Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/DIBPrkHrfQGnfqlzImspFGjBtq0.roa
File:                     DIBPrkHrfQGnfqlzImspFGjBtq0.roa (raw, json)
Hash identifier:          UxfXZMChiCEM/ha/GSkY3fnb2hVFs5yOmuXiz8PraSE=
Subject key identifier:   0C:80:4F:AE:41:EB:7D:01:A7:7E:A9:73:22:6B:29:14:68:C1:B6:AD
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       019276CE1BD43C04DF369390411E0E88D554
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/DIBPrkHrfQGnfqlzImspFGjBtq0.roa
Signing time:             Thu 10 Oct 2024 14:21:11 +0000
ROA not before:           Thu 10 Oct 2024 14:21:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a0e:7f47::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:ce:1b:d4:3c:04:df:36:93:90:41:1e:0e:88:d5:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Oct 10 14:21:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c804fae41eb7d01a77ea973226b291468c1b6ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:85:97:77:76:79:fd:52:2c:74:dd:82:d2:f7:
                    d2:89:7f:5c:b6:fa:87:d8:f9:c8:62:ea:8c:f0:d3:
                    e9:b9:64:15:b1:a6:80:ae:31:3e:51:10:6e:82:7d:
                    90:da:93:cc:fe:2a:8f:32:76:8e:65:41:c1:b0:83:
                    fe:41:03:70:cb:85:1f:da:6c:6f:65:27:33:a5:c5:
                    5e:23:8e:82:29:88:3a:74:ef:5e:dc:0e:64:29:ec:
                    3c:ed:ac:dd:f9:14:9e:be:18:c4:c7:26:f0:9c:01:
                    b7:9e:c8:54:79:2b:68:5f:10:90:cd:18:df:16:48:
                    25:68:7b:39:30:0c:1a:f8:cb:27:e2:57:69:99:7c:
                    13:8f:89:1c:ba:75:aa:64:bb:ed:ab:33:5c:0a:7e:
                    f6:d0:87:c5:3f:20:eb:c9:21:47:74:74:2e:c0:e7:
                    ab:7f:5d:1d:68:f9:72:62:2d:b8:90:b7:d4:fb:9f:
                    e6:4d:9c:26:c1:41:a2:bc:07:50:d1:ac:fb:a2:1f:
                    d0:d4:bd:a8:87:ed:e8:36:b1:10:94:99:0b:4b:4d:
                    4b:8e:b7:7d:d4:35:b5:a0:8d:1f:fd:7e:39:a8:4c:
                    fb:ed:e5:0c:d3:55:2b:fe:8c:62:6b:68:85:dc:13:
                    af:e5:de:45:04:ce:2a:3a:e5:14:bd:bc:5f:55:5c:
                    70:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:80:4F:AE:41:EB:7D:01:A7:7E:A9:73:22:6B:29:14:68:C1:B6:AD
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/DIBPrkHrfQGnfqlzImspFGjBtq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7f47::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:54:84:b3:65:19:4d:86:ed:71:31:25:8f:4f:80:1d:e9:2b:
         ca:b4:93:fa:a1:ee:8f:3a:d1:76:f6:06:47:d7:a8:81:2e:6a:
         b7:4d:1d:01:45:53:03:65:ce:84:89:b7:ae:37:e0:48:ba:10:
         3a:d4:53:12:57:1e:e6:c2:89:91:c6:97:a9:9b:84:4b:01:c2:
         f1:2f:cc:e8:ef:24:d7:81:b4:45:e2:ed:34:20:64:83:9e:2c:
         df:51:21:4d:ff:ce:40:00:b2:33:e3:cd:7d:79:4b:6a:dd:41:
         fd:9f:8f:60:2b:4a:12:b3:ad:fa:4f:26:39:d0:dd:53:06:97:
         15:69:dc:49:34:c2:20:1a:63:e7:61:57:c3:54:20:07:db:ef:
         81:48:e1:33:73:0c:92:d6:80:44:3b:a5:4a:7b:6f:ea:11:cd:
         3b:2f:09:96:fe:8a:b8:63:b9:49:a0:a7:81:03:03:dd:31:e4:
         4b:3f:cf:21:42:95:ee:1a:88:b5:e0:fa:2c:16:08:08:54:ab:
         5d:f8:8d:97:90:08:e4:35:cd:16:4f:e4:f4:4a:08:b5:2d:02:
         75:30:40:cf:3a:3f:d7:85:00:a9:14:05:b8:4f:5d:e6:ea:da:
         83:57:5b:1e:4f:d7:90:06:59:f5:b6:c4:f1:a6:05:7f:bf:5c:
         6e:88:32:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJ2zhvUPATfNpOQQR4OiNVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjQxMDEwMTQyMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzgwNGZhZTQxZWI3ZDAxYTc3ZWE5NzMyMjZiMjkxNDY4YzFiNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoWXd3Z5/VIsdN2C0vfSiX9ctvqH
2PnIYuqM8NPpuWQVsaaArjE+URBugn2Q2pPM/iqPMnaOZUHBsIP+QQNwy4Uf2mxv
ZSczpcVeI46CKYg6dO9e3A5kKew87azd+RSevhjExybwnAG3nshUeStoXxCQzRjf
FkglaHs5MAwa+Msn4ldpmXwTj4kcunWqZLvtqzNcCn720IfFPyDrySFHdHQuwOer
f10daPlyYi24kLfU+5/mTZwmwUGivAdQ0az7oh/Q1L2oh+3oNrEQlJkLS01Ljrd9
1DW1oI0f/X45qEz77eUM01Ur/oxia2iF3BOv5d5FBM4qOuUUvbxfVVxwVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAyAT65B630Bp36pcyJrKRRowbatMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvRElCUHJrSHJmUUduZnFsekltc3BGR2pCdHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5/RzAN
BgkqhkiG9w0BAQsFAAOCAQEAPVSEs2UZTYbtcTElj0+AHekryrST+qHujzrRdvYG
R9eogS5qt00dAUVTA2XOhIm3rjfgSLoQOtRTElce5sKJkcaXqZuESwHC8S/M6O8k
14G0ReLtNCBkg54s31EhTf/OQACyM+PNfXlLat1B/Z+PYCtKErOt+k8mOdDdUwaX
FWncSTTCIBpj52FXw1QgB9vvgUjhM3MMktaARDulSntv6hHNOy8Jlv6KuGO5SaCn
gQMD3THkSz/PIUKV7hqIteD6LBYICFSrXfiNl5AI5DXNFk/k9EoItS0CdTBAzzo/
14UAqRQFuE9d5urag1dbHk/XkAZZ9bbE8aYFf79cbogyGA==
-----END CERTIFICATE-----