Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/dhpfG3tA98lCF5vEmj64bKoUTSU.roa
File:                     dhpfG3tA98lCF5vEmj64bKoUTSU.roa (raw, json)
Hash identifier:          +NhBobu0ceFugYQ2bE0Byc477p/h4p3GaIOKiRoPH10=
Subject key identifier:   76:1A:5F:1B:7B:40:F7:C9:42:17:9B:C4:9A:3E:B8:6C:AA:14:4D:25
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       0191A3A6CAA553ED05BDDF31279546653245
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/dhpfG3tA98lCF5vEmj64bKoUTSU.roa
Signing time:             Fri 30 Aug 2024 14:18:22 +0000
ROA not before:           Fri 30 Aug 2024 14:18:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47910
IP address blocks:        2a02:bc8:38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a3:a6:ca:a5:53:ed:05:bd:df:31:27:95:46:65:32:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Aug 30 14:18:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761a5f1b7b40f7c942179bc49a3eb86caa144d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d9:a1:58:3a:25:a7:68:6a:ae:00:ee:99:86:
                    68:ec:39:05:4d:e9:e8:c0:06:fc:c2:56:a7:00:05:
                    6d:dc:78:19:ea:89:11:af:f1:20:de:87:4f:f0:83:
                    5c:9d:78:c7:a6:b1:5e:2c:38:77:7a:22:98:fd:84:
                    f0:37:56:ce:be:69:6c:5e:7d:27:13:f8:ed:7d:9f:
                    ee:ba:b4:d0:08:59:2a:19:7f:3b:c8:a1:15:91:8a:
                    c7:36:a5:5c:df:95:43:c0:76:65:88:1e:4c:df:14:
                    db:c6:99:c7:2d:0a:97:8b:56:79:f9:25:7f:a1:8d:
                    ae:5d:ab:70:7f:87:8c:8a:b3:8b:bc:a2:3d:54:e9:
                    3c:73:59:aa:f4:c8:25:bc:2d:a6:dc:5f:84:53:53:
                    0b:ef:ab:8e:5a:e4:e1:77:7c:58:d7:da:d5:4b:9c:
                    c4:23:1a:61:eb:78:8f:ea:45:6c:8d:7b:c8:82:ce:
                    04:89:57:d4:2d:2e:65:36:1f:17:58:22:38:92:98:
                    82:d1:0b:02:34:2c:6c:06:b2:e0:42:a0:e4:1c:9f:
                    ba:98:c1:37:cf:1c:fc:d8:6f:f2:b4:d5:e4:cf:56:
                    f3:ba:c6:b9:6a:1f:34:29:4b:41:b7:c2:cc:63:12:
                    12:2a:51:0e:b6:f3:1c:25:cc:88:0f:12:dd:cd:b5:
                    77:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1A:5F:1B:7B:40:F7:C9:42:17:9B:C4:9A:3E:B8:6C:AA:14:4D:25
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/dhpfG3tA98lCF5vEmj64bKoUTSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:bc8:38::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:eb:0e:0a:a5:f5:ae:db:34:6c:59:99:e7:03:65:0f:a6:24:
         48:48:d8:db:af:85:b3:cc:24:d3:f4:b2:2e:f5:00:ba:2b:e8:
         45:ac:cd:37:dd:d9:d0:eb:a8:b1:9d:ed:9f:6a:26:61:77:b8:
         6d:29:e0:3c:56:c5:52:70:85:65:65:60:f6:b5:80:f7:4a:d3:
         1c:0c:b3:44:59:ff:28:e7:46:09:52:04:63:ef:6b:da:79:94:
         23:27:01:a6:f2:01:9b:f6:50:76:90:0c:62:09:37:3c:d4:f8:
         e5:26:4f:c4:f1:64:02:e4:7e:c9:e6:47:44:74:94:b9:3c:51:
         3b:4c:1e:0a:e7:91:be:a6:0a:f9:a5:a7:ad:37:0f:83:7a:d5:
         5d:8b:67:4b:5c:ba:41:6b:5b:ed:72:0b:84:db:64:a6:4c:20:
         2c:04:16:74:00:2f:68:21:75:c2:c7:10:39:f0:d2:2b:ef:d8:
         ca:bc:d1:b9:5d:d5:a2:fb:37:2b:1f:98:a5:29:e4:5c:da:27:
         da:c2:ef:3b:a7:fb:a3:f0:ca:1b:aa:31:8b:c1:4f:e9:7c:f3:
         9d:0a:2d:3b:90:d7:b2:9d:e5:3f:4c:49:d9:57:cc:0b:c1:fc:
         15:83:2f:79:ba:8b:4c:43:94:31:dd:ee:a1:75:9e:6a:98:08:
         f0:7e:69:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGjpsqlU+0Fvd8xJ5VGZTJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwODMwMTQxODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFhNWYxYjdiNDBmN2M5NDIxNzliYzQ5YTNlYjg2Y2FhMTQ0ZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tmhWDolp2hqrgDumYZo7DkFTeno
wAb8wlanAAVt3HgZ6okRr/Eg3odP8INcnXjHprFeLDh3eiKY/YTwN1bOvmlsXn0n
E/jtfZ/uurTQCFkqGX87yKEVkYrHNqVc35VDwHZliB5M3xTbxpnHLQqXi1Z5+SV/
oY2uXatwf4eMirOLvKI9VOk8c1mq9MglvC2m3F+EU1ML76uOWuThd3xY19rVS5zE
Ixph63iP6kVsjXvIgs4EiVfULS5lNh8XWCI4kpiC0QsCNCxsBrLgQqDkHJ+6mME3
zxz82G/ytNXkz1bzusa5ah80KUtBt8LMYxISKlEOtvMcJcyIDxLdzbV3/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHYaXxt7QPfJQhebxJo+uGyqFE0lMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvZGhwZkczdEE5OGxDRjV2RW1qNjRiS29VVFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgILyAA4
MA0GCSqGSIb3DQEBCwUAA4IBAQAX6w4KpfWu2zRsWZnnA2UPpiRISNjbr4WzzCTT
9LIu9QC6K+hFrM033dnQ66ixne2faiZhd7htKeA8VsVScIVlZWD2tYD3StMcDLNE
Wf8o50YJUgRj72vaeZQjJwGm8gGb9lB2kAxiCTc81PjlJk/E8WQC5H7J5kdEdJS5
PFE7TB4K55G+pgr5paetNw+DetVdi2dLXLpBa1vtcguE22SmTCAsBBZ0AC9oIXXC
xxA58NIr79jKvNG5XdWi+zcrH5ilKeRc2ifawu87p/uj8MobqjGLwU/pfPOdCi07
kNeyneU/TEnZV8wLwfwVgy95uotMQ5Qx3e6hdZ5qmAjwfmn2
-----END CERTIFICATE-----