Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/3EDkeiZ-pEk4KRhPEtyIm27YvQI.roa
File:                     3EDkeiZ-pEk4KRhPEtyIm27YvQI.roa (raw, json)
Hash identifier:          g7oAGdrkQUpVFM/UabazrNcJ852wcQP1r8we6d5yg+s=
Subject key identifier:   DC:40:E4:7A:26:7E:A4:49:38:29:18:4F:12:DC:88:9B:6E:D8:BD:02
Certificate issuer:       /CN=351a14ce9d25239b92fe5abce532515044c1aba4
Certificate serial:       0190ABF9351F2B9351A21D49174FBFB38311
Authority key identifier: 35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/3EDkeiZ-pEk4KRhPEtyIm27YvQI.roa
Signing time:             Sat 13 Jul 2024 12:02:34 +0000
ROA not before:           Sat 13 Jul 2024 12:02:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44024
IP address blocks:        2a05:91c3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:f9:35:1f:2b:93:51:a2:1d:49:17:4f:bf:b3:83:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a14ce9d25239b92fe5abce532515044c1aba4
        Validity
            Not Before: Jul 13 12:02:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc40e47a267ea4493829184f12dc889b6ed8bd02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:08:6f:4d:bf:cc:58:a1:10:b4:2a:ff:b2:dc:
                    d3:d0:02:27:71:ed:8d:77:ff:f1:51:d1:16:d1:25:
                    d3:85:6b:c9:06:1f:ce:51:fe:45:e9:ad:15:e2:87:
                    86:87:0a:3b:46:c4:01:68:e9:16:04:21:d5:44:08:
                    0b:c6:5e:ff:d9:58:e6:db:ce:21:ae:71:de:00:91:
                    d4:e9:6c:57:51:8b:0f:39:02:e1:5e:22:31:3b:de:
                    4e:42:9c:76:a3:1f:4a:e1:d6:30:21:e9:10:8a:f3:
                    a5:ef:d8:a6:19:24:7b:a8:93:74:29:4f:6b:d6:d9:
                    a5:12:5b:65:88:2e:1e:15:5c:89:20:18:ea:7d:17:
                    a5:a3:c4:28:6e:ae:fe:0a:a3:4b:a8:ba:cb:30:9e:
                    9e:63:e6:21:7c:40:97:69:4f:40:b6:f5:cb:0f:2c:
                    1d:75:39:e6:14:94:6d:00:e8:74:6b:6f:72:dc:3c:
                    c8:99:14:a3:f9:b6:09:23:5e:94:11:64:76:ad:02:
                    50:37:4a:92:76:b3:14:2f:49:77:ab:da:ad:5b:b7:
                    a6:9e:b5:7e:c4:f2:ff:23:d7:bb:40:9b:77:93:ae:
                    6a:56:57:57:4f:4c:46:9c:3b:91:17:b9:cf:55:c5:
                    c5:6c:76:44:10:f0:ee:3f:76:fe:ab:c9:15:8a:48:
                    6e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:40:E4:7A:26:7E:A4:49:38:29:18:4F:12:DC:88:9B:6E:D8:BD:02
            X509v3 Authority Key Identifier:
                keyid:35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/3EDkeiZ-pEk4KRhPEtyIm27YvQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:91c3::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:f8:19:df:86:c0:82:59:c3:5f:9c:0a:50:c8:6a:db:66:0e:
         33:3f:7c:3b:97:3a:67:f1:4f:23:b4:87:22:02:7f:d5:5d:bb:
         9e:99:fb:df:9e:8d:66:be:cd:5a:16:65:95:47:7f:26:3a:a7:
         03:c0:bd:1e:17:3a:72:f1:19:66:1f:db:f5:d8:12:c8:ef:41:
         b4:82:5e:94:e1:05:31:5f:c9:06:78:03:e4:a1:b0:79:7e:47:
         fc:69:59:75:0f:15:1a:5d:ef:88:c2:6f:c0:20:24:ff:7f:9c:
         d6:72:13:a6:e8:22:e3:db:f3:a6:99:ee:c3:41:9e:fb:05:ad:
         5c:bf:ff:12:a0:55:d3:a2:1b:55:16:aa:9f:ca:80:4d:13:be:
         09:24:a4:35:2a:d5:95:07:54:c3:34:b4:99:c2:3d:e5:98:43:
         bb:93:97:ed:38:14:3e:5b:0a:6d:ff:8c:f0:65:53:b7:07:f7:
         ea:f8:65:e7:43:15:98:49:cc:ef:72:5d:12:ac:62:1e:67:11:
         3a:5b:47:80:4f:7d:23:2e:9a:1f:9e:25:f4:1d:b4:50:65:c4:
         a4:c6:0d:1a:fa:cb:8d:dd:85:84:4c:8e:43:4c:aa:89:7f:70:
         76:cc:7a:65:c2:63:a2:f7:03:05:5d:be:38:01:8f:7a:b7:65:
         59:d1:26:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCr+TUfK5NRoh1JF0+/s4MRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWExNGNlOWQyNTIzOWI5MmZlNWFiY2U1MzI1MTUwNDRj
MWFiYTQwHhcNMjQwNzEzMTIwMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQwZTQ3YTI2N2VhNDQ5MzgyOTE4NGYxMmRjODg5YjZlZDhiZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlghvTb/MWKEQtCr/stzT0AInce2N
d//xUdEW0SXThWvJBh/OUf5F6a0V4oeGhwo7RsQBaOkWBCHVRAgLxl7/2Vjm284h
rnHeAJHU6WxXUYsPOQLhXiIxO95OQpx2ox9K4dYwIekQivOl79imGSR7qJN0KU9r
1tmlEltliC4eFVyJIBjqfRelo8Qobq7+CqNLqLrLMJ6eY+YhfECXaU9AtvXLDywd
dTnmFJRtAOh0a29y3DzImRSj+bYJI16UEWR2rQJQN0qSdrMUL0l3q9qtW7emnrV+
xPL/I9e7QJt3k65qVldXT0xGnDuRF7nPVcXFbHZEEPDuP3b+q8kVikhusQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNxA5HomfqRJOCkYTxLciJtu2L0CMB8GA1UdIwQY
MBaAFDUaFM6dJSObkv5avOUyUVBEwaukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEt
Mjk1Mzg5NGIxZjZkLzEvM0VEa2VpWi1wRWs0S1JoUEV0eUltMjdZdlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEtMjk1Mzg5NGIxZjZk
LzEvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWRwwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAD+BnfhsCCWcNfnApQyGrbZg4zP3w7lzpn8U8j
tIciAn/VXbuemfvfno1mvs1aFmWVR38mOqcDwL0eFzpy8RlmH9v12BLI70G0gl6U
4QUxX8kGeAPkobB5fkf8aVl1DxUaXe+Iwm/AICT/f5zWchOm6CLj2/Omme7DQZ77
Ba1cv/8SoFXTohtVFqqfyoBNE74JJKQ1KtWVB1TDNLSZwj3lmEO7k5ftOBQ+Wwpt
/4zwZVO3B/fq+GXnQxWYSczvcl0SrGIeZxE6W0eAT30jLpofniX0HbRQZcSkxg0a
+suN3YWETI5DTKqJf3B2zHplwmOi9wMFXb44AY96t2VZ0SZ6
-----END CERTIFICATE-----