Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/kq13jlLkaE62tX0-c6UK0k4E8zU.roa
File:                     kq13jlLkaE62tX0-c6UK0k4E8zU.roa (raw, json)
Hash identifier:          k9aHOgkgyDwVeRSddpRj5WgsrARN4O1WjW9F5BOHevQ=
Subject key identifier:   92:AD:77:8E:52:E4:68:4E:B6:B5:7D:3E:73:A5:0A:D2:4E:04:F3:35
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018F4DCBDBB50849D515A3E134E5932DA8B0
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/kq13jlLkaE62tX0-c6UK0k4E8zU.roa
Signing time:             Mon 06 May 2024 12:05:56 +0000
ROA not before:           Mon 06 May 2024 12:05:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a0d:b9c7::/32 maxlen: 32
                          2a12:1246::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:cb:db:b5:08:49:d5:15:a3:e1:34:e5:93:2d:a8:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: May  6 12:05:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92ad778e52e4684eb6b57d3e73a50ad24e04f335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:50:0d:89:73:b9:48:d3:37:11:08:44:ba:7d:
                    96:c1:a1:08:95:ee:b2:9c:1c:87:b6:c7:c0:6f:6b:
                    2f:d4:b8:5e:c5:57:2f:dc:94:76:06:fa:d9:30:2e:
                    c5:97:71:4a:ca:78:3e:1f:7a:fc:ce:52:4c:bf:ce:
                    0f:14:a1:56:b8:2d:7d:86:3c:03:65:f8:85:99:66:
                    be:49:7f:0c:3a:36:af:96:78:19:82:82:cf:75:91:
                    bd:5b:74:63:89:3f:ce:26:9f:e0:bb:98:19:25:a4:
                    bd:48:57:fd:1d:e8:66:21:df:55:da:df:e2:d2:a3:
                    89:ba:7a:34:d8:92:89:b4:d0:a7:5d:10:ee:8c:72:
                    bc:01:17:00:0d:96:38:6c:5f:36:54:5d:a1:83:eb:
                    b4:93:b9:19:16:72:bf:05:09:d3:e8:29:94:9b:63:
                    c6:47:4b:14:1e:83:fe:a7:9e:b4:d6:09:a6:a1:89:
                    59:40:e4:32:cc:f4:a0:94:6c:97:dd:85:b5:00:9f:
                    48:c5:4b:98:ca:1d:8e:4c:e0:9d:d1:45:9a:58:08:
                    dc:92:47:30:8f:ab:cd:59:6f:dc:91:1b:68:ae:6d:
                    b2:39:a4:d5:8a:a6:a9:fc:d1:87:26:a6:53:1d:0c:
                    2c:e8:8f:4d:cc:b7:66:e4:65:0f:c6:83:7e:12:b3:
                    54:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:AD:77:8E:52:E4:68:4E:B6:B5:7D:3E:73:A5:0A:D2:4E:04:F3:35
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/kq13jlLkaE62tX0-c6UK0k4E8zU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c7::/32
                  2a12:1246::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:02:66:ad:1d:af:ff:29:d3:46:4f:f7:2c:ca:23:f6:d1:bb:
         4a:ef:c9:74:d4:ba:06:4f:ce:9c:a5:a0:7a:33:5f:71:a8:fa:
         29:9b:59:bd:a3:47:3e:5e:90:a8:95:42:6c:83:a1:b6:71:a2:
         c6:a2:0a:33:3b:05:31:a9:b8:fb:d0:89:d2:d9:6a:09:a0:f7:
         11:f1:3c:1f:c9:8a:4f:50:d8:ee:ad:ec:df:27:83:6b:86:63:
         29:f2:35:cc:6b:cc:14:14:02:ef:e7:c8:05:5a:81:a0:fc:0d:
         be:44:64:91:9f:2b:1f:5b:d4:78:cc:7b:56:5f:4f:af:cc:10:
         d6:62:15:a0:63:5c:36:ad:c9:28:40:41:87:18:0a:dc:89:01:
         1c:69:65:b9:94:6b:74:7b:af:90:c1:e7:c0:8d:c1:e9:d3:31:
         a7:a7:38:79:51:b8:ec:44:a9:1d:a1:e4:6e:38:5b:38:06:58:
         ae:5b:05:6f:f1:03:c9:a3:f9:7e:ed:88:88:ac:97:53:b8:5d:
         9d:9d:a9:93:ee:e8:bd:94:7a:a7:02:e2:70:e9:19:b8:19:47:
         31:98:d8:f8:7b:81:e5:bf:98:72:ea:57:5c:73:c0:84:8b:e5:
         1b:33:3f:71:76:da:ed:4c:17:db:4c:d2:48:d3:32:b2:4b:2a:
         5c:0f:98:9f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9Ny9u1CEnVFaPhNOWTLaiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNTA2MTIwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmFkNzc4ZTUyZTQ2ODRlYjZiNTdkM2U3M2E1MGFkMjRlMDRmMzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9FANiXO5SNM3EQhEun2WwaEIle6y
nByHtsfAb2sv1LhexVcv3JR2BvrZMC7Fl3FKyng+H3r8zlJMv84PFKFWuC19hjwD
ZfiFmWa+SX8MOjavlngZgoLPdZG9W3RjiT/OJp/gu5gZJaS9SFf9HehmId9V2t/i
0qOJuno02JKJtNCnXRDujHK8ARcADZY4bF82VF2hg+u0k7kZFnK/BQnT6CmUm2PG
R0sUHoP+p5601gmmoYlZQOQyzPSglGyX3YW1AJ9IxUuYyh2OTOCd0UWaWAjckkcw
j6vNWW/ckRtorm2yOaTViqap/NGHJqZTHQws6I9NzLdm5GUPxoN+ErNUEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJKtd45S5GhOtrV9PnOlCtJOBPM1MB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEva3ExM2psTGthRTYydFgwLWM2VUswazRFOHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg25xwMF
ACoSEkYwDQYJKoZIhvcNAQELBQADggEBAEwCZq0dr/8p00ZP9yzKI/bRu0rvyXTU
ugZPzpyloHozX3Go+imbWb2jRz5ekKiVQmyDobZxosaiCjM7BTGpuPvQidLZagmg
9xHxPB/Jik9Q2O6t7N8ng2uGYynyNcxrzBQUAu/nyAVagaD8Db5EZJGfKx9b1HjM
e1ZfT6/MENZiFaBjXDatyShAQYcYCtyJARxpZbmUa3R7r5DB58CNwenTMaenOHlR
uOxEqR2h5G44WzgGWK5bBW/xA8mj+X7tiIisl1O4XZ2dqZPu6L2UeqcC4nDpGbgZ
RzGY2Ph7geW/mHLqV1xzwISL5RszP3F22u1MF9tM0kjTMrJLKlwPmJ8=
-----END CERTIFICATE-----