Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/c6ukeshojOnUm0FBPfYUeiZvKT8.roa
File:                     c6ukeshojOnUm0FBPfYUeiZvKT8.roa (raw, json)
Hash identifier:          3XL6UbIKkach7IEPGdlXTRY20wKhUju80gxVk/TgvTI=
Subject key identifier:   73:AB:A4:7A:C8:68:8C:E9:D4:9B:41:41:3D:F6:14:7A:26:6F:29:3F
Certificate issuer:       /CN=115604ba895e8fb3b49a2c78088e9ff2ff970a08
Certificate serial:       018CC349571E679B8146B5C7C2C2D5FF1359
Authority key identifier: 11:56:04:BA:89:5E:8F:B3:B4:9A:2C:78:08:8E:9F:F2:FF:97:0A:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EVYEuolej7O0mix4CI6f8v-XCgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/c6ukeshojOnUm0FBPfYUeiZvKT8.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1724
IP address blocks:        161.3.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/EVYEuolej7O0mix4CI6f8v-XCgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/EVYEuolej7O0mix4CI6f8v-XCgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EVYEuolej7O0mix4CI6f8v-XCgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:57:1e:67:9b:81:46:b5:c7:c2:c2:d5:ff:13:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115604ba895e8fb3b49a2c78088e9ff2ff970a08
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73aba47ac8688ce9d49b41413df6147a266f293f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4c:54:eb:7d:21:16:7a:f1:ac:15:31:0c:83:
                    73:94:87:78:e5:2d:9c:96:0d:a1:dc:d1:fc:82:9f:
                    bc:b3:48:35:87:97:71:cf:89:a0:72:34:ea:ad:3a:
                    c3:22:98:73:2f:a2:81:b7:e4:82:31:85:42:61:61:
                    b3:b6:58:6a:66:eb:3a:ff:62:fa:c5:ba:1c:e4:20:
                    9a:f7:ec:ca:3b:57:c2:ab:1a:68:b5:7a:3e:f5:c4:
                    db:08:17:5c:e5:42:f5:f9:85:e7:46:05:82:66:33:
                    a7:f5:91:85:5a:7b:c6:1d:11:e4:e5:44:72:5e:f9:
                    3f:77:4f:fb:84:86:7a:d1:37:f3:21:b8:95:8e:d5:
                    43:9c:4d:77:8c:c6:66:8d:c4:0b:e9:62:9b:19:83:
                    c5:7d:fa:b9:3f:b2:bf:68:b9:1b:05:80:94:68:33:
                    03:11:a9:57:7d:16:e4:77:dc:55:9b:3e:f9:43:ab:
                    3c:5e:39:0a:bb:ed:af:5e:07:dc:de:51:9f:d2:d2:
                    93:2f:5b:10:a8:ce:61:0b:b9:94:cf:1c:b2:3f:81:
                    f5:c1:87:a7:4b:3a:99:fa:19:a2:f0:65:36:7a:d3:
                    a5:6e:43:af:a5:c1:24:be:41:27:cc:e6:8a:dd:fa:
                    01:0d:b5:b0:46:f4:34:93:f4:56:d9:1b:55:6f:87:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:AB:A4:7A:C8:68:8C:E9:D4:9B:41:41:3D:F6:14:7A:26:6F:29:3F
            X509v3 Authority Key Identifier:
                keyid:11:56:04:BA:89:5E:8F:B3:B4:9A:2C:78:08:8E:9F:F2:FF:97:0A:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EVYEuolej7O0mix4CI6f8v-XCgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/c6ukeshojOnUm0FBPfYUeiZvKT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/EVYEuolej7O0mix4CI6f8v-XCgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.3.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0c:8b:c7:ce:dc:3b:79:e9:21:35:17:f3:8f:d1:fa:73:e1:1b:
         44:54:72:09:c7:97:db:ac:c3:75:9b:28:dc:e1:f0:3a:c8:cd:
         86:ef:f4:62:08:ba:91:20:7b:0b:c3:47:43:5f:d9:23:3f:30:
         35:1c:fa:dd:e3:db:69:94:fe:c3:b8:3f:19:1b:68:bd:46:aa:
         3b:e7:f1:73:4d:02:22:6b:fd:ac:5a:4a:6b:41:65:2a:de:b8:
         1b:b3:21:5b:a0:fc:40:80:48:77:f4:2d:22:68:4f:ae:d8:6f:
         40:7f:9c:84:9f:64:ca:69:84:f3:5f:10:e0:6d:ca:aa:53:0f:
         6f:d8:d5:38:23:ce:af:88:42:93:fd:1a:c3:a2:04:06:87:c6:
         0f:1a:13:67:05:f9:8b:a5:49:0b:69:b9:63:a5:31:91:71:cc:
         8e:a0:76:2a:f9:a0:10:65:2e:29:47:29:8d:b1:ff:12:b8:2b:
         3a:82:93:9c:82:e0:ba:d5:a2:b1:29:19:e1:a9:0d:90:9a:2b:
         03:65:5c:83:05:46:2a:9b:f3:29:aa:91:cc:ad:97:fe:18:93:
         1e:1d:86:16:0f:38:4d:4c:5f:e5:87:39:e3:60:ee:41:dd:bf:
         5b:78:6e:04:a1:d4:af:66:9d:83:f1:4a:ce:cb:b8:fd:96:09:
         9b:f9:d2:e3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSVceZ5uBRrXHwsLV/xNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNTYwNGJhODk1ZThmYjNiNDlhMmM3ODA4OGU5ZmYyZmY5
NzBhMDgwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2FiYTQ3YWM4Njg4Y2U5ZDQ5YjQxNDEzZGY2MTQ3YTI2NmYyOTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUxU630hFnrxrBUxDINzlId45S2c
lg2h3NH8gp+8s0g1h5dxz4mgcjTqrTrDIphzL6KBt+SCMYVCYWGztlhqZus6/2L6
xboc5CCa9+zKO1fCqxpotXo+9cTbCBdc5UL1+YXnRgWCZjOn9ZGFWnvGHRHk5URy
Xvk/d0/7hIZ60TfzIbiVjtVDnE13jMZmjcQL6WKbGYPFffq5P7K/aLkbBYCUaDMD
EalXfRbkd9xVmz75Q6s8XjkKu+2vXgfc3lGf0tKTL1sQqM5hC7mUzxyyP4H1wYen
SzqZ+hmi8GU2etOlbkOvpcEkvkEnzOaK3foBDbWwRvQ0k/RW2RtVb4eJOQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHOrpHrIaIzp1JtBQT32FHombyk/MB8GA1UdIwQY
MBaAFBFWBLqJXo+ztJoseAiOn/L/lwoIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVZZRXVvbGVqN08wbWl4NENJNmY4di1YQ2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9jNDJiMzctZDQ0OC00Y2YzLWJmZWMt
MTY5MmZjOGJiYTE1LzEvYzZ1a2VzaG9qT25VbTBGQlBmWVVlaVp2S1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9jNDJiMzctZDQ0OC00Y2YzLWJmZWMtMTY5MmZjOGJiYTE1
LzEvRVZZRXVvbGVqN08wbWl4NENJNmY4di1YQ2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoQMwDQYJ
KoZIhvcNAQELBQADggEBAAyLx87cO3npITUX84/R+nPhG0RUcgnHl9usw3WbKNzh
8DrIzYbv9GIIupEgewvDR0Nf2SM/MDUc+t3j22mU/sO4PxkbaL1Gqjvn8XNNAiJr
/axaSmtBZSreuBuzIVug/ECASHf0LSJoT67Yb0B/nISfZMpphPNfEOBtyqpTD2/Y
1Tgjzq+IQpP9GsOiBAaHxg8aE2cF+YulSQtpuWOlMZFxzI6gdir5oBBlLilHKY2x
/xK4KzqCk5yC4LrVorEpGeGpDZCaKwNlXIMFRiqb8ymqkcytl/4Ykx4dhhYPOE1M
X+WHOeNg7kHdv1t4bgSh1K9mnYPxSs7LuP2WCZv50uM=
-----END CERTIFICATE-----