Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/ZO5MFJsngPXsOMCLNwM_PfKZQMI.roa
File:                     ZO5MFJsngPXsOMCLNwM_PfKZQMI.roa (raw, json)
Hash identifier:          /PMMlJK60JDn2M/fUhpLHw20M4dkNS1K/mN5jJT2Qfs=
Subject key identifier:   64:EE:4C:14:9B:27:80:F5:EC:38:C0:8B:37:03:3F:3D:F2:99:40:C2
Certificate issuer:       /CN=5283073076e673a32b7dd6bcdc0fbcc16f37b6a1
Certificate serial:       018CC94E35F2CCCC357C22724AC69A92CE80
Authority key identifier: 52:83:07:30:76:E6:73:A3:2B:7D:D6:BC:DC:0F:BC:C1:6F:37:B6:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UoMHMHbmc6Mrfda83A-8wW83tqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/ZO5MFJsngPXsOMCLNwM_PfKZQMI.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3308
IP address blocks:        2a03:3b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/UoMHMHbmc6Mrfda83A-8wW83tqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/UoMHMHbmc6Mrfda83A-8wW83tqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UoMHMHbmc6Mrfda83A-8wW83tqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:35:f2:cc:cc:35:7c:22:72:4a:c6:9a:92:ce:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5283073076e673a32b7dd6bcdc0fbcc16f37b6a1
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64ee4c149b2780f5ec38c08b37033f3df29940c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:85:1b:ac:1c:67:15:d8:cb:63:e0:95:e5:17:
                    f0:60:a1:37:0e:ab:cf:13:f9:50:23:d9:a5:a1:fc:
                    74:06:a3:c1:0c:0c:2e:c5:f4:80:10:0e:74:e6:4c:
                    29:5f:5e:5d:d9:a4:fc:3f:93:90:13:33:ab:49:69:
                    7f:8d:23:07:6c:34:7e:3f:3a:fb:43:85:91:fd:36:
                    13:73:e3:97:99:3b:84:39:11:44:c6:77:4d:e4:57:
                    57:cc:ef:10:cb:f8:e7:9c:6a:37:da:c1:b4:21:36:
                    fb:b3:da:ae:80:d3:d6:59:40:c5:95:d3:89:6c:29:
                    54:45:f9:54:a4:53:3c:85:0b:d7:ce:24:90:87:51:
                    34:48:92:f0:d8:91:3b:e8:ef:b8:b0:31:d0:75:43:
                    e9:09:a7:a1:fd:ac:f8:52:c4:56:eb:e8:7e:5a:e6:
                    5a:7f:2f:44:e5:84:b9:f9:13:c1:33:34:50:a3:f7:
                    85:3c:58:49:48:11:0b:1c:1e:ed:f4:68:93:d8:66:
                    72:fc:90:55:3c:5b:6d:f6:54:21:cd:80:e2:81:84:
                    fe:9d:64:a3:4e:32:6e:d4:22:11:e9:df:57:05:f2:
                    fb:3c:bb:f3:bf:c6:4e:0c:1c:48:56:35:d1:3d:aa:
                    32:08:3f:5c:29:26:8f:e9:2e:7a:7d:21:5e:35:1f:
                    02:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:EE:4C:14:9B:27:80:F5:EC:38:C0:8B:37:03:3F:3D:F2:99:40:C2
            X509v3 Authority Key Identifier:
                keyid:52:83:07:30:76:E6:73:A3:2B:7D:D6:BC:DC:0F:BC:C1:6F:37:B6:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UoMHMHbmc6Mrfda83A-8wW83tqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/ZO5MFJsngPXsOMCLNwM_PfKZQMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/27e527-e02e-4c30-a86b-3c354d618b3a/1/UoMHMHbmc6Mrfda83A-8wW83tqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:3b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:25:06:d5:d4:ae:cc:21:40:19:04:d9:cf:e6:9c:00:ae:fc:
         fb:c4:5c:c4:a4:e8:1b:c5:33:61:01:3c:da:6c:f3:69:c1:28:
         95:9c:29:43:1e:05:c5:0a:e9:65:63:ab:8c:92:ef:9b:a5:f8:
         18:f3:38:6b:84:31:d0:47:d4:46:32:26:32:e0:41:39:f4:b8:
         9f:38:4d:62:84:f0:94:b5:49:5a:3f:fa:fb:65:17:97:63:17:
         9d:f9:f7:eb:d4:7a:d0:7a:b1:66:89:ac:94:d1:9b:00:d1:f2:
         81:27:72:dd:f5:32:59:03:c5:28:fb:f2:08:a2:ad:30:c9:1f:
         67:bd:d7:76:67:d0:18:7d:b6:f4:09:da:f9:c1:a3:b8:67:42:
         68:93:ef:2a:d8:b8:f3:15:e5:52:33:8d:76:ba:9a:c7:82:89:
         5a:d4:e8:cc:de:ca:07:e6:8e:8a:36:be:3b:33:e2:da:6f:f2:
         a6:c6:d8:78:7c:3f:6e:74:4f:bf:72:79:17:d1:68:49:9d:73:
         57:d9:b1:8b:02:b9:48:2e:e9:97:5f:92:22:ea:df:1e:72:db:
         37:13:88:72:1c:bd:e0:ea:33:83:ed:f7:8c:6d:29:a6:37:6c:
         db:27:02:96:08:0d:e5:1a:b0:b7:63:63:6e:29:e5:c1:ee:50:
         52:78:2b:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTjXyzMw1fCJySsaaks6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyODMwNzMwNzZlNjczYTMyYjdkZDZiY2RjMGZiY2MxNmYz
N2I2YTEwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGVlNGMxNDliMjc4MGY1ZWMzOGMwOGIzNzAzM2YzZGYyOTk0MGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIUbrBxnFdjLY+CV5RfwYKE3DqvP
E/lQI9mlofx0BqPBDAwuxfSAEA505kwpX15d2aT8P5OQEzOrSWl/jSMHbDR+Pzr7
Q4WR/TYTc+OXmTuEORFExndN5FdXzO8Qy/jnnGo32sG0ITb7s9qugNPWWUDFldOJ
bClURflUpFM8hQvXziSQh1E0SJLw2JE76O+4sDHQdUPpCaeh/az4UsRW6+h+WuZa
fy9E5YS5+RPBMzRQo/eFPFhJSBELHB7t9GiT2GZy/JBVPFtt9lQhzYDigYT+nWSj
TjJu1CIR6d9XBfL7PLvzv8ZODBxIVjXRPaoyCD9cKSaP6S56fSFeNR8CXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGTuTBSbJ4D17DjAizcDPz3ymUDCMB8GA1UdIwQY
MBaAFFKDBzB25nOjK33WvNwPvMFvN7ahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW9NSE1IYm1jNk1yZmRhODNBLTh3VzgzdHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8yN2U1MjctZTAyZS00YzMwLWE4NmIt
M2MzNTRkNjE4YjNhLzEvWk81TUZKc25nUFhzT01DTE53TV9QZktaUU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8yN2U1MjctZTAyZS00YzMwLWE4NmItM2MzNTRkNjE4YjNh
LzEvVW9NSE1IYm1jNk1yZmRhODNBLTh3VzgzdHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgM7gDAN
BgkqhkiG9w0BAQsFAAOCAQEAPSUG1dSuzCFAGQTZz+acAK78+8RcxKToG8UzYQE8
2mzzacEolZwpQx4FxQrpZWOrjJLvm6X4GPM4a4Qx0EfURjImMuBBOfS4nzhNYoTw
lLVJWj/6+2UXl2MXnfn369R60HqxZomslNGbANHygSdy3fUyWQPFKPvyCKKtMMkf
Z73XdmfQGH229Ana+cGjuGdCaJPvKti48xXlUjONdrqax4KJWtTozN7KB+aOija+
OzPi2m/ypsbYeHw/bnRPv3J5F9FoSZ1zV9mxiwK5SC7pl1+SIurfHnLbNxOIchy9
4Oozg+33jG0ppjds2ycClggN5Rqwt2Njbinlwe5QUngrzQ==
-----END CERTIFICATE-----