Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/nOdiFvXEHa1A4ILUUIAr4NpCYgA.roa
File:                     nOdiFvXEHa1A4ILUUIAr4NpCYgA.roa (raw, json)
Hash identifier:          13kVczkRPAw7OfBk3Z3VNLLKStb82K8aIq5X7txB2YE=
Subject key identifier:   9C:E7:62:16:F5:C4:1D:AD:40:E0:82:D4:50:80:2B:E0:DA:42:62:00
Certificate issuer:       /CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
Certificate serial:       018CC26D4BA03D5FECA329DE773E1CAEF544
Authority key identifier: 31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/nOdiFvXEHa1A4ILUUIAr4NpCYgA.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199813
IP address blocks:        2a03:9180:2::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:a0:3d:5f:ec:a3:29:de:77:3e:1c:ae:f5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ce76216f5c41dad40e082d450802be0da426200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a4:18:60:c6:12:08:f9:95:7d:51:71:7b:7b:
                    4a:1a:4d:ed:3d:1d:b7:c3:4e:88:c9:22:84:5c:8a:
                    df:59:ce:c2:ba:a6:fa:38:b0:bc:12:29:fb:e3:7e:
                    6e:da:66:e6:01:fc:48:99:d3:82:bc:53:77:f1:39:
                    c0:a7:03:ce:43:aa:b1:6a:34:48:88:a6:79:5c:78:
                    9a:a9:86:18:9c:ea:50:0d:1c:99:94:21:ee:b0:47:
                    58:8c:1c:b4:50:b3:64:4d:22:39:7c:42:73:3e:3c:
                    68:7b:42:c3:60:66:7e:8e:3d:44:9f:f8:6e:54:ab:
                    4a:11:7b:ff:e8:88:ce:c7:9c:ae:0c:b2:99:8a:49:
                    b1:ad:27:ba:5a:10:ed:2f:a1:4d:4a:be:2f:5d:fe:
                    be:d7:f9:a2:38:53:4e:95:30:db:a4:0f:47:2b:c7:
                    44:36:fa:f9:1a:04:b0:55:89:f9:a4:a2:49:d6:08:
                    0d:78:b9:1b:03:50:6e:39:c3:55:99:ca:d3:6e:89:
                    46:34:fb:dc:8c:d9:6a:1c:1e:b0:d5:e6:78:fb:7f:
                    e4:9b:90:7f:8b:06:d9:21:8c:0b:eb:c9:46:f7:13:
                    b7:4b:62:28:d3:2b:ec:22:07:01:31:a2:ac:7e:1f:
                    90:8c:75:3b:e4:07:3c:03:68:fd:32:cd:e8:98:dd:
                    4d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E7:62:16:F5:C4:1D:AD:40:E0:82:D4:50:80:2B:E0:DA:42:62:00
            X509v3 Authority Key Identifier:
                keyid:31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/nOdiFvXEHa1A4ILUUIAr4NpCYgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9180:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         c4:ca:56:63:1c:56:58:2e:ae:cd:19:44:23:5a:61:3b:5d:24:
         be:1a:0b:68:d0:30:4e:3e:4e:31:55:54:5a:f3:53:7f:e8:de:
         d7:38:4d:48:40:63:0f:b6:28:28:2c:87:5c:ae:37:11:a0:a2:
         d8:7a:12:03:8b:77:c2:67:ca:85:47:3b:32:b5:5e:3b:34:7b:
         c1:71:b7:21:83:ec:85:14:bb:94:d3:89:76:0b:85:ea:72:c6:
         f7:45:2e:eb:24:46:70:d1:e3:0b:ac:e6:b8:b9:7b:f2:00:91:
         04:4a:e8:d1:66:80:ed:7d:dc:31:a3:2d:08:c9:ab:89:c7:89:
         8b:30:7e:3d:f9:1d:ab:c1:08:03:42:a5:ad:da:70:77:0a:04:
         05:d9:be:94:0f:26:ed:07:5f:b3:a1:03:d5:29:88:b6:a6:ce:
         35:af:8d:2e:c7:56:28:95:c2:5c:1f:23:23:43:94:7c:11:0d:
         7a:e9:de:78:e9:26:84:c8:53:17:d7:0c:f7:22:ad:97:31:82:
         62:10:72:b3:ec:06:5c:22:e5:b5:cf:62:23:ed:6e:e6:04:58:
         ab:96:87:00:27:40:24:28:86:f4:4f:40:2f:b8:4d:6e:2b:8f:
         86:01:e1:2f:61:4c:9b:df:d4:5d:01:6c:07:8a:fd:cb:3d:9b:
         69:05:e6:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUugPV/soynedz4crvVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWQ2MmI3ZmQ5ZmNmYzg3ZGZlYTk4NzUxNTc2N2M4Mzhl
MjFiYjkwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2U3NjIxNmY1YzQxZGFkNDBlMDgyZDQ1MDgwMmJlMGRhNDI2MjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qQYYMYSCPmVfVFxe3tKGk3tPR23
w06IySKEXIrfWc7Cuqb6OLC8Ein7435u2mbmAfxImdOCvFN38TnApwPOQ6qxajRI
iKZ5XHiaqYYYnOpQDRyZlCHusEdYjBy0ULNkTSI5fEJzPjxoe0LDYGZ+jj1En/hu
VKtKEXv/6IjOx5yuDLKZikmxrSe6WhDtL6FNSr4vXf6+1/miOFNOlTDbpA9HK8dE
Nvr5GgSwVYn5pKJJ1ggNeLkbA1BuOcNVmcrTbolGNPvcjNlqHB6w1eZ4+3/km5B/
iwbZIYwL68lG9xO3S2Io0yvsIgcBMaKsfh+QjHU75Ac8A2j9Ms3omN1NMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJznYhb1xB2tQOCC1FCAK+DaQmIAMB8GA1UdIwQY
MBaAFDEdYrf9n8/Iff6ph1FXZ8g44hu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEt
ODUwZjM0OTA2MjI5LzEvbk9kaUZ2WEVIYTFBNElMVVVJQXI0TnBDWWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEtODUwZjM0OTA2MjI5
LzEvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgORgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQDEylZjHFZYLq7NGUQjWmE7XSS+Ggto0DBOPk4x
VVRa81N/6N7XOE1IQGMPtigoLIdcrjcRoKLYehIDi3fCZ8qFRzsytV47NHvBcbch
g+yFFLuU04l2C4Xqcsb3RS7rJEZw0eMLrOa4uXvyAJEESujRZoDtfdwxoy0IyauJ
x4mLMH49+R2rwQgDQqWt2nB3CgQF2b6UDybtB1+zoQPVKYi2ps41r40ux1YolcJc
HyMjQ5R8EQ166d546SaEyFMX1wz3Iq2XMYJiEHKz7AZcIuW1z2Ij7W7mBFirlocA
J0AkKIb0T0AvuE1uK4+GAeEvYUyb39RdAWwHiv3LPZtpBebO
-----END CERTIFICATE-----