Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/39b08d-eb01-43b0-b56c-273884b53c6e/1/nT15o-TBmpN5KenksSUnhjs725o.roa
File:                     nT15o-TBmpN5KenksSUnhjs725o.roa (raw, json)
Hash identifier:          bWpxfgV1mAsF0uEejnjj0bi57+TMl4zwmqlIw4wiS2Y=
Subject key identifier:   9D:3D:79:A3:E4:C1:9A:93:79:29:E9:E4:B1:25:27:86:3B:3B:DB:9A
Certificate issuer:       /CN=c334a35abfa82d549e490704d68bbe658005d63c
Certificate serial:       018CC2DB66F5E391E10297D15947CCCE942B
Authority key identifier: C3:34:A3:5A:BF:A8:2D:54:9E:49:07:04:D6:8B:BE:65:80:05:D6:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wzSjWr-oLVSeSQcE1ou-ZYAF1jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/39b08d-eb01-43b0-b56c-273884b53c6e/1/nT15o-TBmpN5KenksSUnhjs725o.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44980
IP address blocks:        2001:1a08:666::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/39b08d-eb01-43b0-b56c-273884b53c6e/1/wzSjWr-oLVSeSQcE1ou-ZYAF1jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/39b08d-eb01-43b0-b56c-273884b53c6e/1/wzSjWr-oLVSeSQcE1ou-ZYAF1jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wzSjWr-oLVSeSQcE1ou-ZYAF1jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:66:f5:e3:91:e1:02:97:d1:59:47:cc:ce:94:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c334a35abfa82d549e490704d68bbe658005d63c
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d3d79a3e4c19a937929e9e4b12527863b3bdb9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:06:19:4d:ab:5a:2b:3b:00:dc:24:9f:f7:a9:
                    c0:30:19:a8:de:cf:55:44:c8:98:ec:a3:d1:8f:04:
                    32:00:eb:d2:93:2a:16:58:03:ac:72:f0:a6:4e:14:
                    a9:72:ce:84:ea:7c:35:5d:c7:07:da:26:13:e0:a1:
                    1a:09:dc:bc:1c:24:fa:25:a6:79:bc:64:23:6e:72:
                    f3:74:7e:b8:eb:89:5c:97:5e:cb:4c:0f:f5:db:7a:
                    f1:82:7d:fa:a3:25:89:35:b1:05:6b:3b:27:f7:70:
                    ba:c3:5d:8c:88:a4:d6:25:56:76:88:f1:2f:01:0d:
                    df:d5:db:9b:5b:2f:40:a6:95:35:c7:5f:52:83:1c:
                    0e:3e:5c:6a:08:75:aa:84:3b:8a:74:f9:30:8e:9a:
                    c3:3d:76:ab:37:9c:68:7a:0d:ec:70:e9:fc:1d:9c:
                    40:4f:0c:8b:f8:f2:bf:fc:6b:2f:6b:7c:8e:26:27:
                    a9:1e:7e:a3:41:25:4b:86:98:6a:1b:16:6d:a5:83:
                    de:85:ff:1e:c0:f4:f6:7c:f7:ae:76:88:ae:92:4b:
                    31:d3:60:14:f5:54:12:d5:cb:f4:03:11:da:f4:f8:
                    0c:dc:7c:20:c1:71:a5:3a:a1:35:df:02:9f:46:7d:
                    53:65:a8:d5:14:28:f6:c5:1b:00:82:05:5e:80:1f:
                    96:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3D:79:A3:E4:C1:9A:93:79:29:E9:E4:B1:25:27:86:3B:3B:DB:9A
            X509v3 Authority Key Identifier:
                keyid:C3:34:A3:5A:BF:A8:2D:54:9E:49:07:04:D6:8B:BE:65:80:05:D6:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wzSjWr-oLVSeSQcE1ou-ZYAF1jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/39b08d-eb01-43b0-b56c-273884b53c6e/1/nT15o-TBmpN5KenksSUnhjs725o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/39b08d-eb01-43b0-b56c-273884b53c6e/1/wzSjWr-oLVSeSQcE1ou-ZYAF1jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a08:666::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:ab:1d:ce:45:bd:e0:4b:ad:92:4a:a3:87:91:10:a8:7e:6e:
         71:f9:b5:9a:96:2f:f6:14:e7:cf:93:64:bb:ff:cb:b8:bc:47:
         94:25:ac:bf:10:1e:df:45:e0:6c:a1:cb:4c:dd:0b:a1:56:6c:
         20:1e:dc:70:87:13:9a:e2:d2:f4:13:60:a8:53:b7:fc:d3:fd:
         89:d3:07:30:c3:60:86:62:48:cb:f3:72:ba:b8:0c:3b:6f:cc:
         b5:67:ae:0a:c4:3f:0c:39:92:12:23:dc:39:46:b0:66:f9:43:
         d4:b4:5c:ca:b4:12:8d:6b:97:d6:ca:14:35:ee:4e:91:5e:e6:
         80:02:0d:77:3d:24:ea:c6:65:4c:d1:d0:43:4e:e0:50:d9:db:
         05:3a:5c:98:dc:85:ee:f2:53:f5:ce:d0:ec:bc:ab:54:1f:8c:
         49:cb:af:58:66:32:34:fd:64:67:e1:8d:9f:7e:4b:3e:21:75:
         a5:be:93:45:fd:b6:a5:84:7f:08:01:bd:fe:59:46:61:0b:f1:
         63:5a:ef:1d:56:b8:5e:dd:55:12:1a:fc:55:73:e9:fc:45:0c:
         6f:41:ee:e7:19:e4:2a:67:6d:84:5d:d9:ad:c0:78:6b:d0:8a:
         d0:ca:33:9a:73:12:17:dc:0e:6c:7e:0b:ce:32:4e:ed:3d:96:
         a4:a2:6f:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC22b145HhApfRWUfMzpQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMzRhMzVhYmZhODJkNTQ5ZTQ5MDcwNGQ2OGJiZTY1ODAw
NWQ2M2MwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNkNzlhM2U0YzE5YTkzNzkyOWU5ZTRiMTI1Mjc4NjNiM2JkYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwYZTataKzsA3CSf96nAMBmo3s9V
RMiY7KPRjwQyAOvSkyoWWAOscvCmThSpcs6E6nw1XccH2iYT4KEaCdy8HCT6JaZ5
vGQjbnLzdH6464lcl17LTA/123rxgn36oyWJNbEFazsn93C6w12MiKTWJVZ2iPEv
AQ3f1dubWy9AppU1x19SgxwOPlxqCHWqhDuKdPkwjprDPXarN5xoeg3scOn8HZxA
TwyL+PK//Gsva3yOJiepHn6jQSVLhphqGxZtpYPehf8ewPT2fPeudoiukksx02AU
9VQS1cv0AxHa9PgM3HwgwXGlOqE13wKfRn1TZajVFCj2xRsAggVegB+W+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ09eaPkwZqTeSnp5LElJ4Y7O9uaMB8GA1UdIwQY
MBaAFMM0o1q/qC1UnkkHBNaLvmWABdY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3pTaldyLW9MVlNlU1FjRTFvdS1aWUFGMWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8zOWIwOGQtZWIwMS00M2IwLWI1NmMt
MjczODg0YjUzYzZlLzEvblQxNW8tVEJtcE41S2Vua3NTVW5oanM3MjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8zOWIwOGQtZWIwMS00M2IwLWI1NmMtMjczODg0YjUzYzZl
LzEvd3pTaldyLW9MVlNlU1FjRTFvdS1aWUFGMWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaCAZm
MA0GCSqGSIb3DQEBCwUAA4IBAQAGqx3ORb3gS62SSqOHkRCofm5x+bWali/2FOfP
k2S7/8u4vEeUJay/EB7fReBsoctM3QuhVmwgHtxwhxOa4tL0E2CoU7f80/2J0wcw
w2CGYkjL83K6uAw7b8y1Z64KxD8MOZISI9w5RrBm+UPUtFzKtBKNa5fWyhQ17k6R
XuaAAg13PSTqxmVM0dBDTuBQ2dsFOlyY3IXu8lP1ztDsvKtUH4xJy69YZjI0/WRn
4Y2ffks+IXWlvpNF/balhH8IAb3+WUZhC/FjWu8dVrhe3VUSGvxVc+n8RQxvQe7n
GeQqZ22EXdmtwHhr0IrQyjOacxIX3A5sfgvOMk7tPZakom9n
-----END CERTIFICATE-----