Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/3os767e_8adA3D0JFlXLA4WOLT0.roa
File:                     3os767e_8adA3D0JFlXLA4WOLT0.roa (raw, json)
Hash identifier:          HSCf5YcQDfI+Tb9sjTz2NlCPGczyWDPO3N317TeXXQ8=
Subject key identifier:   DE:8B:3B:EB:B7:BF:F1:A7:40:DC:3D:09:16:55:CB:03:85:8E:2D:3D
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019348B60AB60EF39FDA2CC95DC061834B8D
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/3os767e_8adA3D0JFlXLA4WOLT0.roa
Signing time:             Wed 20 Nov 2024 08:35:10 +0000
ROA not before:           Wed 20 Nov 2024 08:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216107
IP address blocks:        2a0c:e640::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:48:b6:0a:b6:0e:f3:9f:da:2c:c9:5d:c0:61:83:4b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Nov 20 08:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de8b3bebb7bff1a740dc3d091655cb03858e2d3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:db:3b:13:f0:5e:43:71:8f:41:12:f8:39:0e:
                    04:16:ba:b5:df:11:2f:db:5e:b1:4d:59:a1:7a:79:
                    20:c9:b2:63:70:eb:95:a8:4c:22:50:23:4e:fc:96:
                    30:bd:45:66:f5:ae:0a:2a:f9:fc:58:8f:76:1c:00:
                    6c:7f:73:76:bc:84:2f:26:0f:df:ee:45:42:9b:d8:
                    66:67:52:19:ad:b9:ea:22:e2:76:1f:a3:79:77:68:
                    01:b1:94:0c:1e:e6:99:90:fc:46:74:64:22:3e:1d:
                    fd:3a:0a:af:e7:90:17:a8:31:de:34:e7:06:78:17:
                    17:10:32:6b:a3:37:d8:15:92:f6:61:cc:da:09:eb:
                    4f:ab:45:51:2c:f5:07:ad:16:af:27:d6:dc:32:12:
                    3a:38:69:88:fd:57:2a:98:16:ab:fc:85:5a:bd:54:
                    21:e4:ed:b1:b2:b8:8b:81:2c:d4:35:21:ff:4f:36:
                    32:45:57:78:af:42:52:17:65:f1:b5:fc:8b:2f:cc:
                    5c:5d:de:f4:3d:40:de:f6:b9:bf:80:9f:1e:18:52:
                    e8:de:1d:28:db:22:d7:0b:03:40:e9:5d:50:5b:dc:
                    32:09:e9:00:b4:76:75:42:4d:89:f1:fe:0a:38:31:
                    45:46:d8:3d:67:a1:12:04:c4:a7:4a:c2:7a:e6:e1:
                    5a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8B:3B:EB:B7:BF:F1:A7:40:DC:3D:09:16:55:CB:03:85:8E:2D:3D
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/3os767e_8adA3D0JFlXLA4WOLT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e640::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:ef:3d:b1:10:ad:96:06:96:d8:2d:ff:e6:63:63:81:98:c5:
         06:32:1c:7d:0d:d9:e4:ad:d0:63:4f:65:28:34:17:70:31:47:
         8f:29:a6:03:c3:96:01:5c:94:2f:cc:12:e2:71:74:9a:21:e5:
         45:c6:b5:0f:85:cc:a9:95:37:af:af:f7:dc:24:e9:c8:d3:20:
         47:8e:4c:46:f2:44:1d:d3:30:83:e4:56:23:f1:78:89:69:f9:
         29:8e:46:77:5e:3e:13:f0:f4:22:cc:26:30:86:41:0d:a5:7d:
         73:cd:70:9e:2b:2b:3b:f9:47:74:b3:fc:1e:35:c8:4e:c1:b9:
         20:a0:6c:17:1a:c4:82:b3:a7:6e:f5:e2:9b:cb:6b:35:e2:62:
         94:7b:2b:95:7e:cd:52:ee:96:74:bf:6b:20:02:96:ee:25:64:
         54:ab:5d:59:16:2f:7e:6b:e6:3d:11:ec:e1:2e:0f:2c:ab:82:
         e2:c1:5e:06:da:4d:27:87:d2:6d:c6:fd:8e:4c:5e:18:5a:7a:
         44:96:87:b9:95:9a:a4:16:57:45:51:6b:0f:50:cd:82:c2:f7:
         65:cc:c6:3e:9d:1c:cb:cd:d9:95:4e:29:3f:6b:86:62:4a:a9:
         72:ad:dc:98:70:c9:58:5f:c3:9e:7f:cc:fe:ce:f9:90:3a:bd:
         c1:40:b4:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNItgq2DvOf2izJXcBhg0uNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQxMTIwMDgzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThiM2JlYmI3YmZmMWE3NDBkYzNkMDkxNjU1Y2IwMzg1OGUyZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9s7E/BeQ3GPQRL4OQ4EFrq13xEv
216xTVmhenkgybJjcOuVqEwiUCNO/JYwvUVm9a4KKvn8WI92HABsf3N2vIQvJg/f
7kVCm9hmZ1IZrbnqIuJ2H6N5d2gBsZQMHuaZkPxGdGQiPh39Ogqv55AXqDHeNOcG
eBcXEDJrozfYFZL2YczaCetPq0VRLPUHrRavJ9bcMhI6OGmI/VcqmBar/IVavVQh
5O2xsriLgSzUNSH/TzYyRVd4r0JSF2XxtfyLL8xcXd70PUDe9rm/gJ8eGFLo3h0o
2yLXCwNA6V1QW9wyCekAtHZ1Qk2J8f4KODFFRtg9Z6ESBMSnSsJ65uFaUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN6LO+u3v/GnQNw9CRZVywOFji09MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvM29zNzY3ZV84YWRBM0QwSkZsWExBNFdPTFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgzmQDAN
BgkqhkiG9w0BAQsFAAOCAQEAXO89sRCtlgaW2C3/5mNjgZjFBjIcfQ3Z5K3QY09l
KDQXcDFHjymmA8OWAVyUL8wS4nF0miHlRca1D4XMqZU3r6/33CTpyNMgR45MRvJE
HdMwg+RWI/F4iWn5KY5Gd14+E/D0IswmMIZBDaV9c81wnisrO/lHdLP8HjXITsG5
IKBsFxrEgrOnbvXim8trNeJilHsrlX7NUu6WdL9rIAKW7iVkVKtdWRYvfmvmPRHs
4S4PLKuC4sFeBtpNJ4fSbcb9jkxeGFp6RJaHuZWapBZXRVFrD1DNgsL3ZczGPp0c
y83ZlU4pP2uGYkqpcq3cmHDJWF/Dnn/M/s75kDq9wUC0cw==
-----END CERTIFICATE-----