Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/fEQuMvgPPuDdrWFgBDXN0z2uT6A.roa
File:                     fEQuMvgPPuDdrWFgBDXN0z2uT6A.roa (raw, json)
Hash identifier:          3CuMLmkwpXx0znmuC/lyJxr7E9Rj6NeTrbBAI1+lj40=
Subject key identifier:   7C:44:2E:32:F8:0F:3E:E0:DD:AD:61:60:04:35:CD:D3:3D:AE:4F:A0
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6E0CE5C6A690352610522A4D62AB
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/fEQuMvgPPuDdrWFgBDXN0z2uT6A.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41732
IP address blocks:        2a03:9c00:d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6e:0c:e5:c6:a6:90:35:26:10:52:2a:4d:62:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c442e32f80f3ee0ddad61600435cdd33dae4fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2d:ab:1b:c8:51:15:cd:92:5b:4e:21:e6:f1:
                    2a:29:cf:d9:7c:b3:21:9c:7d:c0:0f:9b:14:03:11:
                    8b:f3:12:3d:30:85:65:61:57:ef:ef:a0:22:92:d2:
                    6e:a9:1e:9a:d4:eb:50:17:b1:60:85:a7:1a:6a:95:
                    6d:aa:0c:97:bc:d4:72:ab:6e:28:69:e7:8e:40:3f:
                    ea:17:8a:67:b2:ef:15:df:52:91:17:6a:55:79:5a:
                    d0:19:fd:33:8f:30:73:0b:3e:74:31:48:18:70:10:
                    3a:7f:e1:af:4b:3f:03:4f:ec:3d:d9:94:a0:19:c4:
                    99:f3:1c:a8:e9:60:04:c9:84:60:ec:50:16:dd:6c:
                    7a:24:12:b1:a3:a1:54:00:09:5d:d4:c9:ac:f6:84:
                    df:69:48:69:ad:c5:87:39:f6:22:36:1e:c5:d6:d9:
                    7c:86:c2:c3:d1:29:c9:1a:a0:f0:20:6c:6e:83:97:
                    0f:02:b9:4a:7f:cf:56:2f:5a:f8:2c:c0:30:33:65:
                    01:0f:ee:88:05:04:54:c4:9d:a1:18:ea:fc:67:3d:
                    25:a6:71:05:a5:8d:71:82:23:cf:2d:ba:d5:df:5e:
                    24:41:52:37:55:11:74:96:4f:ac:8d:ef:85:e6:b0:
                    f0:0f:45:4c:da:2d:e7:84:2e:24:e1:0d:f6:dd:0f:
                    aa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:44:2E:32:F8:0F:3E:E0:DD:AD:61:60:04:35:CD:D3:3D:AE:4F:A0
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/fEQuMvgPPuDdrWFgBDXN0z2uT6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9c00:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:e8:10:f1:f3:09:38:d9:7a:0d:40:b7:4b:33:d3:19:78:22:
         70:1b:61:3c:d3:04:dc:14:f8:05:90:d3:5f:b7:fe:cd:8b:4a:
         88:36:22:96:5e:a6:7a:cc:9a:d7:d2:da:c6:e9:0e:cb:55:ba:
         50:c4:04:0b:92:85:b9:af:3b:2e:fd:58:bc:b5:69:07:9d:a5:
         4e:c3:5f:a0:56:42:2a:19:b8:1b:f7:c4:72:c7:b0:db:9a:4a:
         cf:f3:15:fe:1f:1a:7c:54:5f:23:ca:a8:e1:82:1b:15:ac:43:
         74:b7:53:c8:69:f9:14:be:74:76:6b:0c:3a:c9:4d:34:18:19:
         19:02:d8:b3:fc:27:bf:75:af:18:e1:8b:46:58:b5:18:a4:1e:
         43:77:ed:5c:68:04:d4:21:59:56:28:81:26:f6:2f:35:9f:4b:
         ae:b0:2e:20:fc:c9:73:5b:81:fe:fb:f3:03:b7:f8:4d:ef:68:
         6f:25:05:d4:8b:93:94:a2:38:a9:d2:06:80:d6:d5:1f:24:88:
         03:c0:37:1e:0f:f8:7c:ff:8a:7a:c3:e6:76:18:6f:07:0c:2c:
         0b:49:f3:d9:42:b5:6f:ab:32:72:c0:74:f3:0d:f0:0d:12:12:
         ea:8d:1a:f4:c8:03:e0:47:12:93:3a:15:a4:6c:a3:03:da:d2:
         90:7e:0a:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTm4M5camkDUmEFIqTWKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQ0MmUzMmY4MGYzZWUwZGRhZDYxNjAwNDM1Y2RkMzNkYWU0ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6C2rG8hRFc2SW04h5vEqKc/ZfLMh
nH3AD5sUAxGL8xI9MIVlYVfv76AiktJuqR6a1OtQF7FghacaapVtqgyXvNRyq24o
aeeOQD/qF4pnsu8V31KRF2pVeVrQGf0zjzBzCz50MUgYcBA6f+GvSz8DT+w92ZSg
GcSZ8xyo6WAEyYRg7FAW3Wx6JBKxo6FUAAld1Mms9oTfaUhprcWHOfYiNh7F1tl8
hsLD0SnJGqDwIGxug5cPArlKf89WL1r4LMAwM2UBD+6IBQRUxJ2hGOr8Zz0lpnEF
pY1xgiPPLbrV314kQVI3VRF0lk+sje+F5rDwD0VM2i3nhC4k4Q323Q+qiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHxELjL4Dz7g3a1hYAQ1zdM9rk+gMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvZkVRdU12Z1BQdURkcldGZ0JEWE4wejJ1VDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgOcAAAN
MA0GCSqGSIb3DQEBCwUAA4IBAQCk6BDx8wk42XoNQLdLM9MZeCJwG2E80wTcFPgF
kNNft/7Ni0qINiKWXqZ6zJrX0trG6Q7LVbpQxAQLkoW5rzsu/Vi8tWkHnaVOw1+g
VkIqGbgb98Ryx7DbmkrP8xX+Hxp8VF8jyqjhghsVrEN0t1PIafkUvnR2aww6yU00
GBkZAtiz/Ce/da8Y4YtGWLUYpB5Dd+1caATUIVlWKIEm9i81n0uusC4g/MlzW4H+
+/MDt/hN72hvJQXUi5OUojip0gaA1tUfJIgDwDceD/h8/4p6w+Z2GG8HDCwLSfPZ
QrVvqzJywHTzDfANEhLqjRr0yAPgRxKTOhWkbKMD2tKQfgq7
-----END CERTIFICATE-----