Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/C1YGHb9y7hNnlwNXGqhibXYscuQ.roa
File:                     C1YGHb9y7hNnlwNXGqhibXYscuQ.roa (raw, json)
Hash identifier:          /3pMR6uojVJvMWDJGASArfUU2P5sx1evjrBMtC8NEbo=
Subject key identifier:   0B:56:06:1D:BF:72:EE:13:67:97:03:57:1A:A8:62:6D:76:2C:72:E4
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       0192842506A02744652D2BAD256A420BD7E9
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/C1YGHb9y7hNnlwNXGqhibXYscuQ.roa
Signing time:             Sun 13 Oct 2024 04:31:11 +0000
ROA not before:           Sun 13 Oct 2024 04:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a05:9080:3::/48 maxlen: 48
                          2a05:9080:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:84:25:06:a0:27:44:65:2d:2b:ad:25:6a:42:0b:d7:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Oct 13 04:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b56061dbf72ee13679703571aa8626d762c72e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f0:eb:37:d2:38:9f:04:62:d4:dc:ed:35:95:
                    42:c3:29:2f:c7:97:40:ff:98:c0:b9:df:ea:83:48:
                    19:0d:83:0e:21:e0:e1:ac:e3:57:9e:54:1e:47:cd:
                    2c:4c:f7:a6:0b:b7:a7:a7:d8:a4:9c:cc:cb:77:fd:
                    46:56:91:28:17:df:5a:78:27:18:fd:0b:67:ae:0b:
                    93:d6:65:f8:ca:af:51:49:7e:21:bc:f7:9e:0b:6d:
                    7f:36:ce:76:c6:e5:9b:9c:06:4d:10:b6:11:63:fd:
                    91:5b:8f:bd:b2:ea:54:c1:fa:be:ad:f9:d1:0d:b2:
                    ed:1d:91:1b:50:13:7c:14:da:82:1e:3b:d7:c1:2f:
                    45:c8:15:7c:3e:0c:b5:76:2e:68:0c:03:a4:8a:4e:
                    09:d3:36:63:62:9f:3c:c6:38:5d:37:72:f3:da:48:
                    63:20:91:8e:ea:40:35:3f:9d:02:7c:5e:66:ce:e4:
                    18:cc:a5:47:21:b6:09:5a:d3:c5:d2:70:a2:fe:d7:
                    3e:92:07:e1:ed:0e:a2:d2:c1:fb:63:5c:7a:e6:e4:
                    dc:1c:76:51:3e:e1:29:74:f7:e5:3d:3d:b8:19:f8:
                    74:d4:d4:c3:3f:38:8a:cb:b0:5a:24:13:1b:80:0b:
                    ea:40:26:27:80:14:da:b9:f6:c4:bd:a9:9d:98:14:
                    1f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:56:06:1D:BF:72:EE:13:67:97:03:57:1A:A8:62:6D:76:2C:72:E4
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/C1YGHb9y7hNnlwNXGqhibXYscuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:3::/48
                  2a05:9080:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:61:a8:ae:67:3b:79:52:ca:68:8f:63:37:9c:a8:09:de:c0:
         e2:46:d9:3f:68:8c:48:02:60:a6:da:6c:83:91:3e:c0:36:cd:
         bb:b6:46:30:68:d1:d5:16:0f:dd:45:35:b8:41:26:42:5d:0a:
         34:e3:ac:53:5f:3d:3a:50:44:e3:be:21:95:19:0d:31:ba:af:
         aa:79:e3:79:cd:b2:a9:64:95:32:1c:52:65:45:2a:2b:cd:35:
         90:1c:01:82:db:f8:5d:3e:aa:a2:e1:36:cf:df:9d:33:c2:6f:
         0d:cc:c8:e4:cb:2b:fa:78:4c:a5:bf:56:5e:f4:c5:35:74:47:
         c7:92:2f:a9:59:b1:02:c8:07:b4:ca:00:0b:f7:82:05:c0:39:
         b5:45:00:31:4c:06:6a:64:26:5f:1c:f1:0c:0b:67:9d:73:32:
         6c:93:2d:ac:50:f9:bc:21:5c:32:35:1a:7a:cd:98:b2:d6:64:
         fc:e5:09:3d:ee:02:90:f6:6c:b4:00:68:14:35:80:3c:2a:b5:
         f2:c2:46:7a:50:df:16:1f:98:ce:40:6e:97:b5:fb:34:e4:89:
         3b:43:dd:86:87:86:50:10:67:44:db:d1:cf:4d:7e:20:0f:e7:
         e2:49:03:de:c1:de:94:c7:36:7b:3d:c9:aa:39:7f:6b:34:47:
         4c:e0:2c:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKEJQagJ0RlLSutJWpCC9fpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQxMDEzMDQzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjU2MDYxZGJmNzJlZTEzNjc5NzAzNTcxYWE4NjI2ZDc2MmM3MmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvDrN9I4nwRi1NztNZVCwykvx5dA
/5jAud/qg0gZDYMOIeDhrONXnlQeR80sTPemC7enp9iknMzLd/1GVpEoF99aeCcY
/QtnrguT1mX4yq9RSX4hvPeeC21/Ns52xuWbnAZNELYRY/2RW4+9supUwfq+rfnR
DbLtHZEbUBN8FNqCHjvXwS9FyBV8Pgy1di5oDAOkik4J0zZjYp88xjhdN3Lz2khj
IJGO6kA1P50CfF5mzuQYzKVHIbYJWtPF0nCi/tc+kgfh7Q6i0sH7Y1x65uTcHHZR
PuEpdPflPT24Gfh01NTDPziKy7BaJBMbgAvqQCYngBTaufbEvamdmBQf6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAtWBh2/cu4TZ5cDVxqoYm12LHLkMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvQzFZR0hiOXk3aE5ubHdOWEdxaGliWFlzY3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgWQgAAD
AwcAKgWQgAAFMA0GCSqGSIb3DQEBCwUAA4IBAQBkYaiuZzt5Uspoj2M3nKgJ3sDi
Rtk/aIxIAmCm2myDkT7ANs27tkYwaNHVFg/dRTW4QSZCXQo046xTXz06UETjviGV
GQ0xuq+qeeN5zbKpZJUyHFJlRSorzTWQHAGC2/hdPqqi4TbP350zwm8NzMjkyyv6
eEylv1Ze9MU1dEfHki+pWbECyAe0ygAL94IFwDm1RQAxTAZqZCZfHPEMC2edczJs
ky2sUPm8IVwyNRp6zZiy1mT85Qk97gKQ9my0AGgUNYA8KrXywkZ6UN8WH5jOQG6X
tfs05Ik7Q92Gh4ZQEGdE29HPTX4gD+fiSQPewd6UxzZ7PcmqOX9rNEdM4CxV
-----END CERTIFICATE-----