Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/03QhLq7AR1vJfWXoLAk5zAg4d5o.roa
File:                     03QhLq7AR1vJfWXoLAk5zAg4d5o.roa (raw, json)
Hash identifier:          YacP2At/w8aPUc76cIgdXEWoL+Ikea+jVE2kC6DBYzA=
Subject key identifier:   D3:74:21:2E:AE:C0:47:5B:C9:7D:65:E8:2C:09:39:CC:08:38:77:9A
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       0191D4B342337E25056EE3B7ECFEAC47ABAD
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/03QhLq7AR1vJfWXoLAk5zAg4d5o.roa
Signing time:             Mon 09 Sep 2024 02:53:23 +0000
ROA not before:           Mon 09 Sep 2024 02:53:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150006
IP address blocks:        2a12:f8c3:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d4:b3:42:33:7e:25:05:6e:e3:b7:ec:fe:ac:47:ab:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Sep  9 02:53:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d374212eaec0475bc97d65e82c0939cc0838779a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e7:c7:1c:90:96:13:c8:62:d0:e8:24:37:9f:
                    70:5c:81:72:22:76:5e:8e:4c:02:d9:9b:7e:cb:39:
                    3f:37:52:5c:2b:12:d1:b5:48:db:15:dc:21:30:c9:
                    1f:b7:e2:76:ed:4a:3d:1d:cf:47:ab:57:2c:73:45:
                    74:68:7e:8a:d0:42:d0:35:59:25:8f:a9:a0:7b:19:
                    1d:4d:55:fc:cb:6d:97:66:a1:31:5d:1b:16:74:50:
                    c8:f6:2b:cf:4c:ba:68:0a:b1:bc:fe:ce:29:72:7e:
                    48:6c:0b:a8:1d:f8:fc:37:fb:e4:40:e1:53:01:b6:
                    fd:58:bd:49:1d:e4:f8:a3:7c:ac:67:37:67:32:c3:
                    80:2a:e9:93:cf:b5:b4:98:39:0e:d1:d4:b8:02:e6:
                    b5:42:17:77:3a:93:19:92:e7:16:c6:d2:f5:fc:b3:
                    90:a8:50:78:f7:09:16:4a:1c:55:15:4f:b8:28:9f:
                    e4:b7:8c:9a:4d:7c:15:8f:cb:f1:b5:b2:ed:83:83:
                    69:03:ee:67:65:33:5a:a5:21:07:ba:47:18:df:d7:
                    a5:6e:5c:89:03:e5:24:88:75:18:3c:01:d9:a9:b8:
                    86:99:19:61:bb:5a:ff:85:de:05:0c:81:b3:1b:22:
                    76:b3:ef:a3:5d:89:77:5c:ef:bf:67:b0:2f:59:11:
                    3e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:74:21:2E:AE:C0:47:5B:C9:7D:65:E8:2C:09:39:CC:08:38:77:9A
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/03QhLq7AR1vJfWXoLAk5zAg4d5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c3:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         78:21:bb:30:e3:d5:60:2c:f1:47:5d:cd:27:7e:bd:5e:b4:88:
         c4:17:67:87:2a:21:d4:25:26:66:ce:c4:37:14:3a:42:8a:c2:
         e4:33:7b:2b:a0:4a:60:8e:b1:44:32:a6:bb:51:1d:49:67:10:
         71:82:34:89:24:6a:26:cc:f1:17:f1:3f:93:2e:3d:2c:01:5b:
         44:7b:0e:51:d8:38:51:9a:22:1e:46:25:b7:e5:4a:b3:ae:dc:
         c3:64:38:d9:94:ab:cb:44:bf:2f:20:5b:f8:03:df:38:46:c5:
         69:99:f8:ee:c3:92:2b:44:38:36:4d:ed:e4:73:c2:a0:cf:62:
         7b:21:2d:b0:2d:9f:a9:ec:bb:32:94:0d:80:f0:a3:c0:d1:73:
         a3:08:d9:d6:ad:bd:b2:08:b2:60:6a:81:1c:58:00:1d:c7:05:
         c1:22:9b:2c:52:d2:f3:9b:bd:10:96:33:24:b9:38:11:bc:03:
         1b:7f:9b:4d:64:3c:d5:f5:46:f2:cc:fa:24:6b:b6:5f:e6:37:
         56:1a:f4:87:81:0e:62:0d:aa:e3:1a:7d:57:7d:50:35:ff:ad:
         f2:44:dd:95:d3:e5:c9:56:3d:ee:a8:9e:d2:75:86:2d:cf:54:
         47:7b:6e:99:0a:88:49:13:e7:97:10:d4:53:0e:bc:fa:c6:ba:
         14:47:b7:72
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZHUs0IzfiUFbuO37P6sR6utMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjQwOTA5MDI1MzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzc0MjEyZWFlYzA0NzViYzk3ZDY1ZTgyYzA5MzljYzA4Mzg3NzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ufHHJCWE8hi0OgkN59wXIFyInZe
jkwC2Zt+yzk/N1JcKxLRtUjbFdwhMMkft+J27Uo9Hc9Hq1csc0V0aH6K0ELQNVkl
j6mgexkdTVX8y22XZqExXRsWdFDI9ivPTLpoCrG8/s4pcn5IbAuoHfj8N/vkQOFT
Abb9WL1JHeT4o3ysZzdnMsOAKumTz7W0mDkO0dS4Aua1Qhd3OpMZkucWxtL1/LOQ
qFB49wkWShxVFU+4KJ/kt4yaTXwVj8vxtbLtg4NpA+5nZTNapSEHukcY39elblyJ
A+UkiHUYPAHZqbiGmRlhu1r/hd4FDIGzGyJ2s++jXYl3XO+/Z7AvWRE+VwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNN0IS6uwEdbyX1l6CwJOcwIOHeaMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvMDNRaExxN0FSMXZKZldYb0xBazV6QWc0ZDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wxAw
DQYJKoZIhvcNAQELBQADggEBAHghuzDj1WAs8UddzSd+vV60iMQXZ4cqIdQlJmbO
xDcUOkKKwuQzeyugSmCOsUQyprtRHUlnEHGCNIkkaibM8RfxP5MuPSwBW0R7DlHY
OFGaIh5GJbflSrOu3MNkONmUq8tEvy8gW/gD3zhGxWmZ+O7DkitEODZN7eRzwqDP
YnshLbAtn6nsuzKUDYDwo8DRc6MI2datvbIIsmBqgRxYAB3HBcEimyxS0vObvRCW
MyS5OBG8Axt/m01kPNX1RvLM+iRrtl/mN1Ya9IeBDmINquMafVd9UDX/rfJE3ZXT
5clWPe6ontJ1hi3PVEd7bpkKiEkT55cQ1FMOvPrGuhRHt3I=
-----END CERTIFICATE-----