Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zNX-Ae2isnWa7soBl8S7pb8AgKw.roa
File:                     zNX-Ae2isnWa7soBl8S7pb8AgKw.roa (raw, json)
Hash identifier:          Adzbes2p8lJHJhW00rztOUjXLdlw77fjrJskXALz3uQ=
Subject key identifier:   CC:D5:FE:01:ED:A2:B2:75:9A:EE:CA:01:97:C4:BB:A5:BF:00:80:AC
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC795899E163418590A3F3382B46806E3
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zNX-Ae2isnWa7soBl8S7pb8AgKw.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51783
IP address blocks:        2a04:ac00:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:89:9e:16:34:18:59:0a:3f:33:82:b4:68:06:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccd5fe01eda2b2759aeeca0197c4bba5bf0080ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7e:7d:15:48:20:00:67:a8:06:4b:d6:6b:1f:
                    45:69:ad:d1:fb:1a:49:ad:57:09:42:2d:97:8c:34:
                    77:d3:88:bc:08:b3:3d:e8:9b:65:30:85:44:96:a3:
                    38:d1:df:b1:ff:98:3a:03:85:a5:40:a4:0e:95:10:
                    09:99:63:a1:84:66:04:7f:37:8b:d9:d3:7f:58:e3:
                    cd:91:60:cb:0c:1d:bc:ff:25:76:1e:87:95:e5:b3:
                    59:98:af:02:47:a1:b3:de:e8:c5:1c:1a:36:c1:1e:
                    d3:3c:7b:a0:0f:60:83:e1:34:d6:b7:a7:9d:ae:ca:
                    ab:db:bc:b3:56:59:2e:20:14:6e:1b:e8:dd:69:4f:
                    b4:63:ce:ac:59:ee:23:e0:96:49:f0:4c:74:8b:82:
                    b6:56:3f:30:f3:42:0b:0e:83:de:9e:e4:83:94:d9:
                    f6:be:02:04:11:04:37:b6:2c:96:2c:8c:d8:1d:8d:
                    c9:07:6b:19:42:d5:aa:62:b1:b4:01:c7:71:cf:40:
                    7e:61:95:3a:cc:6a:04:7e:53:41:f9:a4:80:3d:e8:
                    1d:ec:0a:e8:49:89:15:2b:1c:aa:b5:0c:78:7b:77:
                    9a:cb:2b:d6:34:ad:13:84:c6:e0:74:5c:77:ee:72:
                    da:93:92:17:ed:86:ae:21:66:f7:28:80:9e:2e:27:
                    f1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D5:FE:01:ED:A2:B2:75:9A:EE:CA:01:97:C4:BB:A5:BF:00:80:AC
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zNX-Ae2isnWa7soBl8S7pb8AgKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac00:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:aa:a1:b6:55:80:78:2b:bd:ab:64:ef:45:47:7e:61:3a:68:
         41:32:b5:cf:24:31:91:e9:f7:49:36:4c:ac:29:94:be:f3:09:
         54:a9:10:89:a8:f1:74:3c:1f:c0:2f:6a:1c:fa:14:34:7e:3d:
         5d:3f:f9:e5:cf:05:42:36:22:1e:fa:8e:92:4b:01:d2:98:f0:
         bf:8e:60:f4:38:e5:37:0f:5c:5f:e9:9c:55:20:27:e5:05:1c:
         de:4e:df:40:8d:17:a8:1b:ec:4f:8e:ff:91:5f:fa:0d:4c:3d:
         a8:52:96:5f:0a:ea:53:7f:22:0a:2f:7d:58:7a:34:bf:10:c1:
         18:07:6c:e9:bf:ed:fc:e2:4d:a9:67:a8:f9:e5:c1:ef:ac:11:
         70:30:6e:7e:98:39:9b:07:73:7c:49:2c:70:9f:82:71:04:49:
         c1:55:ce:b1:dd:f3:96:35:b7:ad:ae:73:24:95:67:28:71:bb:
         2d:00:6d:50:63:9c:4c:36:b4:45:3c:64:b4:cf:57:bc:3b:b2:
         b3:7a:6b:07:02:e7:1e:c5:ca:14:3b:c2:c6:02:7c:f3:f0:25:
         3a:65:39:0f:dd:2b:1f:f2:a2:bf:96:0a:34:e1:7c:30:81:7f:
         dc:16:20:45:99:7d:0c:5f:08:be:87:18:8f:0d:43:4c:be:b0:
         b1:cd:cb:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlYmeFjQYWQo/M4K0aAbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Q1ZmUwMWVkYTJiMjc1OWFlZWNhMDE5N2M0YmJhNWJmMDA4MGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX59FUggAGeoBkvWax9Faa3R+xpJ
rVcJQi2XjDR304i8CLM96JtlMIVElqM40d+x/5g6A4WlQKQOlRAJmWOhhGYEfzeL
2dN/WOPNkWDLDB28/yV2HoeV5bNZmK8CR6Gz3ujFHBo2wR7TPHugD2CD4TTWt6ed
rsqr27yzVlkuIBRuG+jdaU+0Y86sWe4j4JZJ8Ex0i4K2Vj8w80ILDoPenuSDlNn2
vgIEEQQ3tiyWLIzYHY3JB2sZQtWqYrG0Acdxz0B+YZU6zGoEflNB+aSAPegd7Aro
SYkVKxyqtQx4e3eayyvWNK0ThMbgdFx37nLak5IX7YauIWb3KICeLifxJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMzV/gHtorJ1mu7KAZfEu6W/AICsMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvek5YLUFlMmlzbldhN3NvQmw4UzdwYjhBZ0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgSsAAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQAsqqG2VYB4K72rZO9FR35hOmhBMrXPJDGR6fdJ
NkysKZS+8wlUqRCJqPF0PB/AL2oc+hQ0fj1dP/nlzwVCNiIe+o6SSwHSmPC/jmD0
OOU3D1xf6ZxVICflBRzeTt9AjReoG+xPjv+RX/oNTD2oUpZfCupTfyIKL31YejS/
EMEYB2zpv+384k2pZ6j55cHvrBFwMG5+mDmbB3N8SSxwn4JxBEnBVc6x3fOWNbet
rnMklWcocbstAG1QY5xMNrRFPGS0z1e8O7KzemsHAucexcoUO8LGAnzz8CU6ZTkP
3Ssf8qK/lgo04XwwgX/cFiBFmX0MXwi+hxiPDUNMvrCxzct1
-----END CERTIFICATE-----