Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/nr485oa9hU9dbZ3WQBoi9pBDb_0.roa
File:                     nr485oa9hU9dbZ3WQBoi9pBDb_0.roa (raw, json)
Hash identifier:          OFHuTk8VUAez8ar5sXFCaaxn6bwOsjA3DBhbBTgA5k0=
Subject key identifier:   9E:BE:3C:E6:86:BD:85:4F:5D:6D:9D:D6:40:1A:22:F6:90:43:6F:FD
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEEEC1D296B15268CED1354613BA6
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/nr485oa9hU9dbZ3WQBoi9pBDb_0.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205138
IP address blocks:        2a01:8740:10::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:ec:1d:29:6b:15:26:8c:ed:13:54:61:3b:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ebe3ce686bd854f5d6d9dd6401a22f690436ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:26:f7:f7:50:f2:8e:d4:58:98:cd:4f:d3:ed:
                    9e:24:17:22:82:89:ed:e6:ed:d0:cb:e8:58:de:01:
                    a5:ac:0c:87:6a:fb:0f:dd:81:f7:e9:8c:b9:84:2b:
                    5c:b1:4f:1d:92:74:eb:b3:d6:c8:cb:35:f7:7d:b9:
                    f2:f3:a2:4f:45:81:ce:4e:27:32:55:07:b5:d1:c7:
                    59:2f:e4:7f:74:ea:5e:a6:38:7e:f8:85:5d:7f:83:
                    06:8a:c4:86:17:3a:da:10:97:fc:03:41:0a:24:09:
                    62:0a:e8:58:4a:8b:b8:72:95:2b:09:c0:22:bd:6d:
                    d6:77:ab:a3:d3:ea:60:61:0b:d4:d8:66:33:52:e5:
                    50:25:01:ea:8f:3c:49:d7:5d:c7:22:92:e0:20:bc:
                    f1:5e:1e:94:70:28:d4:7b:b4:9b:86:c9:6c:73:e4:
                    8a:2c:f5:f7:b4:78:6a:f3:5c:b0:33:78:5e:12:6f:
                    1e:e1:4f:7b:11:10:22:38:61:72:bf:78:8f:20:28:
                    f2:42:75:83:2b:86:b2:80:f4:bf:42:d5:8d:6e:e5:
                    62:4e:4c:ec:28:d3:10:28:34:d8:f7:03:52:92:15:
                    0b:4d:6f:62:6e:c1:43:45:c0:42:f9:36:b6:ed:44:
                    31:7f:79:26:a7:80:3f:93:61:41:b7:44:63:fa:e5:
                    d0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:BE:3C:E6:86:BD:85:4F:5D:6D:9D:D6:40:1A:22:F6:90:43:6F:FD
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/nr485oa9hU9dbZ3WQBoi9pBDb_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8740:10::/46

    Signature Algorithm: sha256WithRSAEncryption
         6d:c5:61:45:1b:86:b2:4a:24:e9:4a:cb:10:27:4f:41:93:36:
         4d:15:35:52:91:61:68:39:86:11:c1:9d:04:2a:4c:61:9b:8d:
         a1:21:ca:58:c2:30:ec:a6:3d:9f:2f:ec:f0:14:03:6b:87:56:
         d6:36:a7:4a:01:d2:6a:d0:ad:cd:23:1d:94:d7:d1:31:c0:22:
         fe:30:cc:de:5e:bb:5c:b9:0b:c1:c5:4e:27:e0:3f:63:2b:1d:
         a0:31:93:89:23:d7:5e:9b:f9:56:ff:34:b5:58:a8:8e:71:69:
         f3:80:a0:84:11:05:28:23:5c:c2:8a:df:e0:e8:87:22:e8:a7:
         44:8c:f3:e0:97:66:13:90:67:3a:39:de:57:a1:1f:8e:8a:db:
         aa:2a:c7:ce:96:ee:2b:cc:31:f7:53:ca:81:86:0a:da:33:7e:
         42:92:da:df:f8:9f:ac:10:00:8e:09:38:3b:0b:e6:cf:ee:67:
         bd:e9:23:27:5f:b6:02:e2:19:af:f1:7f:6d:41:9a:d6:3c:51:
         4e:88:4f:80:08:e6:0e:45:5e:e2:78:ba:79:d4:a2:36:49:64:
         56:6b:67:9e:bb:73:21:d5:87:91:a9:c0:bf:87:9a:86:a0:75:
         35:ba:4e:69:a3:d4:a2:2c:ad:bf:51:6e:9b:de:43:aa:1d:09:
         9a:ca:59:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbu7sHSlrFSaM7RNUYTumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWJlM2NlNjg2YmQ4NTRmNWQ2ZDlkZDY0MDFhMjJmNjkwNDM2ZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhib391DyjtRYmM1P0+2eJBcigont
5u3Qy+hY3gGlrAyHavsP3YH36Yy5hCtcsU8dknTrs9bIyzX3fbny86JPRYHOTicy
VQe10cdZL+R/dOpepjh++IVdf4MGisSGFzraEJf8A0EKJAliCuhYSou4cpUrCcAi
vW3Wd6uj0+pgYQvU2GYzUuVQJQHqjzxJ113HIpLgILzxXh6UcCjUe7Sbhslsc+SK
LPX3tHhq81ywM3heEm8e4U97ERAiOGFyv3iPICjyQnWDK4aygPS/QtWNbuViTkzs
KNMQKDTY9wNSkhULTW9ibsFDRcBC+Ta27UQxf3kmp4A/k2FBt0Rj+uXQwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ6+POaGvYVPXW2d1kAaIvaQQ2/9MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvbnI0ODVvYTloVTlkYlozV1FCb2k5cEJEYl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgGHQAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBtxWFFG4aySiTpSssQJ09BkzZNFTVSkWFoOYYR
wZ0EKkxhm42hIcpYwjDspj2fL+zwFANrh1bWNqdKAdJq0K3NIx2U19ExwCL+MMze
XrtcuQvBxU4n4D9jKx2gMZOJI9dem/lW/zS1WKiOcWnzgKCEEQUoI1zCit/g6Ici
6KdEjPPgl2YTkGc6Od5XoR+OituqKsfOlu4rzDH3U8qBhgraM35Cktrf+J+sEACO
CTg7C+bP7me96SMnX7YC4hmv8X9tQZrWPFFOiE+ACOYORV7ieLp51KI2SWRWa2ee
u3Mh1YeRqcC/h5qGoHU1uk5po9SiLK2/UW6b3kOqHQmaylmk
-----END CERTIFICATE-----