Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/r3Cs_xMD3ZXbXKnrfgQka2nUTuI.roa
File:                     r3Cs_xMD3ZXbXKnrfgQka2nUTuI.roa (raw, json)
Hash identifier:          1NJe/GKigPwC61Vwjgr3v5xEF/5s0+l/HDI7AJ0uJNU=
Subject key identifier:   AF:70:AC:FF:13:03:DD:95:DB:5C:A9:EB:7E:04:24:6B:69:D4:4E:E2
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       018CC79547961F8FBB1C6D1B49F7F328B77B
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/r3Cs_xMD3ZXbXKnrfgQka2nUTuI.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139238
IP address blocks:        2a09:b280:ccce::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:47:96:1f:8f:bb:1c:6d:1b:49:f7:f3:28:b7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af70acff1303dd95db5ca9eb7e04246b69d44ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:e2:ba:d7:ec:6b:75:f4:a9:f7:ae:5f:85:
                    15:94:d8:04:e9:21:71:26:c0:09:ed:cd:4d:d2:87:
                    91:78:38:10:02:ab:bb:af:d7:86:11:b6:19:b9:23:
                    83:18:2b:a3:eb:62:46:53:fc:45:e7:c0:df:35:6e:
                    66:e3:97:7b:c0:ea:7c:41:f0:9a:dc:bf:bd:3e:27:
                    49:c5:9f:ba:fd:2e:90:3b:b5:66:59:bd:ef:86:df:
                    db:8c:63:68:42:1a:3b:ec:9c:13:50:db:81:3e:f0:
                    68:26:11:6d:54:ab:e5:2a:08:ad:17:7a:ef:10:6a:
                    74:e3:7a:b7:27:21:d1:d5:a4:d3:c8:6a:b3:56:01:
                    af:0d:20:81:eb:f1:96:fa:63:b8:d5:4f:7d:27:12:
                    be:80:35:c4:7b:5f:9c:4f:46:24:c9:73:cb:23:e6:
                    c4:88:92:d5:dc:70:72:af:a9:77:d8:c3:05:06:2c:
                    a8:1a:af:b9:26:eb:65:fb:55:99:2a:70:74:2a:92:
                    b2:4f:03:80:36:66:34:f4:e0:9b:55:1a:bc:f3:b9:
                    5b:e6:0a:67:01:95:ed:93:39:b4:0e:68:b0:bf:f5:
                    a5:f3:2e:04:81:ad:f9:f2:94:ec:e3:f7:2f:00:bf:
                    13:f8:87:ea:a7:ba:06:b4:6f:97:f2:ee:e5:37:f3:
                    95:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:70:AC:FF:13:03:DD:95:DB:5C:A9:EB:7E:04:24:6B:69:D4:4E:E2
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/r3Cs_xMD3ZXbXKnrfgQka2nUTuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:b280:ccce::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:a0:af:e9:85:02:5b:4a:53:62:c9:43:1c:8b:19:dd:ed:30:
         a2:80:a6:ab:5f:6f:f5:04:76:71:b2:4b:03:50:49:28:95:3b:
         97:1b:70:59:30:73:2a:0f:88:9f:48:03:68:1b:69:10:7d:d7:
         a3:95:43:38:6a:b5:08:f3:3a:0f:6c:95:d4:b2:ff:3f:4d:3d:
         c4:92:05:f5:b0:e2:77:1b:58:49:8b:e4:30:c9:a2:e6:56:07:
         89:7f:54:41:d7:69:ca:68:0b:6c:99:5c:98:bb:9f:d5:a4:dc:
         de:c6:08:d7:0b:ba:fe:c8:f4:30:79:ff:3e:93:16:79:7a:a6:
         10:13:36:a7:1f:f5:3c:4d:20:7b:4b:bd:c2:8d:53:89:5f:7e:
         38:1e:b6:c5:7f:97:fd:6f:7d:8b:17:4b:4d:9d:d4:ca:cd:c0:
         c2:23:0b:ab:7b:55:b1:7c:14:03:b6:8a:ff:1f:0c:ca:cd:af:
         89:79:01:a9:db:20:7b:93:e3:6d:7f:9c:66:ef:ce:5a:f5:81:
         44:d0:e9:2d:48:9a:1a:01:67:4c:9c:ec:2b:1e:31:a6:c0:c3:
         3c:7a:ea:48:37:58:8c:81:7b:34:83:74:76:54:d7:4a:ce:1a:
         a6:e9:36:75:c4:04:6d:55:e9:61:4c:4a:a1:f7:84:f9:e7:f9:
         47:25:95:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlUeWH4+7HG0bSffzKLd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjcwYWNmZjEzMDNkZDk1ZGI1Y2E5ZWI3ZTA0MjQ2YjY5ZDQ0ZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/Xiutfsa3X0qfeuX4UVlNgE6SFx
JsAJ7c1N0oeReDgQAqu7r9eGEbYZuSODGCuj62JGU/xF58DfNW5m45d7wOp8QfCa
3L+9PidJxZ+6/S6QO7VmWb3vht/bjGNoQho77JwTUNuBPvBoJhFtVKvlKgitF3rv
EGp043q3JyHR1aTTyGqzVgGvDSCB6/GW+mO41U99JxK+gDXEe1+cT0YkyXPLI+bE
iJLV3HByr6l32MMFBiyoGq+5Jutl+1WZKnB0KpKyTwOANmY09OCbVRq887lb5gpn
AZXtkzm0Dmiwv/Wl8y4Ega358pTs4/cvAL8T+Ifqp7oGtG+X8u7lN/OVAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK9wrP8TA92V21yp634EJGtp1E7iMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvcjNDc194TUQzWlhiWEtucmZnUWthMm5VVHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmygMzO
MA0GCSqGSIb3DQEBCwUAA4IBAQBFoK/phQJbSlNiyUMcixnd7TCigKarX2/1BHZx
sksDUEkolTuXG3BZMHMqD4ifSANoG2kQfdejlUM4arUI8zoPbJXUsv8/TT3EkgX1
sOJ3G1hJi+QwyaLmVgeJf1RB12nKaAtsmVyYu5/VpNzexgjXC7r+yPQwef8+kxZ5
eqYQEzanH/U8TSB7S73CjVOJX344HrbFf5f9b32LF0tNndTKzcDCIwure1WxfBQD
tor/HwzKza+JeQGp2yB7k+Ntf5xm785a9YFE0OktSJoaAWdMnOwrHjGmwMM8eupI
N1iMgXs0g3R2VNdKzhqm6TZ1xARtVelhTEqh94T55/lHJZX+
-----END CERTIFICATE-----