Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/4UCS6c9_qEXYYfFVP4_g3E3prK4.roa
File:                     4UCS6c9_qEXYYfFVP4_g3E3prK4.roa (raw, json)
Hash identifier:          OcJi9Ac3FIrKGY2o3YN5aeZzxCE5JiU4eeSQSyeBUb4=
Subject key identifier:   E1:40:92:E9:CF:7F:A8:45:D8:61:F1:55:3F:8F:E0:DC:4D:E9:AC:AE
Certificate issuer:       /CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
Certificate serial:       018F3D8494D9342177498755BB854C228221
Authority key identifier: DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/4UCS6c9_qEXYYfFVP4_g3E3prK4.roa
Signing time:             Fri 03 May 2024 08:14:10 +0000
ROA not before:           Fri 03 May 2024 08:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39513
IP address blocks:        2a0c:d540:fe00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:84:94:d9:34:21:77:49:87:55:bb:85:4c:22:82:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
        Validity
            Not Before: May  3 08:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e14092e9cf7fa845d861f1553f8fe0dc4de9acae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:72:14:51:9a:36:58:91:10:2c:fd:6e:69:42:
                    97:88:35:1b:26:9f:e1:07:34:89:ce:58:67:72:e6:
                    c7:2c:32:10:0b:bd:10:51:52:d5:f2:d0:9b:8d:67:
                    20:5c:fb:d9:ae:16:fc:87:90:11:97:18:7f:23:e0:
                    11:b2:a6:79:78:a0:d4:a5:4d:9b:62:cd:88:62:23:
                    bf:38:a5:bf:67:0a:f4:2e:93:9b:e0:a0:31:3b:8c:
                    51:3f:9f:0d:c7:e9:ad:39:14:73:3e:f2:30:d5:5b:
                    a3:5c:44:de:37:2d:08:ad:78:a7:89:d9:d6:8b:0f:
                    14:69:d8:25:0b:18:ec:0a:ba:f7:1f:e4:e7:ab:0e:
                    7d:1e:d5:69:df:56:2d:a5:c1:06:bd:80:c2:92:a3:
                    c8:6a:8c:c4:ee:25:ab:88:6e:a0:38:e6:6f:ce:62:
                    c8:c4:f7:ea:bb:35:2c:2f:36:a1:76:c4:f9:03:a9:
                    9d:31:9d:c5:93:7e:ac:30:ac:b1:bd:29:c5:a8:31:
                    d9:92:a7:a6:79:18:80:c5:cf:73:98:89:4b:38:d9:
                    4d:9c:a3:06:4b:29:12:3b:92:02:0d:ec:9b:3a:90:
                    9d:a1:ea:29:70:e5:1e:f5:c0:d7:d8:e4:63:fa:d2:
                    da:cc:42:5b:65:82:9b:a4:ad:55:c4:df:a5:17:eb:
                    ef:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:40:92:E9:CF:7F:A8:45:D8:61:F1:55:3F:8F:E0:DC:4D:E9:AC:AE
            X509v3 Authority Key Identifier:
                keyid:DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/4UCS6c9_qEXYYfFVP4_g3E3prK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d540:fe00::/40

    Signature Algorithm: sha256WithRSAEncryption
         bf:f9:51:7b:fd:4e:cf:3d:ff:22:d4:e3:87:91:04:96:8e:5c:
         3a:3b:a3:a2:b5:e2:93:c4:ef:91:0b:cf:c4:54:c4:ff:13:c1:
         1b:72:da:a1:8f:f7:90:c0:ec:82:c9:17:66:26:64:2f:f5:7c:
         25:13:92:08:bb:bd:d6:e0:80:e5:f9:9f:b2:55:3e:b0:92:2f:
         8b:13:25:f2:82:d5:7d:4a:5a:13:81:8d:eb:e9:c2:49:12:23:
         a4:88:6c:5b:06:6a:95:24:60:d3:d6:d9:91:91:b8:1a:29:e1:
         94:01:60:0e:11:ab:e5:d7:ad:9f:c9:b9:6f:a1:d6:f2:75:7a:
         1f:b5:b0:1a:4c:55:6e:7e:33:2b:33:a4:bd:11:dc:fb:ad:53:
         93:e7:fb:3f:af:66:f7:21:db:fd:d8:17:7c:0b:ea:5e:62:5c:
         f2:42:c1:56:84:9c:5e:55:2a:25:65:6e:e8:d0:c6:e6:5a:38:
         2c:89:d4:d4:b6:f3:90:ca:a3:94:f2:67:83:38:2d:23:a4:dd:
         71:a2:11:a4:7a:15:e5:5f:77:b4:d1:18:69:8e:1e:79:f3:63:
         00:8d:0c:e8:07:f0:fd:a6:0c:5f:05:d7:ca:8a:9d:10:2a:55:
         c1:13:6a:b7:b8:83:5d:22:04:0c:b4:3a:bf:6e:ef:ec:b3:9f:
         54:2f:ed:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY89hJTZNCF3SYdVu4VMIoIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMmMxNWNmNzJmY2RiODU5NmI3YzY0ODliMTVhNmI3MjBj
MTRlYjUwHhcNMjQwNTAzMDgxNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQwOTJlOWNmN2ZhODQ1ZDg2MWYxNTUzZjhmZTBkYzRkZTlhY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnIUUZo2WJEQLP1uaUKXiDUbJp/h
BzSJzlhncubHLDIQC70QUVLV8tCbjWcgXPvZrhb8h5ARlxh/I+ARsqZ5eKDUpU2b
Ys2IYiO/OKW/Zwr0LpOb4KAxO4xRP58Nx+mtORRzPvIw1VujXETeNy0IrXinidnW
iw8UadglCxjsCrr3H+Tnqw59HtVp31YtpcEGvYDCkqPIaozE7iWriG6gOOZvzmLI
xPfquzUsLzahdsT5A6mdMZ3Fk36sMKyxvSnFqDHZkqemeRiAxc9zmIlLONlNnKMG
SykSO5ICDeybOpCdoeopcOUe9cDX2ORj+tLazEJbZYKbpK1VxN+lF+vvswIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOFAkunPf6hF2GHxVT+P4NxN6ayuMB8GA1UdIwQY
MBaAFN8sFc9y/NuFlrfGSJsVprcgwU61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUt
ZjE4NTNkMTBlNjEwLzEvNFVDUzZjOV9xRVhZWWZGVlA0X2czRTNwcks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUtZjE4NTNkMTBlNjEw
LzEvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgzVQP4w
DQYJKoZIhvcNAQELBQADggEBAL/5UXv9Ts89/yLU44eRBJaOXDo7o6K14pPE75EL
z8RUxP8TwRty2qGP95DA7ILJF2YmZC/1fCUTkgi7vdbggOX5n7JVPrCSL4sTJfKC
1X1KWhOBjevpwkkSI6SIbFsGapUkYNPW2ZGRuBop4ZQBYA4Rq+XXrZ/JuW+h1vJ1
eh+1sBpMVW5+MyszpL0R3PutU5Pn+z+vZvch2/3YF3wL6l5iXPJCwVaEnF5VKiVl
bujQxuZaOCyJ1NS285DKo5TyZ4M4LSOk3XGiEaR6FeVfd7TRGGmOHnnzYwCNDOgH
8P2mDF8F18qKnRAqVcETare4g10iBAy0Or9u7+yzn1Qv7UY=
-----END CERTIFICATE-----