Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/PnmZwLXvQZiFOxIGA0_ufIJ2cmo.roa
File:                     PnmZwLXvQZiFOxIGA0_ufIJ2cmo.roa (raw, json)
Hash identifier:          P/SMRdNitWat2SlRXTeIEY9FB+d/YobD9GtLAO+9iX0=
Subject key identifier:   3E:79:99:C0:B5:EF:41:98:85:3B:12:06:03:4F:EE:7C:82:76:72:6A
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       018CC649E061299112632FD05DC7AA7DEB05
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/PnmZwLXvQZiFOxIGA0_ufIJ2cmo.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8961
IP address blocks:        2001:8f8:d002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e0:61:29:91:12:63:2f:d0:5d:c7:aa:7d:eb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e7999c0b5ef4198853b1206034fee7c8276726a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f2:b8:b6:b1:87:3a:56:78:83:ef:10:86:8b:
                    7f:c6:ce:fd:ec:3a:40:f6:65:35:36:1f:f0:11:8c:
                    3b:e6:d7:18:8d:a7:31:1d:57:33:ce:67:c9:08:6c:
                    62:92:bd:bf:00:3c:cd:48:b4:f1:d8:0f:ae:be:e6:
                    55:74:9f:00:23:a5:38:70:f1:d7:db:ed:d6:e2:1a:
                    9e:7c:d1:ca:8b:ea:1c:b5:cd:af:46:47:4d:c6:37:
                    26:8c:1d:2e:01:e5:23:d5:87:88:2c:2f:61:71:cf:
                    8b:48:b6:ff:84:0b:08:60:77:b8:04:b8:75:d3:47:
                    81:de:27:5a:43:5f:ad:34:a5:13:00:89:a0:8c:98:
                    d7:6e:98:71:b0:f4:8f:1f:14:ef:29:77:c9:13:5a:
                    e7:a2:58:1b:f7:9c:b6:6c:59:d8:6a:12:ef:b7:86:
                    7d:82:cf:d6:43:c7:b1:ef:b8:86:65:04:08:da:d0:
                    d0:6f:80:0e:e8:aa:81:11:15:97:a1:42:d0:f2:23:
                    20:66:46:e0:06:7d:dc:89:05:ef:80:4e:e2:9f:51:
                    36:3e:bc:57:bb:88:31:e5:b2:a3:10:48:62:2a:f7:
                    0f:bd:46:ef:7b:c6:9f:42:a6:48:ba:74:18:81:60:
                    53:e2:75:4b:3e:33:a2:d0:42:1d:34:9d:01:fd:4d:
                    6c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:79:99:C0:B5:EF:41:98:85:3B:12:06:03:4F:EE:7C:82:76:72:6A
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/PnmZwLXvQZiFOxIGA0_ufIJ2cmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:8f8:d002::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:c8:82:17:1f:c2:d8:9b:eb:64:d5:2d:13:5d:ad:85:f9:f5:
         ed:96:c1:7f:9e:0c:ec:7e:f4:86:df:58:21:d7:46:84:11:c3:
         03:1f:3a:a2:8c:37:bc:43:7b:ba:77:ec:a4:26:0a:31:93:be:
         f3:17:ff:43:f5:44:d3:8c:38:43:68:5a:2c:77:64:6d:ea:c9:
         d9:f4:23:1e:0d:87:ab:8d:7c:f1:e2:43:94:f8:7a:a8:ef:fb:
         dc:0e:1a:23:07:5e:86:4c:fa:35:19:7b:1a:06:90:48:79:c7:
         04:43:cf:73:64:b6:bc:59:26:a4:06:29:1c:95:08:81:0e:05:
         5e:22:dd:46:b2:0e:f0:f0:20:21:ac:93:0e:1d:b9:fd:e5:44:
         3e:42:bd:e1:68:bf:34:a7:05:93:15:95:ff:90:2c:60:a8:ee:
         39:e1:81:4f:98:62:bd:79:5b:47:e3:ad:3d:b6:4d:23:9d:5a:
         5c:ca:ad:70:5a:59:66:af:77:3a:95:0a:d3:16:b3:33:30:e1:
         d9:b2:b0:30:55:61:46:40:36:24:a4:92:1f:d7:1e:d8:c8:63:
         48:bf:61:85:25:da:87:05:bf:ca:f9:1f:d9:51:64:e1:8b:04:
         2e:75:7e:e8:5f:a6:d0:c7:32:5c:d1:10:b2:36:9b:fb:e4:58:
         bc:21:62:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSeBhKZESYy/QXceqfesFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc5OTljMGI1ZWY0MTk4ODUzYjEyMDYwMzRmZWU3YzgyNzY3MjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfK4trGHOlZ4g+8Qhot/xs797DpA
9mU1Nh/wEYw75tcYjacxHVczzmfJCGxikr2/ADzNSLTx2A+uvuZVdJ8AI6U4cPHX
2+3W4hqefNHKi+octc2vRkdNxjcmjB0uAeUj1YeILC9hcc+LSLb/hAsIYHe4BLh1
00eB3idaQ1+tNKUTAImgjJjXbphxsPSPHxTvKXfJE1rnolgb95y2bFnYahLvt4Z9
gs/WQ8ex77iGZQQI2tDQb4AO6KqBERWXoULQ8iMgZkbgBn3ciQXvgE7in1E2PrxX
u4gx5bKjEEhiKvcPvUbve8afQqZIunQYgWBT4nVLPjOi0EIdNJ0B/U1smQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD55mcC170GYhTsSBgNP7nyCdnJqMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvUG5tWndMWHZRWmlGT3hJR0EwX3VmSUoyY21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEI+NAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCDyIIXH8LYm+tk1S0TXa2F+fXtlsF/ngzsfvSG
31gh10aEEcMDHzqijDe8Q3u6d+ykJgoxk77zF/9D9UTTjDhDaFosd2Rt6snZ9CMe
DYerjXzx4kOU+Hqo7/vcDhojB16GTPo1GXsaBpBIeccEQ89zZLa8WSakBikclQiB
DgVeIt1Gsg7w8CAhrJMOHbn95UQ+Qr3haL80pwWTFZX/kCxgqO454YFPmGK9eVtH
4609tk0jnVpcyq1wWllmr3c6lQrTFrMzMOHZsrAwVWFGQDYkpJIf1x7YyGNIv2GF
JdqHBb/K+R/ZUWThiwQudX7oX6bQxzJc0RCyNpv75Fi8IWLz
-----END CERTIFICATE-----