6A4G6tQimbeXQt5GdvDchxuOVb0xB+FK8syo+k096A
PoWxTcPcHpRgLTvGADtDKA9qV0vjDJioSScY6bHBC7YxooFrfdksS6FTKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPd7g06og5OWOs5bqmQR1uxNJp8WMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvOTN1RFRxaURrNVk2emx1cVpCSFc3RTBtbnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWwxmAA
AwcBKgWwxmAGMA0GCSqGSIb3DQEBCwUAA4IBAQBVhzItWaf/ujrzmW9Jf7atTdQh
k8ZpByWE8CiEFtpujZBYN4gHfLsOYr+iKQ0tmEKRnXvZ5YmQNy10VJ7BzOzVPf8R
WG3nK84SuCAqNiyG0ZFLwWbebvEAyzyg1d13gAydXZ7cAMIVYLrDc9cYGwsoCWAO
usWAYU6+m84twiBb6SwZlLaZ/Tb3MeLS1GRvATYqWBT5VPoGOPvNPiFm1pNz3tb8
fbqyfQlDEN1Ah+Exk8F4h9fM6iVP9buM85bcoqgsGIHY+eOqFan92aVCd4NXS4VW
K/rZBIxNssqobn5424JKnSicYylEdmn1e5a8VmAFiwzGfCr5/tnFDkfGC4vm
-----END CERTIFICATE-----