Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/_icDitsfbroAv89N66SROw_9wT4.roa
File:                     _icDitsfbroAv89N66SROw_9wT4.roa (raw, json)
Hash identifier:          0y0/9H7lfw1qbnyUto0Lbo+sjQq5XsmwQmD6tgQlGyA=
Subject key identifier:   FE:27:03:8A:DB:1F:6E:BA:00:BF:CF:4D:EB:A4:91:3B:0F:FD:C1:3E
Certificate issuer:       /CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
Certificate serial:       018FC83C8D58EFA0872461D9DA830B5ABB7C
Authority key identifier: 3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/_icDitsfbroAv89N66SROw_9wT4.roa
Signing time:             Thu 30 May 2024 06:42:42 +0000
ROA not before:           Thu 30 May 2024 06:42:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63150
IP address blocks:        2a14:4900:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c8:3c:8d:58:ef:a0:87:24:61:d9:da:83:0b:5a:bb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
        Validity
            Not Before: May 30 06:42:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe27038adb1f6eba00bfcf4deba4913b0ffdc13e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4f:52:67:d2:4f:cb:75:3e:1f:d8:35:37:02:
                    c0:a9:46:a7:65:f1:bd:4e:d7:f7:a2:db:02:be:e7:
                    6a:68:c7:61:d6:4d:c9:3a:13:31:a2:08:97:88:8b:
                    46:00:80:8c:c6:f8:2e:92:45:d8:6d:45:60:3e:b5:
                    1b:e9:4d:3e:3d:12:f5:8d:08:a0:44:28:45:a9:85:
                    89:99:8d:f5:0f:ce:57:e6:1d:a4:78:30:ce:05:72:
                    ab:27:6b:39:39:ec:ea:b8:d7:ab:74:90:ce:d4:28:
                    6c:48:24:e2:87:a7:c8:0b:60:8e:d8:a7:3e:e0:29:
                    7f:41:75:c0:3d:2f:5f:f5:91:b3:7e:f6:86:44:c1:
                    04:06:3e:75:e3:fa:8b:62:9c:17:3e:1d:4d:b1:b2:
                    0e:6c:18:09:26:9f:78:b5:e6:f7:6b:57:61:7f:5a:
                    47:23:fd:e1:16:8d:4a:19:27:7c:1e:d9:9a:a5:80:
                    ae:b6:40:c1:d8:be:50:0d:ff:df:7e:bf:1e:da:17:
                    b8:37:43:13:51:9b:31:c2:10:f5:a1:8e:09:e9:41:
                    7e:f5:bf:40:29:73:0b:50:97:a8:35:54:55:de:c8:
                    d2:30:d8:29:42:ca:92:19:e1:a5:cf:2b:57:33:71:
                    1e:21:c4:42:cb:96:b2:e2:46:b9:05:2e:61:ad:4b:
                    1e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:27:03:8A:DB:1F:6E:BA:00:BF:CF:4D:EB:A4:91:3B:0F:FD:C1:3E
            X509v3 Authority Key Identifier:
                keyid:3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/_icDitsfbroAv89N66SROw_9wT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4900:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         26:e2:49:3e:81:54:c6:7c:02:ac:65:1f:a0:13:f2:ac:26:88:
         92:f7:b8:a8:92:a7:cd:22:a0:14:a6:f1:34:10:c2:14:b2:6c:
         ac:18:8a:7f:49:e6:82:ac:a9:69:4a:7d:e5:81:8a:80:4c:e8:
         91:4a:06:e2:24:b6:2b:ec:30:08:fb:41:c5:65:e4:40:3c:4a:
         2d:99:80:66:22:18:49:67:4f:65:c9:72:d0:1b:19:f5:12:f5:
         fb:7c:ac:0d:cf:f4:98:5f:23:73:bd:d4:9a:41:34:79:b2:ec:
         37:72:c7:a0:51:b2:18:7a:95:1a:9f:f5:96:03:db:56:e9:ed:
         3e:6a:0c:a8:94:3e:37:58:76:31:5f:43:66:89:da:44:9e:37:
         91:16:04:76:29:9e:2e:03:ff:04:2e:4a:f0:60:7b:f4:68:4a:
         a4:e7:e4:80:f6:54:25:53:b0:67:05:d4:1c:61:7f:e7:ab:5d:
         e1:f0:44:15:91:a0:32:cf:f8:b2:e5:5d:18:43:cb:1a:9e:9f:
         6d:6e:98:b7:c9:07:be:c3:6f:91:b7:71:37:2a:36:5d:a3:55:
         2d:87:e0:85:63:d8:16:9c:b3:f5:4b:b9:42:0c:95:78:e5:66:
         4a:45:2d:3d:5a:94:e9:c5:6e:97:33:d6:67:c1:de:fe:bc:b9:
         67:e6:8c:ef
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY/IPI1Y76CHJGHZ2oMLWrt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMGJmMThkNmJiZGIzM2RhODJmZTYxYTI4NjI0YmE3MmUy
MzUwNDAwHhcNMjQwNTMwMDY0MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTI3MDM4YWRiMWY2ZWJhMDBiZmNmNGRlYmE0OTEzYjBmZmRjMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk9SZ9JPy3U+H9g1NwLAqUanZfG9
Ttf3otsCvudqaMdh1k3JOhMxogiXiItGAICMxvgukkXYbUVgPrUb6U0+PRL1jQig
RChFqYWJmY31D85X5h2keDDOBXKrJ2s5OezquNerdJDO1ChsSCTih6fIC2CO2Kc+
4Cl/QXXAPS9f9ZGzfvaGRMEEBj514/qLYpwXPh1NsbIObBgJJp94teb3a1dhf1pH
I/3hFo1KGSd8HtmapYCutkDB2L5QDf/ffr8e2he4N0MTUZsxwhD1oY4J6UF+9b9A
KXMLUJeoNVRV3sjSMNgpQsqSGeGlzytXM3EeIcRCy5ay4ka5BS5hrUselQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP4nA4rbH266AL/PTeukkTsP/cE+MB8GA1UdIwQY
MBaAFDsL8Y1rvbM9qC/mGihiS6cuI1BAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2Yjgt
ZDQ5OTE2YjVmMmI0LzEvX2ljRGl0c2Zicm9Bdjg5TjY2U1JPd185d1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2YjgtZDQ5OTE2YjVmMmI0
LzEvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhRJACAw
DQYJKoZIhvcNAQELBQADggEBACbiST6BVMZ8AqxlH6AT8qwmiJL3uKiSp80ioBSm
8TQQwhSybKwYin9J5oKsqWlKfeWBioBM6JFKBuIktivsMAj7QcVl5EA8Si2ZgGYi
GElnT2XJctAbGfUS9ft8rA3P9JhfI3O91JpBNHmy7Ddyx6BRshh6lRqf9ZYD21bp
7T5qDKiUPjdYdjFfQ2aJ2kSeN5EWBHYpni4D/wQuSvBge/RoSqTn5ID2VCVTsGcF
1Bxhf+erXeHwRBWRoDLP+LLlXRhDyxqen21umLfJB77Db5G3cTcqNl2jVS2H4IVj
2Bacs/VLuUIMlXjlZkpFLT1alOnFbpcz1mfB3v68uWfmjO8=
-----END CERTIFICATE-----