Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/Pm43IZfSAicKxTCIGOiXsXYIwbI.roa
File:                     Pm43IZfSAicKxTCIGOiXsXYIwbI.roa (raw, json)
Hash identifier:          Ztzae27kKMZxRT1dfQkYgJO2yQMFnWtzoF42BByuSj8=
Subject key identifier:   3E:6E:37:21:97:D2:02:27:0A:C5:30:88:18:E8:97:B1:76:08:C1:B2
Certificate issuer:       /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial:       018CC801314027CF3B4BFF336B00E2A0BF66
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/Pm43IZfSAicKxTCIGOiXsXYIwbI.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208731
IP address blocks:        2a0a:e5c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:31:40:27:cf:3b:4b:ff:33:6b:00:e2:a0:bf:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e6e372197d202270ac5308818e897b17608c1b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fd:85:09:3e:12:fb:6a:ea:ed:e9:03:5b:2c:
                    a5:00:8b:97:dd:0c:57:f2:54:ee:38:6c:d0:a3:b1:
                    92:0c:c3:8d:f1:d0:27:bb:64:73:17:40:12:98:20:
                    6f:80:46:e3:e3:f4:1c:87:2a:a6:1b:88:d5:0b:7d:
                    dd:e0:36:4e:df:20:a5:93:ea:d1:27:9d:49:5b:de:
                    59:d4:58:3d:f8:07:c7:ca:2b:52:b9:ba:1a:7d:ae:
                    f5:a4:5b:d7:1d:db:37:78:b0:df:93:51:02:d2:21:
                    f8:3c:64:98:f3:62:87:d4:49:8c:db:79:01:12:ec:
                    e1:6e:22:2b:8e:1c:f3:d4:21:31:a3:6d:89:82:b6:
                    ea:1e:c9:f7:62:40:bf:e0:9c:d2:d5:c8:ef:f9:e9:
                    37:fd:07:73:b7:be:23:0c:77:16:fa:ba:ee:06:27:
                    3d:15:9a:67:15:00:0d:44:f9:bf:a1:e1:70:85:de:
                    6d:dc:ee:84:4d:e8:a8:3b:25:ea:bf:42:0a:90:ad:
                    63:50:1f:9b:ef:48:94:22:a3:13:fa:68:83:4c:e7:
                    50:c5:1c:17:68:52:85:f8:4b:c2:9f:68:e1:6c:26:
                    34:bc:ec:b8:5f:5d:2c:d7:57:71:3d:c1:8c:43:fe:
                    b9:01:43:f2:39:f8:0c:96:d6:5a:74:ee:d0:66:de:
                    72:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:6E:37:21:97:D2:02:27:0A:C5:30:88:18:E8:97:B1:76:08:C1:B2
            X509v3 Authority Key Identifier:
                keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/Pm43IZfSAicKxTCIGOiXsXYIwbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:e5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:3f:a4:c5:41:a5:9b:cf:e1:7b:6d:30:06:7a:e0:44:3e:12:
         4f:7b:47:2f:f8:a3:a4:60:9d:5c:00:e1:36:aa:26:82:d4:c2:
         66:75:3c:b0:7a:84:db:e7:a1:3c:99:aa:cb:2e:9a:0f:9e:c6:
         a0:52:7e:6b:34:3b:be:20:69:8c:bf:a1:b9:7d:14:ec:df:7c:
         68:ea:bb:76:ae:32:74:40:94:65:34:dd:00:c1:e1:9a:87:1f:
         4f:13:81:2a:85:a4:d8:4e:c3:4b:92:75:a4:75:09:ec:cf:97:
         31:e8:13:55:af:7e:03:96:bd:3e:bd:1a:8c:69:04:0d:a3:46:
         26:85:63:ed:87:cd:06:77:7d:04:ba:f0:40:e5:0f:01:6c:cb:
         03:32:2e:bd:f4:bc:72:d7:f5:88:52:71:30:6c:44:2a:76:fc:
         31:6d:e9:10:f1:b9:3b:8d:1c:c1:6f:96:e2:e3:1f:66:99:4b:
         a4:e6:39:76:33:19:64:31:d8:40:87:fe:6d:78:6f:bd:1f:64:
         7b:dc:51:40:2d:51:04:69:69:36:8f:08:1f:3d:c6:bb:ae:91:
         a2:44:ea:f3:1e:9f:74:b2:cf:53:54:fd:db:cc:fa:2c:15:23:
         c0:a6:6d:2f:6b:8b:15:9e:1c:4d:e6:01:1a:92:dd:24:5f:7e:
         ae:5c:05:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIATFAJ887S/8zawDioL9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmZjNWExNzI2NTRkZDYwMDlkYjFkODJkOTJmZmFmNzEy
MzQxMjAwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTZlMzcyMTk3ZDIwMjI3MGFjNTMwODgxOGU4OTdiMTc2MDhjMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf2FCT4S+2rq7ekDWyylAIuX3QxX
8lTuOGzQo7GSDMON8dAnu2RzF0ASmCBvgEbj4/QchyqmG4jVC33d4DZO3yClk+rR
J51JW95Z1Fg9+AfHyitSuboafa71pFvXHds3eLDfk1EC0iH4PGSY82KH1EmM23kB
EuzhbiIrjhzz1CExo22JgrbqHsn3YkC/4JzS1cjv+ek3/Qdzt74jDHcW+rruBic9
FZpnFQANRPm/oeFwhd5t3O6ETeioOyXqv0IKkK1jUB+b70iUIqMT+miDTOdQxRwX
aFKF+EvCn2jhbCY0vOy4X10s11dxPcGMQ/65AUPyOfgMltZadO7QZt5yewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD5uNyGX0gInCsUwiBjol7F2CMGyMB8GA1UdIwQY
MBaAFJa/xaFyZU3WAJ2x2C2S/69xI0EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmIt
YmZmYjc1N2MzMTM0LzEvUG00M0laZlNBaWNLeFRDSUdPaVhzWFlJd2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmItYmZmYjc1N2MzMTM0
LzEvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrlwDAN
BgkqhkiG9w0BAQsFAAOCAQEAZD+kxUGlm8/he20wBnrgRD4ST3tHL/ijpGCdXADh
NqomgtTCZnU8sHqE2+ehPJmqyy6aD57GoFJ+azQ7viBpjL+huX0U7N98aOq7dq4y
dECUZTTdAMHhmocfTxOBKoWk2E7DS5J1pHUJ7M+XMegTVa9+A5a9Pr0ajGkEDaNG
JoVj7YfNBnd9BLrwQOUPAWzLAzIuvfS8ctf1iFJxMGxEKnb8MW3pEPG5O40cwW+W
4uMfZplLpOY5djMZZDHYQIf+bXhvvR9ke9xRQC1RBGlpNo8IHz3Gu66RokTq8x6f
dLLPU1T928z6LBUjwKZtL2uLFZ4cTeYBGpLdJF9+rlwFcw==
-----END CERTIFICATE-----