Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/XOn4gc84fMEfX4-PwtmIwjAsOtY.roa
File:                     XOn4gc84fMEfX4-PwtmIwjAsOtY.roa (raw, json)
Hash identifier:          ySu4Bb0Hdbzvhea0FTdq3LdYvVmujtflSgeSusvRDq0=
Subject key identifier:   5C:E9:F8:81:CF:38:7C:C1:1F:5F:8F:8F:C2:D9:88:C2:30:2C:3A:D6
Certificate issuer:       /CN=6faf48b02b97dc2d312250aa234083b8c1bb9e81
Certificate serial:       019353AEE142E1F4451E67BC92FA9B6D628E
Authority key identifier: 6F:AF:48:B0:2B:97:DC:2D:31:22:50:AA:23:40:83:B8:C1:BB:9E:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b69IsCuX3C0xIlCqI0CDuMG7noE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/XOn4gc84fMEfX4-PwtmIwjAsOtY.roa
Signing time:             Fri 22 Nov 2024 11:43:10 +0000
ROA not before:           Fri 22 Nov 2024 11:43:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214088
IP address blocks:        2001:30c0:30c0::/48 maxlen: 48
                          2001:30c2:30c2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/b69IsCuX3C0xIlCqI0CDuMG7noE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/b69IsCuX3C0xIlCqI0CDuMG7noE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b69IsCuX3C0xIlCqI0CDuMG7noE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:ae:e1:42:e1:f4:45:1e:67:bc:92:fa:9b:6d:62:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6faf48b02b97dc2d312250aa234083b8c1bb9e81
        Validity
            Not Before: Nov 22 11:43:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ce9f881cf387cc11f5f8f8fc2d988c2302c3ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8f:d0:12:90:82:43:c4:33:05:a9:bf:cf:49:
                    84:e1:98:a1:76:a9:b0:26:3f:cd:ea:91:af:87:b5:
                    1d:47:07:5b:54:69:4c:7f:40:33:9b:64:b5:f6:eb:
                    7a:85:4c:7e:64:b6:f5:d5:9c:f1:c3:30:22:78:6a:
                    e0:9a:2b:1a:ed:43:0e:e9:5c:0a:9e:a8:61:52:b7:
                    87:b8:81:75:f8:19:ba:c6:c6:c8:fb:9d:bb:da:e2:
                    06:74:8f:bd:7b:b3:f5:e0:cb:69:f7:4b:91:19:11:
                    c0:a6:c9:0d:83:f5:72:ae:c2:7f:dd:16:2d:66:fd:
                    33:df:3c:73:c0:c4:27:32:2b:d5:03:b4:22:03:21:
                    a6:8d:bc:4c:b3:32:a9:68:1a:39:37:f9:d1:a7:d7:
                    29:d3:c0:7b:18:b3:95:4b:ad:02:46:9e:99:de:07:
                    f9:64:2e:9c:5f:9e:a4:7a:04:24:25:11:7d:be:16:
                    6c:c5:7e:40:cf:4a:3d:6a:4b:b5:21:30:4f:52:63:
                    3f:84:89:c7:58:1e:0c:78:77:f8:c2:d8:85:b6:2c:
                    e8:9c:9a:c6:e7:a0:f9:c4:c6:24:a0:62:ca:a3:5a:
                    80:e6:48:e0:e2:44:71:7b:ec:17:9d:cd:fe:6a:f8:
                    d4:b5:d1:8c:6d:9d:31:8d:31:ae:f6:fd:c1:9d:77:
                    28:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E9:F8:81:CF:38:7C:C1:1F:5F:8F:8F:C2:D9:88:C2:30:2C:3A:D6
            X509v3 Authority Key Identifier:
                keyid:6F:AF:48:B0:2B:97:DC:2D:31:22:50:AA:23:40:83:B8:C1:BB:9E:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b69IsCuX3C0xIlCqI0CDuMG7noE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/XOn4gc84fMEfX4-PwtmIwjAsOtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c230b5-4791-48d0-b887-b34d649cfb7b/1/b69IsCuX3C0xIlCqI0CDuMG7noE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:30c0:30c0::/48
                  2001:30c2:30c2::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:ee:e3:6f:09:6f:3a:c5:d4:5d:64:0d:8f:99:b1:4f:77:4f:
         a5:14:66:cb:d8:b0:67:27:3b:29:71:b9:e9:36:9c:d4:a7:6c:
         cb:d2:9c:c4:fc:fe:09:c2:7a:3e:a9:d1:5e:d2:ea:d4:ba:a4:
         74:19:1f:be:78:d4:6c:ce:bd:cc:36:27:7d:51:53:96:cf:6f:
         43:30:46:a4:f5:c9:a8:f3:64:97:68:f6:d8:3c:43:1e:4b:ad:
         c1:a3:fb:4d:e5:4f:46:64:70:70:6e:80:2e:ab:86:03:7a:2c:
         85:59:08:1a:12:30:c8:82:e5:e2:97:53:3b:1c:d8:86:df:86:
         48:d8:c1:cf:73:12:68:a1:a1:4d:43:75:92:09:1e:cc:48:cd:
         79:3d:47:7d:3d:3a:51:81:7a:3c:f3:02:e5:7d:f3:11:d7:2b:
         8c:83:78:50:ca:46:84:a1:1e:bb:db:06:0b:f2:55:66:70:cd:
         35:e0:0d:02:25:07:cb:ea:a0:32:02:19:a4:49:83:94:98:2c:
         18:98:b7:42:32:c8:fa:c0:74:21:fa:95:38:f1:1a:6d:4a:df:
         3e:f9:32:0d:44:1b:05:12:f7:8e:c9:dc:8a:dc:0f:39:26:3b:
         b8:6f:ae:12:69:e6:c3:d4:5f:af:8d:7d:12:1b:2c:24:44:ed:
         b8:f9:72:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZNTruFC4fRFHme8kvqbbWKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYWY0OGIwMmI5N2RjMmQzMTIyNTBhYTIzNDA4M2I4YzFi
YjllODEwHhcNMjQxMTIyMTE0MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U5Zjg4MWNmMzg3Y2MxMWY1ZjhmOGZjMmQ5ODhjMjMwMmMzYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4/QEpCCQ8QzBam/z0mE4Zihdqmw
Jj/N6pGvh7UdRwdbVGlMf0Azm2S19ut6hUx+ZLb11ZzxwzAieGrgmisa7UMO6VwK
nqhhUreHuIF1+Bm6xsbI+5272uIGdI+9e7P14Mtp90uRGRHApskNg/VyrsJ/3RYt
Zv0z3zxzwMQnMivVA7QiAyGmjbxMszKpaBo5N/nRp9cp08B7GLOVS60CRp6Z3gf5
ZC6cX56kegQkJRF9vhZsxX5Az0o9aku1ITBPUmM/hInHWB4MeHf4wtiFtizonJrG
56D5xMYkoGLKo1qA5kjg4kRxe+wXnc3+avjUtdGMbZ0xjTGu9v3BnXco8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFzp+IHPOHzBH1+Pj8LZiMIwLDrWMB8GA1UdIwQY
MBaAFG+vSLArl9wtMSJQqiNAg7jBu56BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjY5SXNDdVgzQzB4SWxDcUkwQ0R1TUc3bm9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMjMwYjUtNDc5MS00OGQwLWI4ODct
YjM0ZDY0OWNmYjdiLzEvWE9uNGdjODRmTUVmWDQtUHd0bUl3akFzT3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMjMwYjUtNDc5MS00OGQwLWI4ODctYjM0ZDY0OWNmYjdi
LzEvYjY5SXNDdVgzQzB4SWxDcUkwQ0R1TUc3bm9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEwwDDA
AwcAIAEwwjDCMA0GCSqGSIb3DQEBCwUAA4IBAQAD7uNvCW86xdRdZA2PmbFPd0+l
FGbL2LBnJzspcbnpNpzUp2zL0pzE/P4Jwno+qdFe0urUuqR0GR++eNRszr3MNid9
UVOWz29DMEak9cmo82SXaPbYPEMeS63Bo/tN5U9GZHBwboAuq4YDeiyFWQgaEjDI
guXil1M7HNiG34ZI2MHPcxJooaFNQ3WSCR7MSM15PUd9PTpRgXo88wLlffMR1yuM
g3hQykaEoR672wYL8lVmcM014A0CJQfL6qAyAhmkSYOUmCwYmLdCMsj6wHQh+pU4
8RptSt8++TINRBsFEveOydyK3A85Jju4b64SaebD1F+vjX0SGywkRO24+XK+
-----END CERTIFICATE-----