Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/05ed2f-c4f7-4417-a4fb-0d20525edc74/1/Rj8HOl-qGs0SFqBl3XF2l3Lo1ws.roa
File:                     Rj8HOl-qGs0SFqBl3XF2l3Lo1ws.roa (raw, json)
Hash identifier:          NsDWk8sy8Xq9cHOI1copURDWOX1ZnG8z9J1HMFqap6s=
Subject key identifier:   46:3F:07:3A:5F:AA:1A:CD:12:16:A0:65:DD:71:76:97:72:E8:D7:0B
Certificate issuer:       /CN=3472b553f0cb0b13900d4c2e0e6c779aca03e3b1
Certificate serial:       018CC3494B1E656A7D6D85B83C79B8436A4C
Authority key identifier: 34:72:B5:53:F0:CB:0B:13:90:0D:4C:2E:0E:6C:77:9A:CA:03:E3:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHK1U_DLCxOQDUwuDmx3msoD47E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/05ed2f-c4f7-4417-a4fb-0d20525edc74/1/Rj8HOl-qGs0SFqBl3XF2l3Lo1ws.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16262
IP address blocks:        2a03:e140:3a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/05ed2f-c4f7-4417-a4fb-0d20525edc74/1/NHK1U_DLCxOQDUwuDmx3msoD47E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/05ed2f-c4f7-4417-a4fb-0d20525edc74/1/NHK1U_DLCxOQDUwuDmx3msoD47E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHK1U_DLCxOQDUwuDmx3msoD47E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4b:1e:65:6a:7d:6d:85:b8:3c:79:b8:43:6a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3472b553f0cb0b13900d4c2e0e6c779aca03e3b1
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=463f073a5faa1acd1216a065dd71769772e8d70b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a5:70:a7:d7:88:8f:52:34:29:6b:99:cc:21:
                    97:ef:c5:91:f4:a1:23:33:bb:59:82:67:13:7a:f7:
                    88:a6:00:48:7e:31:0f:8a:a0:79:78:55:40:aa:ef:
                    7b:50:03:39:60:fb:bf:50:dd:01:fc:af:12:f1:1c:
                    16:27:77:ee:46:3a:3d:17:3d:c1:bd:21:ee:4c:e1:
                    d7:3c:84:6b:0d:03:83:34:12:a1:fe:06:4e:2d:78:
                    bc:d6:18:4d:6f:b2:1a:1d:c8:6d:63:7a:f1:57:4f:
                    88:44:da:30:c8:1b:b0:df:13:d1:75:60:63:e7:ce:
                    9c:97:8e:12:b1:f7:07:1d:23:4b:47:d1:ae:0d:24:
                    54:e5:a6:4e:22:96:89:b9:83:79:ee:23:5c:db:4d:
                    14:aa:ac:14:e7:8f:02:b1:46:90:ef:5c:57:60:20:
                    a3:15:58:99:29:13:e0:77:24:00:03:0c:44:ec:a9:
                    24:74:a0:1a:fd:49:87:fa:1b:41:6e:7e:34:9a:a9:
                    05:1d:9e:6c:d0:e7:6d:cf:f3:20:da:86:78:59:a1:
                    0e:ce:8e:4a:df:42:02:e9:69:19:0e:de:50:24:b9:
                    80:1b:e5:91:1b:3c:7d:92:76:ec:d3:35:4a:c0:ff:
                    91:55:b2:a7:16:ba:5e:66:83:29:71:37:4f:ee:e9:
                    9b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:3F:07:3A:5F:AA:1A:CD:12:16:A0:65:DD:71:76:97:72:E8:D7:0B
            X509v3 Authority Key Identifier:
                keyid:34:72:B5:53:F0:CB:0B:13:90:0D:4C:2E:0E:6C:77:9A:CA:03:E3:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHK1U_DLCxOQDUwuDmx3msoD47E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/05ed2f-c4f7-4417-a4fb-0d20525edc74/1/Rj8HOl-qGs0SFqBl3XF2l3Lo1ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/05ed2f-c4f7-4417-a4fb-0d20525edc74/1/NHK1U_DLCxOQDUwuDmx3msoD47E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e140:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:6d:91:9d:5a:5e:a7:7c:f4:71:4f:69:4f:1c:05:bf:be:8d:
         64:a2:b2:5a:c0:9a:e8:0f:21:2b:e2:ee:ee:d8:41:fa:7c:2b:
         c9:28:4f:d6:6a:87:3f:60:00:e4:b2:0b:65:c7:44:48:e6:bc:
         e5:81:35:4e:a1:ef:04:36:3d:65:54:51:bc:61:9b:9d:63:17:
         0f:93:21:1a:c7:1d:99:9a:90:68:00:75:52:92:cb:6e:a6:3e:
         61:b2:3e:02:9c:f2:ea:36:82:09:a3:95:a2:23:f5:bf:52:78:
         9f:99:30:7b:b7:44:08:71:cb:88:bf:86:9f:ff:05:0a:2c:90:
         9e:2f:b0:5c:13:e6:46:3f:95:b6:f6:36:50:ea:77:f7:82:f4:
         c5:ba:d3:3a:3d:97:27:e7:01:b5:6b:06:d6:96:92:6c:2c:8e:
         7a:4e:cc:86:15:1a:5f:7d:85:02:e6:83:f0:6e:c0:38:f6:b6:
         4b:9e:b6:30:77:ad:aa:8a:e7:8c:bb:c3:ef:5b:c9:86:94:24:
         f1:25:f9:d0:1d:87:3e:81:2a:c2:5c:39:e7:43:e3:0c:7f:c5:
         7d:de:2e:2a:f0:6a:67:c7:0b:0c:cd:c6:aa:b4:d0:b0:a8:cd:
         5e:7b:dc:c5:79:c2:f4:0a:ec:c7:dc:a5:0a:3c:87:8f:f6:b6:
         ac:97:18:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSUseZWp9bYW4PHm4Q2pMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzJiNTUzZjBjYjBiMTM5MDBkNGMyZTBlNmM3NzlhY2Ew
M2UzYjEwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjNmMDczYTVmYWExYWNkMTIxNmEwNjVkZDcxNzY5NzcyZThkNzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaVwp9eIj1I0KWuZzCGX78WR9KEj
M7tZgmcTeveIpgBIfjEPiqB5eFVAqu97UAM5YPu/UN0B/K8S8RwWJ3fuRjo9Fz3B
vSHuTOHXPIRrDQODNBKh/gZOLXi81hhNb7IaHchtY3rxV0+IRNowyBuw3xPRdWBj
586cl44SsfcHHSNLR9GuDSRU5aZOIpaJuYN57iNc200UqqwU548CsUaQ71xXYCCj
FViZKRPgdyQAAwxE7KkkdKAa/UmH+htBbn40mqkFHZ5s0Odtz/Mg2oZ4WaEOzo5K
30IC6WkZDt5QJLmAG+WRGzx9knbs0zVKwP+RVbKnFrpeZoMpcTdP7umbmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEY/BzpfqhrNEhagZd1xdpdy6NcLMB8GA1UdIwQY
MBaAFDRytVPwywsTkA1MLg5sd5rKA+OxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhLMVVfRExDeE9RRFV3dURteDNtc29ENDdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8wNWVkMmYtYzRmNy00NDE3LWE0ZmIt
MGQyMDUyNWVkYzc0LzEvUmo4SE9sLXFHczBTRnFCbDNYRjJsM0xvMXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8wNWVkMmYtYzRmNy00NDE3LWE0ZmItMGQyMDUyNWVkYzc0
LzEvTkhLMVVfRExDeE9RRFV3dURteDNtc29ENDdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgPhQAA6
MA0GCSqGSIb3DQEBCwUAA4IBAQACbZGdWl6nfPRxT2lPHAW/vo1korJawJroDyEr
4u7u2EH6fCvJKE/Waoc/YADksgtlx0RI5rzlgTVOoe8ENj1lVFG8YZudYxcPkyEa
xx2ZmpBoAHVSkstupj5hsj4CnPLqNoIJo5WiI/W/UnifmTB7t0QIccuIv4af/wUK
LJCeL7BcE+ZGP5W29jZQ6nf3gvTFutM6PZcn5wG1awbWlpJsLI56TsyGFRpffYUC
5oPwbsA49rZLnrYwd62qiueMu8PvW8mGlCTxJfnQHYc+gSrCXDnnQ+MMf8V93i4q
8GpnxwsMzcaqtNCwqM1ee9zFecL0CuzH3KUKPIeP9raslxgw
-----END CERTIFICATE-----