Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/dhv_gGXUg3pozXCVsLrvWIVrND4.roa
File:                     dhv_gGXUg3pozXCVsLrvWIVrND4.roa (raw, json)
Hash identifier:          q3NvraPqRsnmbAv+1k0UzphbJGT4Wye7KlycOEJFHeU=
Subject key identifier:   76:1B:FF:80:65:D4:83:7A:68:CD:70:95:B0:BA:EF:58:85:6B:34:3E
Certificate issuer:       /CN=3a839936aeeff288678e772633020fa259bd9cf2
Certificate serial:       018D2914E4BAAD6548C963EE47C58E398EA6
Authority key identifier: 3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/dhv_gGXUg3pozXCVsLrvWIVrND4.roa
Signing time:             Sat 20 Jan 2024 22:54:11 +0000
ROA not before:           Sat 20 Jan 2024 22:54:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215769
IP address blocks:        2a12:ff04:7000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:29:14:e4:ba:ad:65:48:c9:63:ee:47:c5:8e:39:8e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a839936aeeff288678e772633020fa259bd9cf2
        Validity
            Not Before: Jan 20 22:54:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761bff8065d4837a68cd7095b0baef58856b343e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c2:31:1e:7e:43:82:cd:f3:f3:21:98:88:9e:
                    2f:43:6c:42:99:ba:a6:86:ab:9f:be:15:90:e0:f2:
                    88:e3:ed:9b:dc:b7:15:0f:3b:18:f2:d8:52:b4:2a:
                    56:84:0a:c3:60:94:cc:f5:da:fe:8c:3c:b3:0c:05:
                    eb:4c:3d:bf:9d:75:6c:75:08:c7:d5:eb:9a:f6:40:
                    1c:4a:0c:de:22:4b:16:d8:16:9c:01:90:8d:51:02:
                    ee:bb:05:6f:8a:a5:75:cb:1d:b4:52:8a:d3:10:b4:
                    24:2c:c2:a2:46:67:cb:1b:88:38:78:e2:be:b1:19:
                    01:9a:76:23:db:c2:5b:be:bf:97:8f:84:d0:b7:6e:
                    ed:a5:07:c6:6e:14:5d:a6:1d:1e:58:63:4e:58:ec:
                    e5:38:53:31:2b:38:a3:6b:ce:02:d2:45:b4:f1:42:
                    d0:32:a8:5d:ff:3e:96:80:e8:c1:6c:8d:80:2e:9e:
                    41:46:e9:ea:b1:2b:e9:ab:37:12:f7:72:2e:75:e8:
                    e8:59:7e:b7:a8:9c:8d:6d:d6:8b:23:2c:9e:aa:d0:
                    f2:8f:be:be:7b:bf:e1:95:d5:53:eb:42:57:11:b1:
                    a5:81:f5:32:05:0b:cd:46:0f:5a:b9:f5:94:80:15:
                    ae:f4:9c:c9:b2:11:19:a0:d2:e0:e8:68:08:1d:5a:
                    0d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1B:FF:80:65:D4:83:7A:68:CD:70:95:B0:BA:EF:58:85:6B:34:3E
            X509v3 Authority Key Identifier:
                keyid:3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/dhv_gGXUg3pozXCVsLrvWIVrND4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:ff04:7000::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:29:0f:92:9c:57:a3:66:9b:9b:82:b6:aa:3b:17:ee:eb:cb:
         2e:69:ef:ec:9c:e6:a9:a8:88:30:ae:33:9d:d2:15:ab:f4:f2:
         63:1f:77:0c:16:48:dd:5a:5a:a0:9f:08:88:52:b7:53:e6:22:
         14:8b:97:fd:4e:9b:8c:29:4b:44:77:38:8c:bb:08:95:aa:21:
         35:6f:79:a4:53:9f:df:3f:ed:ee:c5:a8:83:38:57:43:36:63:
         94:ff:67:ec:12:fb:14:e8:d1:66:1b:a8:54:84:9d:64:9b:44:
         d3:cd:38:a4:58:89:49:08:10:8a:89:5b:a4:be:87:3f:ef:17:
         fe:3f:02:f5:b7:1f:0d:a4:63:34:63:d9:3b:4d:4f:87:62:d7:
         03:83:db:ef:0d:2b:b1:ee:db:50:67:18:33:d6:3f:3d:e2:43:
         c6:fc:3a:99:1f:ca:4e:e1:52:22:10:ed:a1:a8:49:6f:00:87:
         17:b0:22:57:67:88:4c:14:03:b0:a0:d1:6c:3e:fa:9d:c6:a9:
         97:8a:cb:28:dd:b1:2f:95:b6:cb:de:89:f6:58:65:22:3f:f9:
         82:13:62:c8:18:d4:03:d2:f4:ce:55:a0:ce:59:c6:65:3c:ed:
         1c:40:a3:f8:1a:75:7a:bb:9e:4d:bb:69:88:d6:8f:c8:ab:a0:
         35:38:c5:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0pFOS6rWVIyWPuR8WOOY6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhODM5OTM2YWVlZmYyODg2NzhlNzcyNjMzMDIwZmEyNTli
ZDljZjIwHhcNMjQwMTIwMjI1NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFiZmY4MDY1ZDQ4MzdhNjhjZDcwOTViMGJhZWY1ODg1NmIzNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8IxHn5Dgs3z8yGYiJ4vQ2xCmbqm
hqufvhWQ4PKI4+2b3LcVDzsY8thStCpWhArDYJTM9dr+jDyzDAXrTD2/nXVsdQjH
1eua9kAcSgzeIksW2BacAZCNUQLuuwVviqV1yx20UorTELQkLMKiRmfLG4g4eOK+
sRkBmnYj28Jbvr+Xj4TQt27tpQfGbhRdph0eWGNOWOzlOFMxKzija84C0kW08ULQ
Mqhd/z6WgOjBbI2ALp5BRunqsSvpqzcS93IudejoWX63qJyNbdaLIyyeqtDyj76+
e7/hldVT60JXEbGlgfUyBQvNRg9aufWUgBWu9JzJshEZoNLg6GgIHVoNUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHYb/4Bl1IN6aM1wlbC671iFazQ+MB8GA1UdIwQY
MBaAFDqDmTau7/KIZ453JjMCD6JZvZzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQt
ODM1ZjRlMzcyODNjLzEvZGh2X2dHWFVnM3BvelhDVnNMcnZXSVZyTkQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQtODM1ZjRlMzcyODNj
LzEvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhL/BHAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBbKQ+SnFejZpubgraqOxfu68suae/snOapqIgw
rjOd0hWr9PJjH3cMFkjdWlqgnwiIUrdT5iIUi5f9TpuMKUtEdziMuwiVqiE1b3mk
U5/fP+3uxaiDOFdDNmOU/2fsEvsU6NFmG6hUhJ1km0TTzTikWIlJCBCKiVukvoc/
7xf+PwL1tx8NpGM0Y9k7TU+HYtcDg9vvDSux7ttQZxgz1j894kPG/DqZH8pO4VIi
EO2hqElvAIcXsCJXZ4hMFAOwoNFsPvqdxqmXisso3bEvlbbL3on2WGUiP/mCE2LI
GNQD0vTOVaDOWcZlPO0cQKP4GnV6u55Nu2mI1o/Iq6A1OMVS
-----END CERTIFICATE-----