Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/DG0MDFaVPMaf8eAc8cu7Lr4D2-k.roa
File:                     DG0MDFaVPMaf8eAc8cu7Lr4D2-k.roa (raw, json)
Hash identifier:          LvojZLVUPHfRduTmbyWUKp49vpKIYFv8O6Yui4N6zCg=
Subject key identifier:   0C:6D:0C:0C:56:95:3C:C6:9F:F1:E0:1C:F1:CB:BB:2E:BE:03:DB:E9
Certificate issuer:       /CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
Certificate serial:       018CC4939E94E7B41D4B76BA5B0FA13E7D95
Authority key identifier: 3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/DG0MDFaVPMaf8eAc8cu7Lr4D2-k.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0a:144::/35 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9e:94:e7:b4:1d:4b:76:ba:5b:0f:a1:3e:7d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c6d0c0c56953cc69ff1e01cf1cbbb2ebe03dbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ed:3f:00:69:5c:ad:69:94:ef:2d:0f:ea:68:
                    52:c2:8c:64:90:1b:ae:eb:84:79:28:e9:b0:cf:38:
                    1c:1d:b3:f8:b4:10:91:f7:60:cc:58:1e:4e:83:cb:
                    d3:24:c4:75:e7:ae:98:bc:ce:01:6e:ac:23:b4:58:
                    69:cb:40:2f:28:11:41:8b:a7:4b:b2:22:a6:1e:50:
                    0d:6a:99:20:72:a9:e1:82:ab:7d:e3:14:f0:5b:dd:
                    cf:c8:76:06:05:a0:52:92:8f:b7:d4:8d:b8:f5:52:
                    5c:38:f4:53:0e:03:a0:86:99:c7:9f:62:10:fb:ec:
                    f4:32:1a:b3:b4:c9:5d:64:57:c8:76:10:60:e9:28:
                    fd:2b:8e:15:e2:ac:ba:f4:e2:0f:9b:d1:8f:15:18:
                    86:e6:c6:ff:f9:98:12:f6:51:8e:b2:db:0b:30:e4:
                    c6:1d:fb:5e:78:b4:af:fd:26:0a:89:14:81:2b:6f:
                    35:78:6a:31:01:75:47:29:aa:f8:38:30:96:c4:e7:
                    50:1d:ad:6a:d2:e9:ff:0c:5a:b9:2b:37:45:89:2b:
                    bc:96:6e:3e:67:86:37:b1:f9:2d:7a:96:c4:8f:9a:
                    bf:bd:51:16:ac:8f:8b:53:fc:e0:07:00:61:eb:7a:
                    cb:7c:eb:48:3e:c5:0b:6f:a4:6e:44:af:f2:65:9d:
                    25:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:6D:0C:0C:56:95:3C:C6:9F:F1:E0:1C:F1:CB:BB:2E:BE:03:DB:E9
            X509v3 Authority Key Identifier:
                keyid:3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/DG0MDFaVPMaf8eAc8cu7Lr4D2-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:144::/35

    Signature Algorithm: sha256WithRSAEncryption
         65:2a:3d:ac:78:37:4a:7e:ec:4a:ea:06:5c:69:bd:b8:a6:d2:
         0e:d3:82:1c:3c:86:57:02:82:10:c7:c4:08:46:b2:6b:53:76:
         48:8f:c4:9e:45:f9:26:6f:7a:c2:38:06:71:de:cf:bd:17:f8:
         75:51:6b:19:b2:d7:41:bf:8d:ae:8a:31:d9:bd:49:56:75:14:
         e5:62:58:e2:40:47:4d:28:a0:0e:07:be:c9:26:93:9d:28:07:
         14:65:4c:23:06:5d:7c:c9:24:42:2d:03:0d:44:3e:51:ba:06:
         11:6b:f2:ee:70:26:13:47:f2:0a:c9:8f:dd:eb:36:26:18:6b:
         3f:63:f2:d2:62:47:59:1a:9c:c4:0e:52:68:5b:78:0d:d4:d3:
         92:24:83:2b:63:c7:bf:ae:38:ec:99:fb:79:39:5e:d4:2d:02:
         c9:de:ca:8d:7d:d0:d9:2b:ed:67:4f:4f:70:92:85:73:55:65:
         d1:26:48:0e:d9:55:57:b8:47:4c:7f:6c:11:8d:16:d2:cd:8b:
         6a:d9:98:1a:17:1d:9e:10:a3:c0:16:e6:f4:2c:e8:ae:ec:85:
         3e:9d:07:cf:85:24:b3:b7:45:ab:7c:cf:e7:db:1d:c6:55:06:
         95:3d:7a:54:d3:97:6c:0e:57:ca:bd:1c:f1:49:d4:41:74:4d:
         5c:bf:a2:e1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk56U57QdS3a6Ww+hPn2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2JmNTExNzc0YjZlMWQ3MDZiYjI3MjdiM2QzMTI1Nzc1
YTkxMmYwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzZkMGMwYzU2OTUzY2M2OWZmMWUwMWNmMWNiYmIyZWJlMDNkYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu0/AGlcrWmU7y0P6mhSwoxkkBuu
64R5KOmwzzgcHbP4tBCR92DMWB5Og8vTJMR1566YvM4BbqwjtFhpy0AvKBFBi6dL
siKmHlANapkgcqnhgqt94xTwW93PyHYGBaBSko+31I249VJcOPRTDgOghpnHn2IQ
++z0MhqztMldZFfIdhBg6Sj9K44V4qy69OIPm9GPFRiG5sb/+ZgS9lGOstsLMOTG
HfteeLSv/SYKiRSBK281eGoxAXVHKar4ODCWxOdQHa1q0un/DFq5KzdFiSu8lm4+
Z4Y3sfktepbEj5q/vVEWrI+LU/zgBwBh63rLfOtIPsULb6RuRK/yZZ0l0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAxtDAxWlTzGn/HgHPHLuy6+A9vpMB8GA1UdIwQY
MBaAFD879RF3S24dcGuycns9MSV3WpEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWIt
YTBkNmRiZmFjNmViLzEvREcwTURGYVZQTWFmOGVBYzhjdTdMcjREMi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWItYTBkNmRiZmFjNmVi
LzEvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgoBRAAw
DQYJKoZIhvcNAQELBQADggEBAGUqPax4N0p+7ErqBlxpvbim0g7Tghw8hlcCghDH
xAhGsmtTdkiPxJ5F+SZvesI4BnHez70X+HVRaxmy10G/ja6KMdm9SVZ1FOViWOJA
R00ooA4Hvskmk50oBxRlTCMGXXzJJEItAw1EPlG6BhFr8u5wJhNH8grJj93rNiYY
az9j8tJiR1kanMQOUmhbeA3U05Ikgytjx7+uOOyZ+3k5XtQtAsneyo190Nkr7WdP
T3CShXNVZdEmSA7ZVVe4R0x/bBGNFtLNi2rZmBoXHZ4Qo8AW5vQs6K7shT6dB8+F
JLO3Rat8z+fbHcZVBpU9elTTl2wOV8q9HPFJ1EF0TVy/ouE=
-----END CERTIFICATE-----