Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/ASE9gOT9sNwp0CEMtS0GKuCuQ5w.roa
File:                     ASE9gOT9sNwp0CEMtS0GKuCuQ5w.roa (raw, json)
Hash identifier:          FuJg3DTOGee7GQzOA2Qz3VJyPd93719+8WamnGuAlMM=
Subject key identifier:   01:21:3D:80:E4:FD:B0:DC:29:D0:21:0C:B5:2D:06:2A:E0:AE:43:9C
Certificate issuer:       /CN=a3e6e823f6dda67d283a9f41a72909906ac9a837
Certificate serial:       018CC8015E9AF7CEDE3E3A0D6B2FFAF22C5C
Authority key identifier: A3:E6:E8:23:F6:DD:A6:7D:28:3A:9F:41:A7:29:09:90:6A:C9:A8:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/ASE9gOT9sNwp0CEMtS0GKuCuQ5w.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197838
IP address blocks:        2a03:6607::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5e:9a:f7:ce:de:3e:3a:0d:6b:2f:fa:f2:2c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3e6e823f6dda67d283a9f41a72909906ac9a837
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01213d80e4fdb0dc29d0210cb52d062ae0ae439c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8c:13:f9:f3:14:c9:bd:a9:4b:e2:63:98:0e:
                    b9:e0:fb:e5:ec:42:39:b5:d6:55:94:55:61:8d:be:
                    e1:44:f8:fa:c9:c1:c9:59:19:94:43:a0:cb:d8:3e:
                    b8:d7:94:32:f8:75:3f:d1:72:b3:db:ed:65:2a:d0:
                    d3:de:45:d2:37:49:0a:a1:f4:0a:14:f9:ab:5a:84:
                    8a:30:90:f0:39:dd:63:eb:3c:18:99:e6:7e:63:d7:
                    b7:cd:e1:59:6d:7b:4e:5d:1c:5c:d5:a4:f8:c7:e8:
                    26:a4:89:e4:82:ad:46:92:dd:84:fd:0a:a3:30:b9:
                    92:d2:67:e1:cb:d2:b3:3d:5c:12:8b:c0:d8:54:d3:
                    62:91:cb:93:29:fc:99:de:ec:8e:fd:51:c0:12:77:
                    c0:2d:76:7d:99:55:6a:50:bc:dd:39:d7:28:64:c8:
                    a2:65:92:af:19:07:6b:83:dc:c8:ae:b9:a5:3c:8e:
                    37:16:63:7d:52:5f:82:12:44:2a:f4:9a:5d:50:dc:
                    76:a7:9b:22:e3:e1:2a:9e:75:85:0d:e8:65:c3:44:
                    78:fb:81:5c:bd:79:77:4c:43:87:7a:66:9d:0d:b4:
                    50:a8:75:a5:13:e0:05:76:28:d6:07:45:e7:4e:5f:
                    8b:7a:64:8b:98:e6:1e:fe:92:ab:8a:a6:da:f5:45:
                    02:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:21:3D:80:E4:FD:B0:DC:29:D0:21:0C:B5:2D:06:2A:E0:AE:43:9C
            X509v3 Authority Key Identifier:
                keyid:A3:E6:E8:23:F6:DD:A6:7D:28:3A:9F:41:A7:29:09:90:6A:C9:A8:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-boI_bdpn0oOp9BpykJkGrJqDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/ASE9gOT9sNwp0CEMtS0GKuCuQ5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/18a1bc-967c-4931-85b5-00f00af1c8d7/1/o-boI_bdpn0oOp9BpykJkGrJqDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6607::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:1b:77:07:61:5f:42:fb:3b:52:93:06:15:31:e8:bc:9f:9e:
         ca:31:ee:ba:c6:0f:c0:87:e8:55:13:b6:69:c8:89:ad:48:ef:
         c2:e2:03:e9:ed:e2:59:07:87:d2:60:8d:71:91:f6:cb:ea:1c:
         92:8f:62:5d:53:9d:a4:19:01:9c:70:b9:5b:33:d7:aa:ad:28:
         a8:04:41:5e:38:1b:58:c8:c1:87:cc:18:68:db:2d:6a:ba:17:
         be:47:71:28:ab:a3:58:c9:c0:48:4e:4d:da:b7:f2:1d:7c:ba:
         87:2e:c6:9f:8c:9f:f5:6c:de:78:4b:e7:6c:bd:e0:8c:c7:7e:
         34:f5:21:31:df:02:28:72:58:a7:88:10:54:ae:39:83:57:e4:
         55:f2:c1:2f:54:f8:29:a8:b5:32:11:67:2f:3b:79:74:f3:f3:
         5d:61:40:4b:e7:9a:53:34:73:f7:1b:1a:dd:c1:00:b3:c1:d8:
         06:28:f8:2a:93:0b:c4:da:0b:f4:29:74:15:01:60:c3:9b:f7:
         44:29:5e:3d:ff:15:9c:eb:ef:57:fc:82:76:49:e6:93:5c:4e:
         fc:26:7a:5a:48:e2:fa:a5:37:b4:5b:53:f6:53:09:7d:23:70:
         7b:b9:95:60:30:7c:bf:53:64:d1:4f:64:2b:e8:fb:d7:83:8d:
         1c:6f:8b:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAV6a987ePjoNay/68ixcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTZlODIzZjZkZGE2N2QyODNhOWY0MWE3MjkwOTkwNmFj
OWE4MzcwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTIxM2Q4MGU0ZmRiMGRjMjlkMDIxMGNiNTJkMDYyYWUwYWU0MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IwT+fMUyb2pS+JjmA654Pvl7EI5
tdZVlFVhjb7hRPj6ycHJWRmUQ6DL2D6415Qy+HU/0XKz2+1lKtDT3kXSN0kKofQK
FPmrWoSKMJDwOd1j6zwYmeZ+Y9e3zeFZbXtOXRxc1aT4x+gmpInkgq1Gkt2E/Qqj
MLmS0mfhy9KzPVwSi8DYVNNikcuTKfyZ3uyO/VHAEnfALXZ9mVVqULzdOdcoZMii
ZZKvGQdrg9zIrrmlPI43FmN9Ul+CEkQq9JpdUNx2p5si4+EqnnWFDehlw0R4+4Fc
vXl3TEOHemadDbRQqHWlE+AFdijWB0XnTl+LemSLmOYe/pKriqba9UUCnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAEhPYDk/bDcKdAhDLUtBirgrkOcMB8GA1UdIwQY
MBaAFKPm6CP23aZ9KDqfQacpCZBqyag3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1ib0lfYmRwbjBvT3A5QnB5a0prR3JKcURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8xOGExYmMtOTY3Yy00OTMxLTg1YjUt
MDBmMDBhZjFjOGQ3LzEvQVNFOWdPVDlzTndwMENFTXRTMEdLdUN1UTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8xOGExYmMtOTY3Yy00OTMxLTg1YjUtMDBmMDBhZjFjOGQ3
LzEvby1ib0lfYmRwbjBvT3A5QnB5a0prR3JKcURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNmBzAN
BgkqhkiG9w0BAQsFAAOCAQEARht3B2FfQvs7UpMGFTHovJ+eyjHuusYPwIfoVRO2
aciJrUjvwuID6e3iWQeH0mCNcZH2y+ocko9iXVOdpBkBnHC5WzPXqq0oqARBXjgb
WMjBh8wYaNstaroXvkdxKKujWMnASE5N2rfyHXy6hy7Gn4yf9WzeeEvnbL3gjMd+
NPUhMd8CKHJYp4gQVK45g1fkVfLBL1T4Kai1MhFnLzt5dPPzXWFAS+eaUzRz9xsa
3cEAs8HYBij4KpMLxNoL9Cl0FQFgw5v3RClePf8VnOvvV/yCdknmk1xO/CZ6Wkji
+qU3tFtT9lMJfSNwe7mVYDB8v1Nk0U9kK+j714ONHG+LoA==
-----END CERTIFICATE-----