Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d608b8-501f-491f-a2f2-10e57f56a17a/1/rc3TUoCt02PnVEmsA6tHkoHFxas.roa
File:                     rc3TUoCt02PnVEmsA6tHkoHFxas.roa (raw, json)
Hash identifier:          Caq99/mfUjIoB9wOCE2EbURru+P9a7IL5pjeyoTgBzY=
Subject key identifier:   AD:CD:D3:52:80:AD:D3:63:E7:54:49:AC:03:AB:47:92:81:C5:C5:AB
Certificate issuer:       /CN=4d77ccd7a94415dfc68ccca874e94c2e8c22202d
Certificate serial:       018CC4253B5874DBC8F81FBFC1F5B46AD14E
Authority key identifier: 4D:77:CC:D7:A9:44:15:DF:C6:8C:CC:A8:74:E9:4C:2E:8C:22:20:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TXfM16lEFd_GjMyodOlMLowiIC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/d608b8-501f-491f-a2f2-10e57f56a17a/1/rc3TUoCt02PnVEmsA6tHkoHFxas.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9512
IP address blocks:        2a00:fd80:aaaa::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/d608b8-501f-491f-a2f2-10e57f56a17a/1/TXfM16lEFd_GjMyodOlMLowiIC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/d608b8-501f-491f-a2f2-10e57f56a17a/1/TXfM16lEFd_GjMyodOlMLowiIC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TXfM16lEFd_GjMyodOlMLowiIC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3b:58:74:db:c8:f8:1f:bf:c1:f5:b4:6a:d1:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d77ccd7a94415dfc68ccca874e94c2e8c22202d
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adcdd35280add363e75449ac03ab479281c5c5ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f3:27:75:07:da:d3:c6:cc:c4:89:2a:ee:ea:
                    5b:bf:fa:c6:b8:ea:df:b3:ea:ce:b2:37:9b:49:ea:
                    5d:eb:e8:a7:24:a0:3c:a5:e5:32:65:16:c5:6d:2e:
                    94:5a:53:c8:e0:01:93:b8:1d:25:b9:ff:14:9c:94:
                    f5:97:bc:1a:b8:8c:d2:f4:f6:61:7c:26:47:e2:54:
                    4b:ae:31:36:ff:f9:38:ef:51:27:17:40:9e:2a:12:
                    c1:a9:a0:a3:26:9d:91:59:09:07:b5:27:51:c1:4a:
                    e2:65:3d:dd:9c:76:33:77:c4:5c:72:da:99:c6:69:
                    54:0d:6a:50:67:6d:76:45:87:dd:25:03:a4:6e:b8:
                    0b:d8:66:4e:73:d7:37:78:74:87:0e:54:07:71:cf:
                    26:85:16:a4:41:76:d4:82:f0:10:82:50:a7:2f:72:
                    43:37:b0:f0:0c:36:95:9e:65:16:29:03:0f:00:50:
                    e4:f0:d1:1b:f0:4f:d5:68:2b:97:ae:b2:af:e7:85:
                    30:bc:ab:f1:b1:2f:db:3e:8a:6c:0a:e8:79:3d:dd:
                    c8:0d:9a:d8:8c:05:fd:2e:7a:36:6f:b4:d4:22:10:
                    a4:dd:58:b5:27:24:1a:f7:96:64:5f:3e:4d:38:15:
                    49:9e:88:57:60:3b:bd:5c:31:c4:04:43:e3:76:d0:
                    17:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:CD:D3:52:80:AD:D3:63:E7:54:49:AC:03:AB:47:92:81:C5:C5:AB
            X509v3 Authority Key Identifier:
                keyid:4D:77:CC:D7:A9:44:15:DF:C6:8C:CC:A8:74:E9:4C:2E:8C:22:20:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TXfM16lEFd_GjMyodOlMLowiIC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d608b8-501f-491f-a2f2-10e57f56a17a/1/rc3TUoCt02PnVEmsA6tHkoHFxas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d608b8-501f-491f-a2f2-10e57f56a17a/1/TXfM16lEFd_GjMyodOlMLowiIC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:fd80:aaaa::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:ae:5f:48:b1:a8:0d:93:9b:c7:9d:ae:8e:f3:44:bc:17:3e:
         1e:70:b6:6a:3c:d8:aa:39:b9:b1:76:6f:b0:2d:b6:31:05:42:
         4e:7e:51:db:2b:3f:61:66:75:de:5a:14:61:9e:57:6d:0b:40:
         f9:4f:cd:c7:7b:51:94:55:1e:ee:ec:57:99:2a:f8:d8:35:ee:
         e7:2b:30:37:e3:a0:82:8e:d9:a9:09:6c:e6:f6:20:07:a0:3b:
         c4:a0:6f:b4:09:3a:7a:c9:45:98:7f:a3:52:fa:b8:ad:5f:79:
         ac:cb:10:23:1e:2c:0b:e8:01:e8:c7:70:94:50:8a:d2:77:6c:
         cd:fc:25:35:fc:8f:04:15:48:3b:32:23:28:20:17:61:72:cc:
         d6:f0:b1:f5:a1:9b:b8:4d:38:59:2b:42:65:d4:96:14:e0:ee:
         6f:c9:36:d1:15:4f:d4:7f:2b:eb:44:61:45:ed:4f:b0:5d:82:
         1c:9c:d7:3b:7e:25:71:87:7d:f5:2d:d1:ed:f1:04:48:54:c7:
         49:81:b7:69:61:f1:20:ab:86:d7:ae:aa:51:8f:6a:90:92:1a:
         1f:f3:78:46:95:65:4c:2c:23:06:3e:8f:68:2e:17:91:17:8b:
         92:9e:ba:d3:35:9c:45:c7:9f:3d:c9:dc:48:42:22:b6:cb:fc:
         51:4e:15:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJTtYdNvI+B+/wfW0atFOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNzdjY2Q3YTk0NDE1ZGZjNjhjY2NhODc0ZTk0YzJlOGMy
MjIwMmQwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGNkZDM1MjgwYWRkMzYzZTc1NDQ5YWMwM2FiNDc5MjgxYzVjNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPMndQfa08bMxIkq7upbv/rGuOrf
s+rOsjebSepd6+inJKA8peUyZRbFbS6UWlPI4AGTuB0luf8UnJT1l7wauIzS9PZh
fCZH4lRLrjE2//k471EnF0CeKhLBqaCjJp2RWQkHtSdRwUriZT3dnHYzd8RcctqZ
xmlUDWpQZ212RYfdJQOkbrgL2GZOc9c3eHSHDlQHcc8mhRakQXbUgvAQglCnL3JD
N7DwDDaVnmUWKQMPAFDk8NEb8E/VaCuXrrKv54UwvKvxsS/bPopsCuh5Pd3IDZrY
jAX9Lno2b7TUIhCk3Vi1JyQa95ZkXz5NOBVJnohXYDu9XDHEBEPjdtAXeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK3N01KArdNj51RJrAOrR5KBxcWrMB8GA1UdIwQY
MBaAFE13zNepRBXfxozMqHTpTC6MIiAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFhmTTE2bEVGZF9Hak15b2RPbE1Mb3dpSUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kNjA4YjgtNTAxZi00OTFmLWEyZjIt
MTBlNTdmNTZhMTdhLzEvcmMzVFVvQ3QwMlBuVkVtc0E2dEhrb0hGeGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kNjA4YjgtNTAxZi00OTFmLWEyZjItMTBlNTdmNTZhMTdh
LzEvVFhmTTE2bEVGZF9Hak15b2RPbE1Mb3dpSUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD9gKqq
MA0GCSqGSIb3DQEBCwUAA4IBAQAVrl9IsagNk5vHna6O80S8Fz4ecLZqPNiqObmx
dm+wLbYxBUJOflHbKz9hZnXeWhRhnldtC0D5T83He1GUVR7u7FeZKvjYNe7nKzA3
46CCjtmpCWzm9iAHoDvEoG+0CTp6yUWYf6NS+ritX3msyxAjHiwL6AHox3CUUIrS
d2zN/CU1/I8EFUg7MiMoIBdhcszW8LH1oZu4TThZK0Jl1JYU4O5vyTbRFU/Ufyvr
RGFF7U+wXYIcnNc7fiVxh331LdHt8QRIVMdJgbdpYfEgq4bXrqpRj2qQkhof83hG
lWVMLCMGPo9oLheRF4uSnrrTNZxFx589ydxIQiK2y/xRThXi
-----END CERTIFICATE-----