Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/pWErKJ6dHAjEphprD6YiHzE9eZg.roa
File:                     pWErKJ6dHAjEphprD6YiHzE9eZg.roa (raw, json)
Hash identifier:          C9YTgWSpk3WtMrPOeo974aafxIsyqcEl01MdiRrG1j0=
Subject key identifier:   A5:61:2B:28:9E:9D:1C:08:C4:A6:1A:6B:0F:A6:22:1F:31:3D:79:98
Certificate issuer:       /CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
Certificate serial:       018CC8019C0F4D2A5B889E2F51DA5C5EB5FC
Authority key identifier: 11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/pWErKJ6dHAjEphprD6YiHzE9eZg.roa
Signing time:             Tue 02 Jan 2024 02:29:57 +0000
ROA not before:           Tue 02 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a03:5640:f000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9c:0f:4d:2a:5b:88:9e:2f:51:da:5c:5e:b5:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5612b289e9d1c08c4a61a6b0fa6221f313d7998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cd:5b:74:34:38:50:4d:d1:b3:6c:25:5f:1c:
                    f0:a9:49:70:d6:8b:d7:7a:93:79:85:63:92:39:67:
                    53:e2:8a:1f:80:18:eb:ee:9d:79:55:ed:61:2f:54:
                    14:69:b9:ca:de:7a:41:17:c9:b2:03:e9:d0:85:ad:
                    06:28:37:03:0c:aa:92:f2:29:39:2b:fc:73:44:71:
                    0c:49:5f:dd:41:d2:de:b1:fb:66:c0:ee:bc:88:1f:
                    c8:86:0f:c2:ea:93:81:62:50:a4:1c:0e:a2:c0:86:
                    10:54:70:5e:b3:cc:d5:de:f7:c2:68:74:5e:b6:22:
                    82:d0:82:26:b2:a2:4e:5c:c0:23:cf:cd:21:69:f4:
                    07:ae:ec:0f:89:fb:ce:28:89:07:9c:a5:20:83:0f:
                    ae:5d:a0:74:37:cd:df:51:cd:5e:cf:f8:34:a9:4d:
                    4e:ec:f7:6f:03:59:87:4a:78:70:40:dd:a3:c1:5b:
                    ae:59:15:61:6e:5d:72:47:e1:da:25:58:0a:99:93:
                    76:e2:5f:d8:89:04:87:fc:d2:63:3a:f8:31:46:4c:
                    b4:8e:dc:fd:1e:82:30:5e:22:ba:05:1d:1c:c2:a4:
                    c2:8f:26:2a:ea:41:8f:cc:6d:3c:3b:45:80:da:4e:
                    9b:06:20:c8:3c:a8:b1:c4:5f:d7:6a:8a:34:a3:1b:
                    f8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:61:2B:28:9E:9D:1C:08:C4:A6:1A:6B:0F:A6:22:1F:31:3D:79:98
            X509v3 Authority Key Identifier:
                keyid:11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/pWErKJ6dHAjEphprD6YiHzE9eZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5640:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         62:46:c6:31:d0:b0:df:2f:b9:c7:79:8a:45:d4:a6:d9:12:7c:
         cf:92:a8:7a:73:f2:a7:a9:ad:26:8e:41:f0:04:90:97:a1:b1:
         e6:52:e9:47:b2:01:da:22:80:f6:de:8e:58:15:d1:c1:87:48:
         71:e8:5a:f6:89:cd:4a:07:6d:0b:26:f7:d2:47:a3:98:0d:e3:
         48:61:de:3c:c1:09:d8:44:c1:9e:53:b3:60:78:71:dd:89:42:
         b5:ae:a2:f1:36:69:98:3d:b0:b0:28:59:0b:69:31:58:86:ac:
         7f:ca:67:d5:c1:13:a7:e7:24:d7:3c:d7:ba:26:b2:41:ff:d7:
         76:8e:f2:0f:bd:2e:7e:9d:0b:fe:47:23:ef:e8:45:cf:01:f5:
         ae:60:c5:c0:0a:cc:a1:f3:b4:2b:14:10:0e:10:5c:f5:cb:87:
         6d:2a:e5:1c:ad:78:01:58:51:d6:0a:05:5f:d3:9a:f5:84:ac:
         5e:80:c2:7c:12:b5:ca:aa:aa:d7:34:26:ff:4e:d5:8d:e4:98:
         2b:80:cd:40:83:70:b6:e1:59:eb:7b:e5:37:25:77:ca:ec:fc:
         74:b4:6c:96:cd:b0:dd:cd:dd:58:27:8b:34:1b:ac:4c:a2:84:
         f0:2c:f5:f4:1d:3f:33:b4:f3:fb:03:70:80:0b:50:69:c4:b1:
         54:d9:15:07
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAZwPTSpbiJ4vUdpcXrX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExOGJhNGVmOTAxYWFjMTA4NzZjY2Y5NzZhNWY3ZDE2YzRj
YTc5ZjAwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTYxMmIyODllOWQxYzA4YzRhNjFhNmIwZmE2MjIxZjMxM2Q3OTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos1bdDQ4UE3Rs2wlXxzwqUlw1ovX
epN5hWOSOWdT4oofgBjr7p15Ve1hL1QUabnK3npBF8myA+nQha0GKDcDDKqS8ik5
K/xzRHEMSV/dQdLesftmwO68iB/Ihg/C6pOBYlCkHA6iwIYQVHBes8zV3vfCaHRe
tiKC0IImsqJOXMAjz80hafQHruwPifvOKIkHnKUggw+uXaB0N83fUc1ez/g0qU1O
7PdvA1mHSnhwQN2jwVuuWRVhbl1yR+HaJVgKmZN24l/YiQSH/NJjOvgxRky0jtz9
HoIwXiK6BR0cwqTCjyYq6kGPzG08O0WA2k6bBiDIPKixxF/Xaoo0oxv46QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKVhKyienRwIxKYaaw+mIh8xPXmYMB8GA1UdIwQY
MBaAFBGLpO+QGqwQh2zPl2pffRbEynnwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDIt
ZjJiNGVmYmE1OWJjLzEvcFdFcktKNmRIQWpFcGhwckQ2WWlIekU5ZVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDItZjJiNGVmYmE1OWJj
LzEvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgNWQPAw
DQYJKoZIhvcNAQELBQADggEBAGJGxjHQsN8vucd5ikXUptkSfM+SqHpz8qeprSaO
QfAEkJehseZS6UeyAdoigPbejlgV0cGHSHHoWvaJzUoHbQsm99JHo5gN40hh3jzB
CdhEwZ5Ts2B4cd2JQrWuovE2aZg9sLAoWQtpMViGrH/KZ9XBE6fnJNc817omskH/
13aO8g+9Ln6dC/5HI+/oRc8B9a5gxcAKzKHztCsUEA4QXPXLh20q5RyteAFYUdYK
BV/TmvWErF6AwnwStcqqqtc0Jv9O1Y3kmCuAzUCDcLbhWet75Tcld8rs/HS0bJbN
sN3N3VgnizQbrEyihPAs9fQdPzO08/sDcIALUGnEsVTZFQc=
-----END CERTIFICATE-----