Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/M0_vTS3zqHPW1i2kI__5N6549rs.roa
File:                     M0_vTS3zqHPW1i2kI__5N6549rs.roa (raw, json)
Hash identifier:          Q3gQMOCiUL/p128tI+XIwI0qbVcdZfJ7UGnk3omt9Yw=
Subject key identifier:   33:4F:EF:4D:2D:F3:A8:73:D6:D6:2D:A4:23:FF:F9:37:AE:78:F6:BB
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       018CC94CDE5E6DF529B9D47F26082E7F9C60
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/M0_vTS3zqHPW1i2kI__5N6549rs.roa
Signing time:             Tue 02 Jan 2024 08:31:47 +0000
ROA not before:           Tue 02 Jan 2024 08:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205749
IP address blocks:        2a04:92c7:31::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:de:5e:6d:f5:29:b9:d4:7f:26:08:2e:7f:9c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  2 08:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=334fef4d2df3a873d6d62da423fff937ae78f6bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e8:be:87:0e:fa:8c:d8:0b:e6:1a:88:ea:dc:
                    9c:5b:db:4e:f5:83:ee:90:1d:16:46:ee:6f:32:96:
                    7a:f5:11:ee:dc:5c:74:54:7c:9d:04:a6:b7:14:74:
                    da:2f:05:fa:6c:fb:4f:e0:a8:20:61:3a:b8:ca:e3:
                    d6:de:ff:e4:d6:9e:76:46:97:92:22:c6:1e:ec:33:
                    81:13:94:40:73:ad:e2:7e:7e:41:4f:a1:71:3a:fb:
                    df:79:c6:cb:b2:b4:25:1b:d7:7a:c2:e6:05:75:13:
                    c0:a9:df:d3:2c:80:5c:11:cf:64:26:6c:1c:0b:eb:
                    59:97:ae:9d:7b:12:80:bd:81:05:03:5b:2a:f3:2a:
                    bd:5d:10:70:1e:9d:59:a8:11:04:17:46:01:16:d6:
                    35:94:54:ef:42:a9:f3:9d:47:0b:b5:c1:8f:88:c6:
                    07:de:f5:9e:4b:a2:aa:cf:89:62:96:52:f3:5d:7d:
                    b4:80:10:04:e7:6a:f4:a0:f6:88:b9:aa:e7:2d:24:
                    81:1d:1e:88:20:cf:52:fb:97:49:b4:9d:86:bd:01:
                    41:60:3a:60:e8:3e:a4:f3:a8:f6:d9:82:e8:a7:63:
                    22:71:b6:af:97:59:5b:59:0c:5e:72:57:9c:4e:b7:
                    3a:3c:d4:9d:c2:b6:6b:8b:57:a8:d9:6a:38:1d:c0:
                    ca:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:4F:EF:4D:2D:F3:A8:73:D6:D6:2D:A4:23:FF:F9:37:AE:78:F6:BB
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/M0_vTS3zqHPW1i2kI__5N6549rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:92c7:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:93:e8:2c:3c:98:f6:29:f8:83:32:2d:9e:b2:53:1e:18:4a:
         e8:c8:b5:54:38:8f:71:a6:05:cf:6e:35:0d:b7:7f:1e:3a:94:
         23:e2:ac:58:a3:14:fe:f0:41:99:52:16:bf:f3:01:ab:aa:34:
         d7:dc:a8:be:f5:ec:b3:f5:a2:05:2b:ea:33:1e:26:bc:3b:22:
         e1:7a:fc:c7:1f:8c:ce:f7:ed:27:97:c8:fa:e1:c9:de:5d:64:
         c5:d0:c0:9c:54:92:48:6c:c2:08:37:3d:2d:ac:4c:69:e4:e9:
         7e:4f:3c:de:b8:9d:0c:8b:7a:a2:3e:31:29:63:af:27:b9:1a:
         e7:31:57:6e:60:0e:4f:f8:1f:95:f9:68:ca:b2:aa:ba:3a:f7:
         a0:33:8b:27:bc:72:92:2d:6e:83:d9:df:f7:74:9e:96:a6:6f:
         4d:52:15:05:31:f7:b6:43:fb:ac:ca:c3:69:57:92:d0:74:a4:
         f1:21:00:6d:7f:cb:99:0a:c0:4a:ea:25:d7:1f:0f:6e:98:61:
         22:2e:a0:a8:f2:2e:84:c8:0d:5a:05:a8:f0:72:59:71:b3:b6:
         c2:16:a9:97:d0:de:f9:9b:f5:f1:ed:e2:25:2e:67:e9:3d:a7:
         36:0c:cb:4c:f8:75:28:84:13:36:b1:09:67:2f:36:ab:e6:d9:
         10:4b:16:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTN5ebfUpudR/Jgguf5xgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjQwMTAyMDgzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzRmZWY0ZDJkZjNhODczZDZkNjJkYTQyM2ZmZjkzN2FlNzhmNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ei+hw76jNgL5hqI6tycW9tO9YPu
kB0WRu5vMpZ69RHu3Fx0VHydBKa3FHTaLwX6bPtP4KggYTq4yuPW3v/k1p52RpeS
IsYe7DOBE5RAc63ifn5BT6FxOvvfecbLsrQlG9d6wuYFdRPAqd/TLIBcEc9kJmwc
C+tZl66dexKAvYEFA1sq8yq9XRBwHp1ZqBEEF0YBFtY1lFTvQqnznUcLtcGPiMYH
3vWeS6Kqz4lillLzXX20gBAE52r0oPaIuarnLSSBHR6IIM9S+5dJtJ2GvQFBYDpg
6D6k86j22YLop2Micbavl1lbWQxeclecTrc6PNSdwrZri1eo2Wo4HcDKswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDNP700t86hz1tYtpCP/+TeuePa7MB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvTTBfdlRTM3pxSFBXMWkya0lfXzVONjU0OXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgSSxwAx
MA0GCSqGSIb3DQEBCwUAA4IBAQCgk+gsPJj2KfiDMi2eslMeGEroyLVUOI9xpgXP
bjUNt38eOpQj4qxYoxT+8EGZUha/8wGrqjTX3Ki+9eyz9aIFK+ozHia8OyLhevzH
H4zO9+0nl8j64cneXWTF0MCcVJJIbMIINz0trExp5Ol+TzzeuJ0Mi3qiPjEpY68n
uRrnMVduYA5P+B+V+WjKsqq6OvegM4snvHKSLW6D2d/3dJ6Wpm9NUhUFMfe2Q/us
ysNpV5LQdKTxIQBtf8uZCsBK6iXXHw9umGEiLqCo8i6EyA1aBajwcllxs7bCFqmX
0N75m/Xx7eIlLmfpPac2DMtM+HUohBM2sQlnLzar5tkQSxb/
-----END CERTIFICATE-----