Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/Kc-64DdvpDRYpryEgWVmiZAxLb4.roa
File:                     Kc-64DdvpDRYpryEgWVmiZAxLb4.roa (raw, json)
Hash identifier:          fJnE6S6w3zcsSEIUNp19rp72G3CDdr3kfBB8oEmZDtA=
Subject key identifier:   29:CF:BA:E0:37:6F:A4:34:58:A6:BC:84:81:65:66:89:90:31:2D:BE
Certificate issuer:       /CN=3e20c700d98d76a9c640173889f9367da9de8997
Certificate serial:       0194258F7A2005311C281D6610B2D94DD966
Authority key identifier: 3E:20:C7:00:D9:8D:76:A9:C6:40:17:38:89:F9:36:7D:A9:DE:89:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiDHANmNdqnGQBc4ifk2faneiZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/Kc-64DdvpDRYpryEgWVmiZAxLb4.roa
Signing time:             Thu 02 Jan 2025 05:49:07 +0000
ROA not before:           Thu 02 Jan 2025 05:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140951
IP address blocks:        2a03:9d40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/PiDHANmNdqnGQBc4ifk2faneiZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/PiDHANmNdqnGQBc4ifk2faneiZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiDHANmNdqnGQBc4ifk2faneiZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7a:20:05:31:1c:28:1d:66:10:b2:d9:4d:d9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e20c700d98d76a9c640173889f9367da9de8997
        Validity
            Not Before: Jan  2 05:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29cfbae0376fa43458a6bc848165668990312dbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:6b:d2:d5:92:3d:3a:60:50:98:a2:8f:78:bd:
                    69:71:d8:d2:d0:10:28:c8:21:30:79:e4:64:b0:45:
                    26:c9:93:ea:a1:4c:23:7f:03:68:a5:78:6d:e3:86:
                    98:e3:0b:7e:97:20:20:92:d2:34:fa:b0:1a:b9:15:
                    c1:22:53:9a:cf:80:11:18:e3:38:0b:d1:89:81:76:
                    15:80:af:fc:f8:1e:02:77:8d:0d:5e:02:17:43:0b:
                    85:06:f7:f0:02:b9:ee:ed:54:1c:a1:12:70:40:64:
                    ec:d1:39:84:a6:b9:a6:d1:a0:89:8c:d9:de:08:e3:
                    2f:ca:2f:af:3a:60:c6:13:85:c4:a6:ae:14:fe:9e:
                    8f:0b:3b:f2:d5:5c:2d:94:cc:bc:c6:b9:c8:ac:96:
                    3f:9d:35:53:4b:66:24:74:ac:45:76:7d:dc:92:f1:
                    40:96:69:05:c1:81:5e:53:5c:7c:d9:01:34:ab:b6:
                    50:c1:a7:2f:68:57:63:6a:16:41:85:d6:cb:6a:fc:
                    3b:a2:09:6b:ff:49:45:d0:99:d9:f4:2b:50:51:80:
                    b8:c2:a6:7a:cc:16:58:91:34:61:c2:5a:dd:ea:04:
                    01:1d:6a:88:8f:4f:6d:f1:e3:b3:87:74:c6:1b:fd:
                    78:bb:f1:c7:06:b5:f3:8f:18:f3:b6:65:2a:bc:cb:
                    bb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:CF:BA:E0:37:6F:A4:34:58:A6:BC:84:81:65:66:89:90:31:2D:BE
            X509v3 Authority Key Identifier:
                keyid:3E:20:C7:00:D9:8D:76:A9:C6:40:17:38:89:F9:36:7D:A9:DE:89:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiDHANmNdqnGQBc4ifk2faneiZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/Kc-64DdvpDRYpryEgWVmiZAxLb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac6c7b-d059-4014-a968-e46d8d16a15f/1/PiDHANmNdqnGQBc4ifk2faneiZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:42:fb:99:04:81:44:7b:31:81:e9:97:c4:61:e7:22:78:79:
         44:53:28:ca:11:b5:c3:03:a4:0e:a3:12:36:5a:19:36:7a:f3:
         a7:0f:a5:c8:cf:91:9c:80:ab:ef:99:ff:6d:9c:f6:f8:4b:3b:
         c1:50:a8:6f:f2:7f:95:fb:1f:b8:51:96:87:4e:42:7e:2b:a5:
         c2:d7:7a:97:e0:b7:5e:59:a9:82:eb:2a:02:f4:9b:a8:6d:68:
         fd:67:e8:b6:2e:50:fe:44:0a:8f:ea:79:bc:ee:f1:7a:1b:18:
         3d:68:18:20:e3:d2:cb:27:4e:17:73:08:a0:a0:26:75:1a:32:
         28:f0:b6:c0:bd:d8:d9:bf:66:53:f7:40:37:16:9c:d7:b9:60:
         e5:25:28:cf:a6:ec:95:98:04:c0:9e:0a:fd:29:f5:3b:a1:f5:
         4b:4c:85:5e:a0:18:54:ac:d8:0d:d5:55:33:e0:b8:75:b1:b1:
         eb:d1:bd:83:2c:d4:7a:12:e3:f1:b3:e0:70:95:84:e9:a6:3a:
         97:48:6c:ad:2a:5b:92:9f:64:f2:5a:31:56:c6:8b:6d:1c:2f:
         d9:39:58:5b:09:2d:13:cf:66:1b:88:24:7e:93:a9:9b:b9:f4:
         b2:c1:5e:6b:54:9c:0d:8f:4b:73:66:2b:65:a3:86:8f:f6:10:
         94:d8:d7:0a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj3ogBTEcKB1mELLZTdlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjBjNzAwZDk4ZDc2YTljNjQwMTczODg5ZjkzNjdkYTlk
ZTg5OTcwHhcNMjUwMTAyMDU0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWNmYmFlMDM3NmZhNDM0NThhNmJjODQ4MTY1NjY4OTkwMzEyZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62vS1ZI9OmBQmKKPeL1pcdjS0BAo
yCEweeRksEUmyZPqoUwjfwNopXht44aY4wt+lyAgktI0+rAauRXBIlOaz4ARGOM4
C9GJgXYVgK/8+B4Cd40NXgIXQwuFBvfwArnu7VQcoRJwQGTs0TmEprmm0aCJjNne
COMvyi+vOmDGE4XEpq4U/p6PCzvy1VwtlMy8xrnIrJY/nTVTS2YkdKxFdn3ckvFA
lmkFwYFeU1x82QE0q7ZQwacvaFdjahZBhdbLavw7oglr/0lF0JnZ9CtQUYC4wqZ6
zBZYkTRhwlrd6gQBHWqIj09t8eOzh3TGG/14u/HHBrXzjxjztmUqvMu7mQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCnPuuA3b6Q0WKa8hIFlZomQMS2+MB8GA1UdIwQY
MBaAFD4gxwDZjXapxkAXOIn5Nn2p3omXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlESEFObU5kcW5HUUJjNGlmazJmYW5laVpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hYzZjN2ItZDA1OS00MDE0LWE5Njgt
ZTQ2ZDhkMTZhMTVmLzEvS2MtNjREZHZwRFJZcHJ5RWdXVm1pWkF4TGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hYzZjN2ItZDA1OS00MDE0LWE5NjgtZTQ2ZDhkMTZhMTVm
LzEvUGlESEFObU5kcW5HUUJjNGlmazJmYW5laVpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgOdQDAN
BgkqhkiG9w0BAQsFAAOCAQEATUL7mQSBRHsxgemXxGHnInh5RFMoyhG1wwOkDqMS
NloZNnrzpw+lyM+RnICr75n/bZz2+Es7wVCob/J/lfsfuFGWh05Cfiulwtd6l+C3
XlmpgusqAvSbqG1o/Wfoti5Q/kQKj+p5vO7xehsYPWgYIOPSyydOF3MIoKAmdRoy
KPC2wL3Y2b9mU/dANxac17lg5SUoz6bslZgEwJ4K/Sn1O6H1S0yFXqAYVKzYDdVV
M+C4dbGx69G9gyzUehLj8bPgcJWE6aY6l0hsrSpbkp9k8loxVsaLbRwv2TlYWwkt
E89mG4gkfpOpm7n0ssFea1ScDY9Lc2YrZaOGj/YQlNjXCg==
-----END CERTIFICATE-----