Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3-bzEiX1yVDikjh6StzS5jAec5E.roa
File:                     3-bzEiX1yVDikjh6StzS5jAec5E.roa (raw, json)
Hash identifier:          fHnx470tQrvhGAZ6GSShsrHYxNyzN0xeWp8rZa1GibA=
Subject key identifier:   DF:E6:F3:12:25:F5:C9:50:E2:92:38:7A:4A:DC:D2:E6:30:1E:73:91
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012F62B033FFEA6F427ED82D4FA491
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3-bzEiX1yVDikjh6StzS5jAec5E.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216022
IP address blocks:        2a10:7403::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2f:62:b0:33:ff:ea:6f:42:7e:d8:2d:4f:a4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfe6f31225f5c950e292387a4adcd2e6301e7391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b7:6c:0f:9f:a8:4b:f1:1a:5d:c6:ca:4b:ff:
                    48:60:78:e3:34:cb:e0:e1:52:bf:09:3c:d9:5a:5b:
                    02:53:be:fb:83:64:c9:0e:54:4e:3b:1f:b7:9a:f7:
                    b2:79:66:19:e6:01:e6:38:6f:2c:0b:40:55:44:c2:
                    16:65:9b:6b:5f:ad:3e:ff:61:35:13:7c:70:42:82:
                    3a:64:0f:54:de:fe:48:f2:c0:90:f7:03:5f:2e:11:
                    59:9c:11:2b:52:25:10:33:27:32:5c:d7:78:b5:d1:
                    45:d9:9c:d2:14:ed:34:58:18:89:e8:79:8a:08:7d:
                    d7:1b:93:6f:22:bd:89:c8:e4:9d:8e:2f:9d:29:77:
                    ee:74:ac:8d:a6:88:77:f5:31:c4:e2:1d:80:7e:77:
                    0c:b7:81:90:d9:ba:84:c6:c1:c3:59:48:03:1d:84:
                    30:5c:d5:6c:8d:e8:ec:7c:90:bd:c3:9e:cb:71:d9:
                    0e:56:4e:bf:57:1e:a3:a6:1f:41:a4:2f:21:cf:5a:
                    d0:72:36:28:b5:24:89:d2:c7:32:db:0c:a0:2b:f4:
                    c9:db:12:1c:75:3b:0c:dd:ab:ab:9f:2e:0a:ec:d2:
                    16:28:7c:ed:e6:44:47:98:37:bd:73:3a:1a:33:fc:
                    c2:4f:28:02:3f:0d:95:a8:41:eb:1c:22:70:3e:2f:
                    02:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E6:F3:12:25:F5:C9:50:E2:92:38:7A:4A:DC:D2:E6:30:1E:73:91
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/3-bzEiX1yVDikjh6StzS5jAec5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7403::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:30:7d:63:43:5b:7a:2f:cc:15:e5:29:cf:4c:d2:0b:ce:8a:
         81:49:47:61:4f:7c:7b:f6:c2:be:b8:22:d8:a1:8c:c2:41:4b:
         19:8a:12:9e:da:63:c9:6a:6b:7b:f9:32:aa:97:5c:21:73:79:
         7a:bb:ea:a1:55:5b:8b:6a:a0:f2:84:a0:d5:6e:b0:33:a8:6a:
         18:db:8b:ae:d0:ad:f6:01:a8:27:2b:41:b6:b4:47:22:5c:e3:
         9d:13:31:f2:ca:9a:c1:f7:54:92:88:8e:f6:94:26:fa:4f:72:
         f6:79:5c:ff:4b:22:bb:b6:ff:84:96:89:aa:4e:75:51:8c:30:
         f5:30:79:27:38:b3:a5:1f:09:1b:74:46:4c:d9:dc:a9:e0:37:
         ed:af:5f:dd:40:03:df:6a:2e:c7:e0:f9:56:8f:01:51:1f:67:
         7e:29:80:98:41:1a:39:79:d5:40:22:04:a2:30:93:4d:ea:78:
         49:0c:be:4e:47:58:49:8c:1b:8d:7f:c4:6f:a7:5e:c3:76:d6:
         a2:eb:c6:9a:2a:14:cc:e8:7d:26:de:bd:97:ba:f7:93:3a:93:
         19:b8:f5:14:4c:7b:26:de:91:2e:1f:5f:3f:8d:57:0d:45:db:
         6e:b3:6e:16:19:82:b9:06:6e:24:5a:05:c3:dd:c1:76:14:63:
         aa:b8:97:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAS9isDP/6m9CftgtT6SRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmU2ZjMxMjI1ZjVjOTUwZTI5MjM4N2E0YWRjZDJlNjMwMWU3MzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7dsD5+oS/EaXcbKS/9IYHjjNMvg
4VK/CTzZWlsCU777g2TJDlROOx+3mveyeWYZ5gHmOG8sC0BVRMIWZZtrX60+/2E1
E3xwQoI6ZA9U3v5I8sCQ9wNfLhFZnBErUiUQMycyXNd4tdFF2ZzSFO00WBiJ6HmK
CH3XG5NvIr2JyOSdji+dKXfudKyNpoh39THE4h2AfncMt4GQ2bqExsHDWUgDHYQw
XNVsjejsfJC9w57LcdkOVk6/Vx6jph9BpC8hz1rQcjYotSSJ0scy2wygK/TJ2xIc
dTsM3aurny4K7NIWKHzt5kRHmDe9czoaM/zCTygCPw2VqEHrHCJwPi8CCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN/m8xIl9clQ4pI4ekrc0uYwHnORMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMy1iekVpWDF5VkRpa2poNlN0elM1akFlYzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhB0AzAN
BgkqhkiG9w0BAQsFAAOCAQEAFzB9Y0Nbei/MFeUpz0zSC86KgUlHYU98e/bCvrgi
2KGMwkFLGYoSntpjyWpre/kyqpdcIXN5ervqoVVbi2qg8oSg1W6wM6hqGNuLrtCt
9gGoJytBtrRHIlzjnRMx8sqawfdUkoiO9pQm+k9y9nlc/0siu7b/hJaJqk51UYww
9TB5JzizpR8JG3RGTNncqeA37a9f3UAD32oux+D5Vo8BUR9nfimAmEEaOXnVQCIE
ojCTTep4SQy+TkdYSYwbjX/Eb6dew3bWouvGmioUzOh9Jt69l7r3kzqTGbj1FEx7
Jt6RLh9fP41XDUXbbrNuFhmCuQZuJFoFw93BdhRjqriXUQ==
-----END CERTIFICATE-----