Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/HcbJeZ3nJat24Mmi8ALcj6JbJg4.roa
File:                     HcbJeZ3nJat24Mmi8ALcj6JbJg4.roa (raw, json)
Hash identifier:          Oy3OQC/9qmak3iKrhYPq2rMpRngywcuwjIBKZ1JkHmM=
Subject key identifier:   1D:C6:C9:79:9D:E7:25:AB:76:E0:C9:A2:F0:02:DC:8F:A2:5B:26:0E
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC08DAC08086733C05649EE35F5E6C
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/HcbJeZ3nJat24Mmi8ALcj6JbJg4.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47924
IP address blocks:        2a05:b0c7:300::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 01:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:08:da:c0:80:86:73:3c:05:64:9e:e3:5f:5e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dc6c9799de725ab76e0c9a2f002dc8fa25b260e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fc:73:cc:a5:d4:90:6c:d4:21:84:68:42:bb:
                    f4:2c:bd:99:25:33:7c:5c:14:a9:70:03:7a:bc:e5:
                    2d:8a:13:cb:e1:02:42:2f:aa:11:19:55:24:31:a3:
                    04:2c:f9:22:a1:66:17:96:fa:a1:d8:a4:02:1f:72:
                    e6:f6:b3:53:de:98:76:ab:c6:84:2e:b4:41:2f:d2:
                    d6:bd:d6:55:04:0d:37:63:0c:44:a7:66:60:52:02:
                    d2:0d:53:b7:1e:cb:f7:a9:81:a6:e6:b4:f6:46:b2:
                    c8:cd:eb:1a:2a:df:3a:c0:10:d7:a1:9a:39:4a:f3:
                    97:3d:fb:7b:07:80:ee:85:d4:0a:7a:f2:9d:fb:eb:
                    cf:4c:2b:23:a2:47:c4:23:72:2a:e9:d8:6a:83:7d:
                    0f:8a:e6:ba:3d:c2:fe:91:68:13:1e:7e:6a:0a:71:
                    03:e0:77:f5:db:8f:a0:17:42:4f:61:8c:6d:eb:23:
                    15:72:31:f9:3b:51:f1:7b:18:9e:eb:f0:84:9e:bc:
                    b1:8e:fa:0d:c6:8e:ce:89:3b:06:b9:d9:7f:ac:fe:
                    76:16:ec:27:00:98:d4:fd:8f:18:ab:03:db:bf:50:
                    87:b0:5a:5a:c0:28:eb:9e:79:39:0e:54:68:31:4a:
                    08:7d:5a:1f:f0:5c:e4:8f:e2:fc:22:a6:2c:9a:58:
                    54:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C6:C9:79:9D:E7:25:AB:76:E0:C9:A2:F0:02:DC:8F:A2:5B:26:0E
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/HcbJeZ3nJat24Mmi8ALcj6JbJg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:300::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:f8:f5:bf:20:74:ac:95:19:1d:c8:61:ec:73:b0:b2:b0:45:
         39:35:a0:b3:82:70:ad:bc:bd:0d:cb:47:a7:12:3e:35:61:fb:
         76:49:62:e1:28:f1:05:14:fe:d6:eb:6b:c9:d2:fd:bc:c1:93:
         b3:26:75:ee:f9:71:41:29:c4:76:9b:23:d2:b2:fd:1f:5b:0b:
         1c:90:c3:2a:5c:fd:48:6c:a7:ed:4c:7c:8b:73:cf:18:50:4e:
         8d:9e:53:65:50:ed:a7:48:4a:ff:8b:93:49:25:23:3a:b6:93:
         49:39:b6:b0:f9:7d:3a:2a:e2:0c:9f:99:98:7a:24:a5:39:31:
         57:7c:8e:18:65:11:c7:65:e7:9b:ae:20:ed:0b:e0:71:87:9b:
         4d:e1:70:d5:cc:a3:75:1d:50:0e:b7:56:3b:f8:0d:bc:e4:7b:
         4d:b7:cf:18:9c:5f:5a:1b:80:95:28:20:48:00:44:bd:31:66:
         4c:f4:c9:09:55:fd:c0:82:ea:c7:dc:d1:77:5c:26:89:d7:4e:
         0d:85:81:7c:48:a7:da:a4:9e:a7:4a:03:c6:84:8f:1c:8d:e0:
         9c:a2:67:4f:fd:e9:80:67:e7:e9:33:15:6a:27:1c:0f:98:4c:
         7f:79:7f:af:17:aa:48:a5:57:1a:4c:5e:19:4d:50:2d:c8:eb:
         d7:e8:04:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3AjawICGczwFZJ7jX15sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGM2Yzk3OTlkZTcyNWFiNzZlMGM5YTJmMDAyZGM4ZmEyNWIyNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvxzzKXUkGzUIYRoQrv0LL2ZJTN8
XBSpcAN6vOUtihPL4QJCL6oRGVUkMaMELPkioWYXlvqh2KQCH3Lm9rNT3ph2q8aE
LrRBL9LWvdZVBA03YwxEp2ZgUgLSDVO3Hsv3qYGm5rT2RrLIzesaKt86wBDXoZo5
SvOXPft7B4DuhdQKevKd++vPTCsjokfEI3Iq6dhqg30Piua6PcL+kWgTHn5qCnED
4Hf124+gF0JPYYxt6yMVcjH5O1Hxexie6/CEnryxjvoNxo7OiTsGudl/rP52Fuwn
AJjU/Y8YqwPbv1CHsFpawCjrnnk5DlRoMUoIfVof8Fzkj+L8IqYsmlhU1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB3GyXmd5yWrduDJovAC3I+iWyYOMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvSGNiSmVaM25KYXQyNE1taThBTGNqNkpiSmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWwxwMA
MA0GCSqGSIb3DQEBCwUAA4IBAQAb+PW/IHSslRkdyGHsc7CysEU5NaCzgnCtvL0N
y0enEj41Yft2SWLhKPEFFP7W62vJ0v28wZOzJnXu+XFBKcR2myPSsv0fWwsckMMq
XP1IbKftTHyLc88YUE6NnlNlUO2nSEr/i5NJJSM6tpNJObaw+X06KuIMn5mYeiSl
OTFXfI4YZRHHZeebriDtC+Bxh5tN4XDVzKN1HVAOt1Y7+A285HtNt88YnF9aG4CV
KCBIAES9MWZM9MkJVf3AgurH3NF3XCaJ104NhYF8SKfapJ6nSgPGhI8cjeCcomdP
/emAZ+fpMxVqJxwPmEx/eX+vF6pIpVcaTF4ZTVAtyOvX6AS9
-----END CERTIFICATE-----