Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/30b124-87f2-4c7a-bc0e-790775c779c5/1/ht-Ru9pUsQ0ZY8LYOD_JNMx_qfc.roa
File:                     ht-Ru9pUsQ0ZY8LYOD_JNMx_qfc.roa (raw, json)
Hash identifier:          KnMkPKGSIhwTtTsShW2+HIf9lYqQP0bXvpTMN40M6Os=
Subject key identifier:   86:DF:91:BB:DA:54:B1:0D:19:63:C2:D8:38:3F:C9:34:CC:7F:A9:F7
Certificate issuer:       /CN=7af6779e62b4612887fe6f8d4e9c0e3731f6e108
Certificate serial:       018CC9BBF524BCE171FE28E7D98BAA10D2E2
Authority key identifier: 7A:F6:77:9E:62:B4:61:28:87:FE:6F:8D:4E:9C:0E:37:31:F6:E1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evZ3nmK0YSiH_m-NTpwONzH24Qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/30b124-87f2-4c7a-bc0e-790775c779c5/1/ht-Ru9pUsQ0ZY8LYOD_JNMx_qfc.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208772
IP address blocks:        2a0f:d607::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/30b124-87f2-4c7a-bc0e-790775c779c5/1/evZ3nmK0YSiH_m-NTpwONzH24Qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/30b124-87f2-4c7a-bc0e-790775c779c5/1/evZ3nmK0YSiH_m-NTpwONzH24Qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evZ3nmK0YSiH_m-NTpwONzH24Qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f5:24:bc:e1:71:fe:28:e7:d9:8b:aa:10:d2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7af6779e62b4612887fe6f8d4e9c0e3731f6e108
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86df91bbda54b10d1963c2d8383fc934cc7fa9f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d0:01:d4:39:6e:6c:cb:f9:b2:f3:cc:1a:09:
                    0f:2b:45:dd:4b:e6:d0:f7:c5:18:bb:ac:5f:dc:63:
                    78:25:01:36:6d:2c:58:0d:24:88:2d:98:a2:ef:7a:
                    ab:8e:1f:1e:84:13:cf:50:39:46:4e:5a:c8:05:df:
                    83:a1:47:4c:00:9b:61:dc:e5:f9:0b:ca:2b:48:ec:
                    fb:83:69:6e:1c:4b:12:c4:b8:bd:91:f1:61:b3:e8:
                    f9:d4:f0:ea:c7:92:cc:84:01:7b:5b:52:e2:5b:fb:
                    17:55:e0:73:ba:4f:95:c0:a7:5c:fd:d3:83:1d:e3:
                    91:37:35:50:14:ed:1d:d4:7f:f7:67:79:a4:7e:b7:
                    38:17:f7:00:a9:b9:d3:ee:46:0c:67:b0:81:f2:1c:
                    ac:42:5c:75:de:ff:24:45:53:d1:67:10:34:e6:99:
                    87:f7:f0:c0:78:74:c4:fe:ac:36:3e:ae:6e:20:7a:
                    15:c9:32:ab:ab:9b:b3:b3:8d:a0:01:d4:49:28:e9:
                    f8:b6:b6:68:de:95:00:a1:a7:28:32:20:f6:9b:05:
                    a9:84:73:bf:46:a2:20:41:94:25:fa:1f:95:57:7e:
                    29:7b:61:82:c7:16:7e:c1:f4:02:dd:23:e0:24:2d:
                    6f:bb:ef:4d:7f:7b:ed:ea:0a:0d:84:5b:90:48:70:
                    8d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DF:91:BB:DA:54:B1:0D:19:63:C2:D8:38:3F:C9:34:CC:7F:A9:F7
            X509v3 Authority Key Identifier:
                keyid:7A:F6:77:9E:62:B4:61:28:87:FE:6F:8D:4E:9C:0E:37:31:F6:E1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evZ3nmK0YSiH_m-NTpwONzH24Qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/30b124-87f2-4c7a-bc0e-790775c779c5/1/ht-Ru9pUsQ0ZY8LYOD_JNMx_qfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/30b124-87f2-4c7a-bc0e-790775c779c5/1/evZ3nmK0YSiH_m-NTpwONzH24Qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:d607::/44

    Signature Algorithm: sha256WithRSAEncryption
         d5:d6:49:ae:5d:86:2a:67:f7:ed:57:88:91:7e:2b:f5:cb:db:
         13:be:ec:e6:4d:5a:e2:85:49:1a:df:b7:2b:64:93:53:4f:70:
         56:f0:ad:ec:36:23:b2:f7:25:c8:e2:62:43:01:eb:be:ea:01:
         a5:58:6b:7d:8f:71:ed:3b:56:91:6b:92:fd:8d:61:a9:85:1c:
         b4:fb:da:83:3f:5c:74:c7:b7:d6:6d:c5:ce:04:55:90:2f:15:
         e3:90:10:d8:2e:43:c4:4e:d1:b1:cc:38:3f:d4:39:f4:c0:17:
         5c:41:e2:9c:44:5b:e3:cd:c3:90:18:ff:c7:3a:ef:9c:00:eb:
         1a:2a:20:42:0b:ae:64:30:88:50:bd:01:98:85:a4:2d:3f:17:
         66:80:af:2e:14:8a:b8:90:66:6c:d5:8f:14:3b:94:c0:3e:e0:
         d8:57:62:15:25:78:99:f0:d8:0c:80:6c:5a:c4:d0:cd:14:3b:
         50:40:3b:e2:69:9f:a8:9a:4b:68:6c:26:a1:a6:10:81:ce:e1:
         cd:64:69:6f:08:aa:d5:70:82:97:4e:21:2d:f2:d6:16:d1:83:
         99:cd:34:8c:2b:c1:d9:9b:0f:e1:a0:be:41:ae:37:80:58:cc:
         8d:cd:a8:78:5e:c1:10:9b:eb:a8:b0:ff:0d:24:d3:66:7b:4c:
         33:cb:11:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu/UkvOFx/ijn2YuqENLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjY3NzllNjJiNDYxMjg4N2ZlNmY4ZDRlOWMwZTM3MzFm
NmUxMDgwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmRmOTFiYmRhNTRiMTBkMTk2M2MyZDgzODNmYzkzNGNjN2ZhOWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNAB1DlubMv5svPMGgkPK0XdS+bQ
98UYu6xf3GN4JQE2bSxYDSSILZii73qrjh8ehBPPUDlGTlrIBd+DoUdMAJth3OX5
C8orSOz7g2luHEsSxLi9kfFhs+j51PDqx5LMhAF7W1LiW/sXVeBzuk+VwKdc/dOD
HeORNzVQFO0d1H/3Z3mkfrc4F/cAqbnT7kYMZ7CB8hysQlx13v8kRVPRZxA05pmH
9/DAeHTE/qw2Pq5uIHoVyTKrq5uzs42gAdRJKOn4trZo3pUAoacoMiD2mwWphHO/
RqIgQZQl+h+VV34pe2GCxxZ+wfQC3SPgJC1vu+9Nf3vt6goNhFuQSHCNPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIbfkbvaVLENGWPC2Dg/yTTMf6n3MB8GA1UdIwQY
MBaAFHr2d55itGEoh/5vjU6cDjcx9uEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZaM25tSzBZU2lIX20tTlRwd09OekgyNFFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zMGIxMjQtODdmMi00YzdhLWJjMGUt
NzkwNzc1Yzc3OWM1LzEvaHQtUnU5cFVzUTBaWThMWU9EX0pOTXhfcWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zMGIxMjQtODdmMi00YzdhLWJjMGUtNzkwNzc1Yzc3OWM1
LzEvZXZaM25tSzBZU2lIX20tTlRwd09OekgyNFFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg/WBwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDV1kmuXYYqZ/ftV4iRfiv1y9sTvuzmTVrihUka
37crZJNTT3BW8K3sNiOy9yXI4mJDAeu+6gGlWGt9j3HtO1aRa5L9jWGphRy0+9qD
P1x0x7fWbcXOBFWQLxXjkBDYLkPETtGxzDg/1Dn0wBdcQeKcRFvjzcOQGP/HOu+c
AOsaKiBCC65kMIhQvQGYhaQtPxdmgK8uFIq4kGZs1Y8UO5TAPuDYV2IVJXiZ8NgM
gGxaxNDNFDtQQDviaZ+omktobCahphCBzuHNZGlvCKrVcIKXTiEt8tYW0YOZzTSM
K8HZmw/hoL5BrjeAWMyNzah4XsEQm+uosP8NJNNme0wzyxHR
-----END CERTIFICATE-----