Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/vzO3AoRXMo7d2A2P-op3wTjRpZ0.roa
File:                     vzO3AoRXMo7d2A2P-op3wTjRpZ0.roa (raw, json)
Hash identifier:          2p8vXXeaROezfqOmiqmZ14mHZrxg8ocI5+BAiqoZLk4=
Subject key identifier:   BF:33:B7:02:84:57:32:8E:DD:D8:0D:8F:FA:8A:77:C1:38:D1:A5:9D
Certificate issuer:       /CN=03c33e43ef56527a169d6ac6d7e62c63d1973051
Certificate serial:       018E5D339537BFEF5CFC8BA4FAC4C6843A76
Authority key identifier: 03:C3:3E:43:EF:56:52:7A:16:9D:6A:C6:D7:E6:2C:63:D1:97:30:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/vzO3AoRXMo7d2A2P-op3wTjRpZ0.roa
Signing time:             Wed 20 Mar 2024 18:50:45 +0000
ROA not before:           Wed 20 Mar 2024 18:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215294
IP address blocks:        2a05:907:2001::/48 maxlen: 48
                          2a05:907:2002::/48 maxlen: 48
                          2a05:907:2003::/48 maxlen: 48
                          2a05:907:2004::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5d:33:95:37:bf:ef:5c:fc:8b:a4:fa:c4:c6:84:3a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03c33e43ef56527a169d6ac6d7e62c63d1973051
        Validity
            Not Before: Mar 20 18:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf33b7028457328eddd80d8ffa8a77c138d1a59d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2b:ae:10:f1:0c:73:ff:94:ba:fd:af:e2:9e:
                    a7:8b:03:7b:76:eb:8a:c5:96:0d:e6:5e:85:bc:f1:
                    be:af:bb:33:73:fe:e3:c6:d3:42:61:61:45:cd:c3:
                    fc:7a:18:cf:42:92:e2:c6:8b:dd:d3:d8:2c:33:9c:
                    cc:25:7f:18:48:66:4e:3b:19:21:1a:26:76:12:11:
                    f0:38:81:65:53:b7:5d:6c:08:d4:5e:46:77:d1:6e:
                    b0:aa:02:bd:af:19:b3:7a:f4:c6:2c:41:a7:8a:81:
                    f5:91:6f:23:0b:47:22:3a:f8:cc:ba:37:eb:6f:14:
                    a2:d5:f1:88:d9:54:3a:fe:d3:e3:e0:24:1c:0f:60:
                    14:03:7b:d0:2e:b3:8c:94:d3:5f:80:7c:ad:c2:17:
                    ae:71:b9:90:f3:cc:6b:e6:b6:1b:2d:1d:c4:b9:4d:
                    2e:c1:1e:03:74:c2:38:b6:96:c5:24:a9:85:b7:e7:
                    6c:31:e2:d5:68:7c:16:35:bc:06:6e:ea:4a:c8:4c:
                    ed:74:f0:ab:98:c2:da:54:ff:61:92:e2:eb:06:ee:
                    19:69:aa:14:14:6a:e5:b0:9b:fe:ac:70:94:90:4f:
                    55:97:61:b2:aa:cc:7b:13:bf:f0:f2:3a:a9:dc:61:
                    7b:fc:a8:c8:89:66:61:5f:e3:a9:a3:1a:b4:d4:9a:
                    9f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:33:B7:02:84:57:32:8E:DD:D8:0D:8F:FA:8A:77:C1:38:D1:A5:9D
            X509v3 Authority Key Identifier:
                keyid:03:C3:3E:43:EF:56:52:7A:16:9D:6A:C6:D7:E6:2C:63:D1:97:30:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/vzO3AoRXMo7d2A2P-op3wTjRpZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c17c15-a142-4b37-b8fe-a3a3eb879f2b/1/A8M-Q-9WUnoWnWrG1-YsY9GXMFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:907:2001::-2a05:907:2004:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         54:55:03:5c:a4:b3:02:f7:b9:43:15:d7:cd:ef:1e:bb:81:81:
         e2:0b:c4:74:9a:c6:59:eb:d2:02:60:00:fd:06:24:53:35:df:
         2e:92:75:5e:74:ad:a3:07:7e:54:57:bb:0a:0a:e4:5e:e7:bb:
         29:7a:77:46:fd:c0:71:52:ed:f4:4e:93:ea:04:87:53:5d:2d:
         94:12:93:58:3a:28:a6:f4:24:35:bd:6b:f7:d2:a5:68:ee:d0:
         8a:7c:c2:78:53:2c:ec:4b:5c:25:21:11:87:91:29:e8:5c:55:
         c8:a2:b9:17:fb:f6:1e:01:ac:8b:93:8c:5f:70:3b:b7:70:25:
         a2:8a:73:5e:ff:e0:96:dd:23:7d:43:22:c8:f8:63:d3:a3:1b:
         02:fb:24:de:b3:5f:0d:ad:a2:0e:71:ed:4f:56:5e:84:5f:6c:
         6e:5a:ba:92:32:ed:a9:28:89:2c:64:ac:72:1b:77:ff:22:36:
         e1:b9:00:88:12:13:95:05:38:76:1a:6b:e5:63:a3:38:cd:51:
         f9:66:27:6e:4c:23:b4:7a:77:de:51:87:8c:db:a6:fb:e6:19:
         2a:cd:0d:bf:5a:ec:87:b8:51:6d:0d:3c:78:25:4e:d9:2f:6f:
         48:26:09:d5:41:7f:9a:2a:5f:9a:a4:1a:e6:14:31:a2:5d:d3:
         b7:8d:ca:72
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY5dM5U3v+9c/Iuk+sTGhDp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYzMzZTQzZWY1NjUyN2ExNjlkNmFjNmQ3ZTYyYzYzZDE5
NzMwNTEwHhcNMjQwMzIwMTg1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjMzYjcwMjg0NTczMjhlZGRkODBkOGZmYThhNzdjMTM4ZDFhNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryuuEPEMc/+Uuv2v4p6niwN7duuK
xZYN5l6FvPG+r7szc/7jxtNCYWFFzcP8ehjPQpLixovd09gsM5zMJX8YSGZOOxkh
GiZ2EhHwOIFlU7ddbAjUXkZ30W6wqgK9rxmzevTGLEGnioH1kW8jC0ciOvjMujfr
bxSi1fGI2VQ6/tPj4CQcD2AUA3vQLrOMlNNfgHytwheucbmQ88xr5rYbLR3EuU0u
wR4DdMI4tpbFJKmFt+dsMeLVaHwWNbwGbupKyEztdPCrmMLaVP9hkuLrBu4ZaaoU
FGrlsJv+rHCUkE9Vl2Gyqsx7E7/w8jqp3GF7/KjIiWZhX+Opoxq01JqfXwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFL8ztwKEVzKO3dgNj/qKd8E40aWdMB8GA1UdIwQY
MBaAFAPDPkPvVlJ6Fp1qxtfmLGPRlzBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQThNLVEtOVdVbm9XbldyRzEtWXNZOUdYTUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jMTdjMTUtYTE0Mi00YjM3LWI4ZmUt
YTNhM2ViODc5ZjJiLzEvdnpPM0FvUlhNbzdkMkEyUC1vcDN3VGpScFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jMTdjMTUtYTE0Mi00YjM3LWI4ZmUtYTNhM2ViODc5ZjJi
LzEvQThNLVEtOVdVbm9XbldyRzEtWXNZOUdYTUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBQkH
IAEDBwAqBQkHIAQwDQYJKoZIhvcNAQELBQADggEBAFRVA1ykswL3uUMV183vHruB
geILxHSaxlnr0gJgAP0GJFM13y6SdV50raMHflRXuwoK5F7nuyl6d0b9wHFS7fRO
k+oEh1NdLZQSk1g6KKb0JDW9a/fSpWju0Ip8wnhTLOxLXCUhEYeRKehcVciiuRf7
9h4BrIuTjF9wO7dwJaKKc17/4JbdI31DIsj4Y9OjGwL7JN6zXw2tog5x7U9WXoRf
bG5aupIy7akoiSxkrHIbd/8iNuG5AIgSE5UFOHYaa+VjozjNUflmJ25MI7R6d95R
h4zbpvvmGSrNDb9a7Ie4UW0NPHglTtkvb0gmCdVBf5oqX5qkGuYUMaJd07eNynI=
-----END CERTIFICATE-----