Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Z3_jxRqta6bKkS96xtdALgr8imo.roa
File:                     Z3_jxRqta6bKkS96xtdALgr8imo.roa (raw, json)
Hash identifier:          J5L4vDm++iCCXqskXHK//EjM7zW/M1QjTnI6UccmE8A=
Subject key identifier:   67:7F:E3:C5:1A:AD:6B:A6:CA:91:2F:7A:C6:D7:40:2E:0A:FC:8A:6A
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC07C3267F367B6A8400089C668DF6
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Z3_jxRqta6bKkS96xtdALgr8imo.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     945
IP address blocks:        2a05:b0c6:b00b::/48 maxlen: 48
                          2a05:b0c7:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:07:c3:26:7f:36:7b:6a:84:00:08:9c:66:8d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=677fe3c51aad6ba6ca912f7ac6d7402e0afc8a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f8:a7:b0:80:a0:20:44:23:7f:4a:c9:b8:c8:
                    f6:99:ce:28:0c:e0:42:15:d0:19:2e:e6:27:e5:ea:
                    ee:a5:e4:12:94:d9:4e:04:97:56:4f:1b:a7:37:7f:
                    b4:76:68:aa:1e:1f:2e:cf:7e:41:2a:56:df:eb:da:
                    db:e1:8d:6d:2f:13:e7:3b:97:23:79:ac:2f:59:90:
                    ca:e4:40:c6:88:b3:f1:34:81:03:27:b0:7e:bb:55:
                    27:f5:57:9d:44:b7:1b:c8:e7:35:9d:6a:f1:d0:14:
                    61:a6:51:4c:25:f7:0c:d8:8e:0f:6f:1e:8b:9f:d6:
                    a0:4b:eb:1b:d8:99:66:6b:dc:ce:84:91:29:37:1a:
                    41:ce:97:62:21:50:85:0f:83:9f:7b:cb:90:32:79:
                    b3:cc:3e:60:20:4c:c3:05:c6:dc:8d:0d:20:32:82:
                    7e:c1:73:8c:db:40:f0:85:ca:ae:89:e4:7f:4a:43:
                    ff:93:72:24:ab:79:3e:c0:68:ed:9c:9e:e8:30:89:
                    19:ce:16:20:82:57:b7:70:42:dd:54:dd:15:5d:1e:
                    8b:f5:63:ba:39:8e:7c:eb:a2:bf:f4:05:11:b9:db:
                    64:2f:d0:3f:23:16:ec:33:b6:d1:6f:ef:65:e7:ef:
                    af:80:3f:24:31:8c:ba:17:36:36:67:79:56:d2:3f:
                    1b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7F:E3:C5:1A:AD:6B:A6:CA:91:2F:7A:C6:D7:40:2E:0A:FC:8A:6A
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Z3_jxRqta6bKkS96xtdALgr8imo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c6:b00b::/48
                  2a05:b0c7:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:10:ea:b0:0d:6a:56:f7:f4:a4:c6:32:d4:50:ca:c6:16:63:
         d9:ef:49:3e:1e:1c:33:d9:7a:bf:b1:4b:4a:79:14:8e:65:e3:
         99:08:c7:1b:c5:4c:50:f9:92:db:70:15:9d:87:66:ef:ea:d3:
         93:a1:f4:2e:59:72:87:b9:05:18:0b:44:c5:ef:f4:df:25:66:
         46:da:b7:89:58:b9:51:58:a0:fe:72:d8:00:73:d7:3e:d6:99:
         d4:fc:9f:b5:31:73:42:59:3e:02:b1:09:f1:c8:3d:c1:00:94:
         72:7a:38:82:e4:97:37:ca:fc:03:7d:e0:bc:2c:1f:62:b3:5f:
         2c:4b:ee:c5:83:8e:91:ec:eb:65:5c:2e:dc:ec:b8:29:89:30:
         ff:ae:0c:34:df:1b:b7:c6:95:d2:48:e4:23:35:53:55:6d:5f:
         a6:67:3f:91:34:27:7a:52:e6:48:0c:51:35:9a:5a:4d:71:5e:
         7c:78:85:6f:17:4b:67:da:a4:47:9e:4f:a8:02:08:20:56:59:
         0b:28:92:fe:54:02:b6:9b:4d:ba:c7:6e:c5:f2:18:09:2a:87:
         1a:7a:46:06:a6:4a:bf:f6:55:b3:3a:4b:98:d6:55:51:a2:97:
         fe:cf:85:5a:19:55:de:94:88:eb:9a:fe:43:92:67:5e:cd:b0:
         df:33:cf:62
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3AfDJn82e2qEAAicZo32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdmZTNjNTFhYWQ2YmE2Y2E5MTJmN2FjNmQ3NDAyZTBhZmM4YTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/insICgIEQjf0rJuMj2mc4oDOBC
FdAZLuYn5erupeQSlNlOBJdWTxunN3+0dmiqHh8uz35BKlbf69rb4Y1tLxPnO5cj
eawvWZDK5EDGiLPxNIEDJ7B+u1Un9VedRLcbyOc1nWrx0BRhplFMJfcM2I4Pbx6L
n9agS+sb2Jlma9zOhJEpNxpBzpdiIVCFD4Ofe8uQMnmzzD5gIEzDBcbcjQ0gMoJ+
wXOM20DwhcquieR/SkP/k3Ikq3k+wGjtnJ7oMIkZzhYggle3cELdVN0VXR6L9WO6
OY5866K/9AURudtkL9A/IxbsM7bRb+9l5++vgD8kMYy6FzY2Z3lW0j8bTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGd/48UarWumypEvesbXQC4K/IpqMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvWjNfanhScXRhNmJLa1M5Nnh0ZEFMZ3I4aW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWwxrAL
AwcAKgWwx7ALMA0GCSqGSIb3DQEBCwUAA4IBAQBpEOqwDWpW9/SkxjLUUMrGFmPZ
70k+Hhwz2Xq/sUtKeRSOZeOZCMcbxUxQ+ZLbcBWdh2bv6tOTofQuWXKHuQUYC0TF
7/TfJWZG2reJWLlRWKD+ctgAc9c+1pnU/J+1MXNCWT4CsQnxyD3BAJRyejiC5Jc3
yvwDfeC8LB9is18sS+7Fg46R7OtlXC7c7LgpiTD/rgw03xu3xpXSSOQjNVNVbV+m
Zz+RNCd6UuZIDFE1mlpNcV58eIVvF0tn2qRHnk+oAgggVlkLKJL+VAK2m026x27F
8hgJKocaekYGpkq/9lWzOkuY1lVRopf+z4VaGVXelIjrmv5DkmdezbDfM89i
-----END CERTIFICATE-----