Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/1-exKtRbbKLh9NGtBizbU6Qs91nY.roa
File:                     1-exKtRbbKLh9NGtBizbU6Qs91nY.roa (raw, json)
Hash identifier:          lpGUGnwnf3JuDnYve72WAVx+p0Jo5z0gOwnEBvUU/as=
Subject key identifier:   F9:EC:4A:B5:16:DB:28:B8:7D:34:6B:41:8B:36:D4:E9:0B:3D:D6:76
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6E8F49975C2F9702E23089431BCB
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/1-exKtRbbKLh9NGtBizbU6Qs91nY.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43443
IP address blocks:        2a03:9c00:a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 03:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6e:8f:49:97:5c:2f:97:02:e2:30:89:43:1b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9ec4ab516db28b87d346b418b36d4e90b3dd676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:95:a3:32:b2:bd:4a:fd:0c:0e:59:09:51:80:
                    df:ee:9c:cc:42:5b:9c:39:b9:ed:2c:77:97:02:d6:
                    9a:24:64:b1:52:73:72:eb:65:aa:8e:e5:a6:9e:32:
                    20:d4:8d:63:b3:49:16:65:3a:f5:82:43:0d:3b:1d:
                    95:36:ce:52:d3:b0:de:4f:16:3c:a9:5d:86:1a:a7:
                    b8:80:bd:47:75:57:74:04:09:b2:8b:32:fe:9d:85:
                    6e:e8:b6:85:12:1a:6a:33:a0:d4:42:81:d0:4f:eb:
                    43:be:42:a4:c0:f3:6f:c0:3b:11:2f:ea:98:c1:13:
                    13:42:85:10:83:fe:89:a2:f3:d4:b1:df:e7:15:ca:
                    53:e4:4f:29:a0:ed:82:2b:85:ab:57:03:7b:32:63:
                    32:18:8b:85:67:8f:a2:67:70:0a:c1:19:3f:9c:2d:
                    3d:5d:b9:9d:71:de:c9:92:a3:f2:00:a1:b9:07:a4:
                    c6:69:12:68:47:63:39:1c:09:bf:7a:46:a8:83:c3:
                    03:1e:48:53:13:e8:62:c0:c5:4a:43:e3:4a:66:a3:
                    3e:79:01:0a:ad:c4:91:7f:7d:59:f3:be:09:4b:d9:
                    d3:ff:d2:c4:70:a3:53:28:44:ec:bf:8b:5f:42:d2:
                    0f:21:b7:9f:22:62:22:1e:d6:08:4e:80:9e:0f:35:
                    54:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EC:4A:B5:16:DB:28:B8:7D:34:6B:41:8B:36:D4:E9:0B:3D:D6:76
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/1-exKtRbbKLh9NGtBizbU6Qs91nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9c00:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:0c:a6:ae:4f:66:d5:24:fd:87:3c:63:81:d4:cb:ef:46:4f:
         c5:e7:a6:15:9f:e1:fd:e2:29:d3:80:05:db:b7:b4:7a:b0:d1:
         3f:82:67:24:c8:bf:24:7d:e2:6e:d9:a9:4c:49:54:dd:1b:e9:
         91:75:33:b9:03:7a:05:9a:41:c0:f8:57:b1:0b:26:07:6d:5d:
         c9:54:9e:fc:b1:27:b3:af:32:88:72:62:4a:26:43:f4:37:df:
         e2:cb:e0:d5:f9:73:ad:ca:8a:16:6d:45:78:86:e6:48:77:03:
         90:1d:8d:3b:c1:c3:19:93:cd:77:71:9d:30:c8:bd:cb:cb:f6:
         5f:ab:fb:5f:0b:85:5b:0d:07:32:a6:fd:02:1b:bc:69:d2:85:
         f1:f9:40:0e:69:81:26:11:59:68:49:b0:6c:65:3a:1e:be:99:
         ce:89:54:e1:67:80:14:71:f1:d9:64:fb:a1:ad:b3:a8:d9:03:
         08:ce:04:ed:ab:1f:f6:8c:c4:7c:e4:f2:14:87:0d:d5:1f:73:
         b5:56:7a:9e:e9:2c:c6:bf:dd:92:55:a5:35:48:a6:82:20:c5:
         27:aa:be:6d:7b:7e:46:1b:5a:47:a1:3e:ec:5f:f5:ed:6e:15:
         9a:c9:7c:71:57:8c:ea:00:17:15:a8:4f:bc:4d:d9:31:a9:b1:
         1f:36:f4:a5
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJTm6PSZdcL5cC4jCJQxvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVjNGFiNTE2ZGIyOGI4N2QzNDZiNDE4YjM2ZDRlOTBiM2RkNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5WjMrK9Sv0MDlkJUYDf7pzMQluc
ObntLHeXAtaaJGSxUnNy62WqjuWmnjIg1I1js0kWZTr1gkMNOx2VNs5S07DeTxY8
qV2GGqe4gL1HdVd0BAmyizL+nYVu6LaFEhpqM6DUQoHQT+tDvkKkwPNvwDsRL+qY
wRMTQoUQg/6JovPUsd/nFcpT5E8poO2CK4WrVwN7MmMyGIuFZ4+iZ3AKwRk/nC09
Xbmdcd7JkqPyAKG5B6TGaRJoR2M5HAm/ekaog8MDHkhTE+hiwMVKQ+NKZqM+eQEK
rcSRf31Z874JS9nT/9LEcKNTKETsv4tfQtIPIbefImIiHtYIToCeDzVUwQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPnsSrUW2yi4fTRrQYs21OkLPdZ2MB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvMS1leEt0UmJiS0xoOU5HdEJpemJVNlFzOTFuWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWEvZWE0NDU1LTc4MzYtNDRjNC1iMmEzLTJlY2UwNGUxODVj
Mi8xLzNPOVkxTS1qVlVQNFNJb25WdWFTVG1SN1JZay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoDnAAA
CjANBgkqhkiG9w0BAQsFAAOCAQEAwgymrk9m1ST9hzxjgdTL70ZPxeemFZ/h/eIp
04AF27e0erDRP4JnJMi/JH3ibtmpTElU3RvpkXUzuQN6BZpBwPhXsQsmB21dyVSe
/LEns68yiHJiSiZD9Dff4svg1flzrcqKFm1FeIbmSHcDkB2NO8HDGZPNd3GdMMi9
y8v2X6v7XwuFWw0HMqb9Ahu8adKF8flADmmBJhFZaEmwbGU6Hr6ZzolU4WeAFHHx
2WT7oa2zqNkDCM4E7asf9ozEfOTyFIcN1R9ztVZ6nuksxr/dklWlNUimgiDFJ6q+
bXt+RhtaR6E+7F/17W4Vmsl8cVeM6gAXFahPvE3ZMamxHzb0pQ==
-----END CERTIFICATE-----