Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/dZcXYq-ZyD60kg0PxYAYThvnBTs.roa
File:                     dZcXYq-ZyD60kg0PxYAYThvnBTs.roa (raw, json)
Hash identifier:          nZBEmCZQA4iOJ169/8n4mn+1uWMCWZr9cZ1O2U7BNi4=
Subject key identifier:   75:97:17:62:AF:99:C8:3E:B4:92:0D:0F:C5:80:18:4E:1B:E7:05:3B
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       018CC87152BC93B6E1C8C357DCE762022586
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/dZcXYq-ZyD60kg0PxYAYThvnBTs.roa
Signing time:             Tue 02 Jan 2024 04:31:59 +0000
ROA not before:           Tue 02 Jan 2024 04:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203252
IP address blocks:        2a02:eb00:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:52:bc:93:b6:e1:c8:c3:57:dc:e7:62:02:25:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75971762af99c83eb4920d0fc580184e1be7053b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5c:55:0c:54:e2:4e:57:9c:12:85:da:15:fa:
                    29:cb:df:04:8c:91:a6:ec:70:0f:f0:88:fd:b5:e3:
                    30:7a:62:92:9d:77:06:27:bb:7b:38:ad:2f:31:05:
                    d1:b2:42:61:8e:38:23:a8:e3:1c:d9:3b:1b:d0:15:
                    6e:79:65:65:b0:e8:0e:b7:70:85:e2:c8:df:bc:be:
                    6e:16:63:76:6e:88:66:99:72:fd:f5:91:71:55:f0:
                    a5:20:e0:fd:26:2d:d2:fb:59:3a:81:5a:d3:8c:f9:
                    40:0d:56:e1:c2:81:c2:da:14:7b:40:82:e7:90:2b:
                    0b:2d:00:07:d9:64:69:d2:1c:77:01:e4:1c:7d:eb:
                    6b:0c:fc:70:0b:43:0a:c8:8f:72:90:15:74:6d:46:
                    02:e4:de:81:0b:79:4b:5b:e9:96:86:1e:a6:5a:86:
                    73:1a:de:d0:e8:b1:eb:bb:26:9e:64:0e:04:08:53:
                    db:f2:bc:cb:46:1a:c9:2c:fa:7c:27:0c:09:48:4d:
                    05:dc:fa:89:49:bc:d9:a7:93:55:d1:1d:6e:a3:11:
                    5c:b5:69:96:e4:1a:49:a6:51:7e:09:82:d5:63:b1:
                    ff:27:44:32:1e:55:ba:db:d0:96:c5:a5:86:6c:ab:
                    6d:77:d6:66:41:d9:47:8c:38:6f:c0:ab:db:cf:fe:
                    49:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:97:17:62:AF:99:C8:3E:B4:92:0D:0F:C5:80:18:4E:1B:E7:05:3B
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/dZcXYq-ZyD60kg0PxYAYThvnBTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:eb00:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:f2:45:6d:ad:93:5b:9c:4b:1f:85:58:39:e3:a5:9c:19:90:
         df:7f:18:52:52:8e:ad:e5:41:90:3b:57:b2:21:84:04:fe:db:
         9f:83:d3:23:a4:57:fb:b0:5d:ec:06:d6:5b:82:df:bd:fa:83:
         67:07:6a:cc:6d:48:66:83:2d:b3:9a:aa:5e:dd:c3:24:54:18:
         ee:6c:40:e5:4d:c6:78:84:09:6d:a9:8a:16:ad:da:bd:5a:31:
         8f:75:ad:dd:ae:a6:0e:2d:d4:0a:8f:2b:76:7a:97:91:66:02:
         7f:bf:2f:ac:fc:b6:fa:fa:7c:ed:13:ec:4c:3d:98:7a:38:9e:
         92:3f:a0:63:de:a9:03:51:91:f8:b0:0e:f1:87:54:d1:33:c1:
         36:d0:ff:8e:b7:3a:e8:d2:5d:a2:a3:11:17:fb:c8:a4:d7:f2:
         70:b1:bc:b1:ae:7b:94:e9:e7:66:06:70:c5:4c:08:97:db:4f:
         6b:32:e3:87:8b:80:b3:9b:a1:ab:14:6f:47:09:a5:a3:9d:55:
         10:68:d0:42:93:49:c9:83:1d:0d:a8:ab:61:dc:c7:fc:73:69:
         54:2e:3e:a2:96:9b:59:85:b0:76:79:69:88:25:9b:61:5f:d6:
         d8:eb:61:09:84:98:4f:08:fb:0f:58:be:f2:54:bb:97:e0:dd:
         aa:e5:a2:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcVK8k7bhyMNX3OdiAiWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTk3MTc2MmFmOTljODNlYjQ5MjBkMGZjNTgwMTg0ZTFiZTcwNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1xVDFTiTlecEoXaFfopy98EjJGm
7HAP8Ij9teMwemKSnXcGJ7t7OK0vMQXRskJhjjgjqOMc2Tsb0BVueWVlsOgOt3CF
4sjfvL5uFmN2bohmmXL99ZFxVfClIOD9Ji3S+1k6gVrTjPlADVbhwoHC2hR7QILn
kCsLLQAH2WRp0hx3AeQcfetrDPxwC0MKyI9ykBV0bUYC5N6BC3lLW+mWhh6mWoZz
Gt7Q6LHruyaeZA4ECFPb8rzLRhrJLPp8JwwJSE0F3PqJSbzZp5NV0R1uoxFctWmW
5BpJplF+CYLVY7H/J0QyHlW629CWxaWGbKttd9ZmQdlHjDhvwKvbz/5JoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHWXF2Kvmcg+tJIND8WAGE4b5wU7MB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvZFpjWFlxLVp5RDYwa2cwUHhZQVlUaHZuQlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLrAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBl8kVtrZNbnEsfhVg546WcGZDffxhSUo6t5UGQ
O1eyIYQE/tufg9MjpFf7sF3sBtZbgt+9+oNnB2rMbUhmgy2zmqpe3cMkVBjubEDl
TcZ4hAltqYoWrdq9WjGPda3drqYOLdQKjyt2epeRZgJ/vy+s/Lb6+nztE+xMPZh6
OJ6SP6Bj3qkDUZH4sA7xh1TRM8E20P+Otzro0l2ioxEX+8ik1/JwsbyxrnuU6edm
BnDFTAiX209rMuOHi4Czm6GrFG9HCaWjnVUQaNBCk0nJgx0NqKth3Mf8c2lULj6i
lptZhbB2eWmIJZthX9bY62EJhJhPCPsPWL7yVLuX4N2q5aIU
-----END CERTIFICATE-----