Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/U9dcbHPHf_3ASAJ7POK5fWlL5uw.roa
File:                     U9dcbHPHf_3ASAJ7POK5fWlL5uw.roa (raw, json)
Hash identifier:          3eIXlWjf9tJGyYVtPsciWlDO1pjT8+VzuGXX6vdJE/Y=
Subject key identifier:   53:D7:5C:6C:73:C7:7F:FD:C0:48:02:7B:3C:E2:B9:7D:69:4B:E6:EC
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCFC02F0F8DB97157636A7C18DE819
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/U9dcbHPHf_3ASAJ7POK5fWlL5uw.roa
Signing time:             Mon 01 Jan 2024 16:30:43 +0000
ROA not before:           Mon 01 Jan 2024 16:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212534
IP address blocks:        2a0f:607:1200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 01:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fc:02:f0:f8:db:97:15:76:36:a7:c1:8d:e8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53d75c6c73c77ffdc048027b3ce2b97d694be6ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e3:7b:b9:c5:a1:79:dc:13:03:53:70:9e:35:
                    96:f1:10:58:78:e3:75:df:fe:47:9a:58:57:d6:ff:
                    01:02:fd:6c:ba:95:40:ee:a8:10:5d:f0:90:9c:70:
                    21:92:f4:c6:fd:81:5f:53:47:c9:cc:36:44:bf:6b:
                    59:93:c9:86:f4:ee:2e:97:dd:c5:63:59:76:d8:c7:
                    b3:5a:77:2d:e7:03:7f:42:61:b0:8c:37:b4:b8:6c:
                    a4:9f:e7:0e:89:cd:50:a1:56:25:08:5c:24:41:c9:
                    65:56:c8:41:e7:78:0f:54:d2:08:5d:3c:43:ee:08:
                    02:4e:d5:b0:91:00:52:64:f2:67:02:81:bc:dc:81:
                    0a:51:3b:93:04:e6:4e:f5:06:ea:83:7e:06:d0:ca:
                    d9:6d:26:21:7b:73:c7:3d:6a:73:2b:c5:a5:88:fe:
                    fd:b0:68:13:5f:8c:73:ae:2d:5b:c9:00:c7:97:ff:
                    1a:db:3b:1b:26:4f:12:c5:ee:f3:e6:b7:64:ab:9f:
                    da:f8:76:f0:92:a9:44:5c:4d:cc:36:5a:2a:10:91:
                    f9:58:88:c4:0e:d1:74:09:59:8d:ba:27:c4:1c:2a:
                    22:96:d0:3d:bd:b9:fb:ff:a7:74:27:99:94:29:a3:
                    60:19:45:24:71:67:b4:68:5a:37:c4:9a:0c:18:23:
                    17:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D7:5C:6C:73:C7:7F:FD:C0:48:02:7B:3C:E2:B9:7D:69:4B:E6:EC
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/U9dcbHPHf_3ASAJ7POK5fWlL5uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1200::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:66:70:c3:5b:9f:f0:17:9b:85:dd:75:40:05:ff:87:c2:2f:
         9f:e1:90:a9:44:ca:bd:c7:90:88:18:43:de:99:b2:98:53:3f:
         78:1c:5c:7a:17:43:80:51:10:73:02:5c:71:9f:2c:33:84:1c:
         2f:50:a0:eb:89:a8:1a:36:a8:ca:e8:31:6f:4e:c3:28:07:b5:
         43:c0:fc:f1:1e:52:82:4a:c5:b1:e7:e2:3e:57:64:81:d2:be:
         17:01:31:4c:c9:34:96:f9:c1:e0:49:90:cf:e6:d0:cd:17:a3:
         e4:d3:57:73:f6:be:5b:48:e7:31:6f:c1:db:15:8e:40:df:80:
         ec:bc:e6:50:bd:75:44:a0:81:59:ff:f9:51:a4:87:81:ad:61:
         10:4c:0d:af:7a:0f:41:38:84:77:59:5d:73:37:bd:eb:2c:2d:
         b2:33:ee:00:20:2a:2a:ec:74:1a:08:d9:66:fc:bc:4e:5a:ac:
         fb:fe:83:12:69:eb:9b:9e:b8:b2:ad:7c:5d:f1:1b:be:fb:93:
         9f:42:d1:da:b1:33:c0:41:b5:d2:da:d8:82:1c:5b:3b:b0:13:
         48:b2:02:56:c7:e3:d8:d9:18:a7:19:56:3f:b8:87:7d:c0:1a:
         3a:20:50:ff:9b:2d:65:65:e2:ed:ed:31:cc:74:68:e0:e3:40:
         9c:5f:e1:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PwC8PjblxV2NqfBjegZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q3NWM2YzczYzc3ZmZkYzA0ODAyN2IzY2UyYjk3ZDY5NGJlNmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreN7ucWhedwTA1NwnjWW8RBYeON1
3/5HmlhX1v8BAv1supVA7qgQXfCQnHAhkvTG/YFfU0fJzDZEv2tZk8mG9O4ul93F
Y1l22MezWnct5wN/QmGwjDe0uGykn+cOic1QoVYlCFwkQcllVshB53gPVNIIXTxD
7ggCTtWwkQBSZPJnAoG83IEKUTuTBOZO9Qbqg34G0MrZbSYhe3PHPWpzK8WliP79
sGgTX4xzri1byQDHl/8a2zsbJk8Sxe7z5rdkq5/a+HbwkqlEXE3MNloqEJH5WIjE
DtF0CVmNuifEHCoiltA9vbn7/6d0J5mUKaNgGUUkcWe0aFo3xJoMGCMXBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFPXXGxzx3/9wEgCezziuX1pS+bsMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvVTlkY2JIUEhmXzNBU0FKN1BPSzVmV2xMNXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZZnDDW5/wF5uF3XVABf+Hwi+f4ZCpRMq9x5CI
GEPembKYUz94HFx6F0OAURBzAlxxnywzhBwvUKDriagaNqjK6DFvTsMoB7VDwPzx
HlKCSsWx5+I+V2SB0r4XATFMyTSW+cHgSZDP5tDNF6Pk01dz9r5bSOcxb8HbFY5A
34DsvOZQvXVEoIFZ//lRpIeBrWEQTA2veg9BOIR3WV1zN73rLC2yM+4AICoq7HQa
CNlm/LxOWqz7/oMSaeubnriyrXxd8Ru++5OfQtHasTPAQbXS2tiCHFs7sBNIsgJW
x+PY2RinGVY/uId9wBo6IFD/my1lZeLt7THMdGjg40CcX+HO
-----END CERTIFICATE-----