Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/e92666-4526-47c1-b2ba-63728b0fa108/1/fCM3wMDxsW8BPtarf2dCGZMEAH4.roa
File:                     fCM3wMDxsW8BPtarf2dCGZMEAH4.roa (raw, json)
Hash identifier:          aPTwwvKa54f0p2Jt0Z3hDCSzrFkctsTnfds2IpESS/Y=
Subject key identifier:   7C:23:37:C0:C0:F1:B1:6F:01:3E:D6:AB:7F:67:42:19:93:04:00:7E
Certificate issuer:       /CN=c53b229e73ce6bb196d65c0bef119560657a3720
Certificate serial:       018CC348C7A2AE64907F280B8526C493542E
Authority key identifier: C5:3B:22:9E:73:CE:6B:B1:96:D6:5C:0B:EF:11:95:60:65:7A:37:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xTsinnPOa7GW1lwL7xGVYGV6NyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/e92666-4526-47c1-b2ba-63728b0fa108/1/fCM3wMDxsW8BPtarf2dCGZMEAH4.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201545
IP address blocks:        2a05:2340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/e92666-4526-47c1-b2ba-63728b0fa108/1/xTsinnPOa7GW1lwL7xGVYGV6NyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/e92666-4526-47c1-b2ba-63728b0fa108/1/xTsinnPOa7GW1lwL7xGVYGV6NyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xTsinnPOa7GW1lwL7xGVYGV6NyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c7:a2:ae:64:90:7f:28:0b:85:26:c4:93:54:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53b229e73ce6bb196d65c0bef119560657a3720
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c2337c0c0f1b16f013ed6ab7f6742199304007e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:79:e6:5d:0f:8d:93:48:44:41:34:7d:88:82:
                    39:fb:0c:42:73:eb:e3:4b:03:6e:96:59:84:67:69:
                    8e:28:06:8c:8f:28:63:7a:54:97:00:22:ed:d4:83:
                    6d:94:87:75:b6:77:31:28:eb:5f:e5:ff:3f:94:65:
                    c2:68:37:d5:0c:69:57:8a:0f:9a:77:fe:d4:c1:fd:
                    63:60:dd:3e:6d:17:23:3c:a7:a5:7f:f3:13:10:cd:
                    46:eb:cc:68:c9:21:08:96:bd:7d:38:66:42:59:d8:
                    34:09:10:f8:e9:55:2c:61:e6:c6:c0:a6:3b:4d:55:
                    1a:11:30:9e:5e:51:30:3c:fd:48:79:7c:55:87:e6:
                    fd:3a:43:9c:66:32:cf:65:52:ba:71:7f:d7:77:c9:
                    b8:32:53:90:d5:f4:9b:0a:78:b7:81:9e:25:47:43:
                    a1:eb:e3:ec:76:dc:24:0e:b1:17:ba:9e:ea:7e:c6:
                    a6:3f:6a:74:0e:c1:68:db:b5:af:fc:f0:b3:83:4d:
                    a3:b3:bc:c0:72:0c:5c:11:82:00:c4:c2:fb:8a:6f:
                    74:1e:13:2d:03:74:d5:6a:ac:29:b5:64:82:b9:aa:
                    21:71:58:48:24:3a:34:30:53:42:8e:ae:e0:fb:4d:
                    6f:09:da:17:21:86:24:d2:f2:1f:0d:44:ff:9c:ac:
                    fd:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:23:37:C0:C0:F1:B1:6F:01:3E:D6:AB:7F:67:42:19:93:04:00:7E
            X509v3 Authority Key Identifier:
                keyid:C5:3B:22:9E:73:CE:6B:B1:96:D6:5C:0B:EF:11:95:60:65:7A:37:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xTsinnPOa7GW1lwL7xGVYGV6NyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e92666-4526-47c1-b2ba-63728b0fa108/1/fCM3wMDxsW8BPtarf2dCGZMEAH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e92666-4526-47c1-b2ba-63728b0fa108/1/xTsinnPOa7GW1lwL7xGVYGV6NyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:2340::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:a2:9c:74:c3:fa:61:ad:d6:3c:55:46:e7:e3:e5:e1:77:10:
         85:80:46:27:76:e2:b5:c3:c4:11:f6:ce:53:01:df:f7:32:4a:
         53:f9:c5:d2:9d:17:ac:94:97:81:92:f0:2f:7a:b5:5a:05:9c:
         5d:b8:c5:d4:c2:c1:ad:96:8e:ce:5f:91:3c:a3:33:41:d8:ea:
         1f:6a:dd:de:88:e4:a5:17:b2:19:bc:d1:2c:3c:51:08:ac:6a:
         dc:14:fd:7e:86:d6:69:ba:4f:48:10:13:fa:e7:a2:24:12:06:
         c1:58:a3:6a:14:ab:00:b3:69:15:75:95:6a:b9:17:ad:5e:9c:
         5d:88:3b:e7:4e:17:ef:3b:eb:cd:af:46:c5:06:47:af:39:3b:
         8b:20:e5:78:32:d5:c3:a9:e9:a8:ce:01:c3:f5:e5:fd:2d:ab:
         c8:c8:de:cb:84:07:30:ad:bc:07:ce:d4:fa:13:12:59:a5:75:
         e3:e1:a1:b0:61:9b:bb:43:68:d2:cc:a3:0c:c2:a0:3b:7c:3b:
         51:14:8f:a9:7a:d0:2e:3a:78:5e:3a:fa:f0:33:f7:a4:2c:22:
         b7:7c:e0:9c:98:b7:1b:af:a1:43:a2:ff:17:de:59:b4:b4:ed:
         dc:af:dc:80:7d:f8:2b:47:6d:ed:91:5d:88:4a:b8:a0:58:c3:
         d9:86:dd:5c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSMeirmSQfygLhSbEk1QuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2IyMjllNzNjZTZiYjE5NmQ2NWMwYmVmMTE5NTYwNjU3
YTM3MjAwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzIzMzdjMGMwZjFiMTZmMDEzZWQ2YWI3ZjY3NDIxOTkzMDQwMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnnmXQ+Nk0hEQTR9iII5+wxCc+vj
SwNullmEZ2mOKAaMjyhjelSXACLt1INtlId1tncxKOtf5f8/lGXCaDfVDGlXig+a
d/7Uwf1jYN0+bRcjPKelf/MTEM1G68xoySEIlr19OGZCWdg0CRD46VUsYebGwKY7
TVUaETCeXlEwPP1IeXxVh+b9OkOcZjLPZVK6cX/Xd8m4MlOQ1fSbCni3gZ4lR0Oh
6+PsdtwkDrEXup7qfsamP2p0DsFo27Wv/PCzg02js7zAcgxcEYIAxML7im90HhMt
A3TVaqwptWSCuaohcVhIJDo0MFNCjq7g+01vCdoXIYYk0vIfDUT/nKz9YQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHwjN8DA8bFvAT7Wq39nQhmTBAB+MB8GA1UdIwQY
MBaAFMU7Ip5zzmuxltZcC+8RlWBlejcgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFRzaW5uUE9hN0dXMWx3TDd4R1ZZR1Y2TnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lOTI2NjYtNDUyNi00N2MxLWIyYmEt
NjM3MjhiMGZhMTA4LzEvZkNNM3dNRHhzVzhCUHRhcmYyZENHWk1FQUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lOTI2NjYtNDUyNi00N2MxLWIyYmEtNjM3MjhiMGZhMTA4
LzEveFRzaW5uUE9hN0dXMWx3TDd4R1ZZR1Y2TnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUjQDAN
BgkqhkiG9w0BAQsFAAOCAQEAJqKcdMP6Ya3WPFVG5+Pl4XcQhYBGJ3bitcPEEfbO
UwHf9zJKU/nF0p0XrJSXgZLwL3q1WgWcXbjF1MLBrZaOzl+RPKMzQdjqH2rd3ojk
pReyGbzRLDxRCKxq3BT9fobWabpPSBAT+ueiJBIGwVijahSrALNpFXWVarkXrV6c
XYg7504X7zvrza9GxQZHrzk7iyDleDLVw6npqM4Bw/Xl/S2ryMjey4QHMK28B87U
+hMSWaV14+GhsGGbu0No0syjDMKgO3w7URSPqXrQLjp4Xjr68DP3pCwit3zgnJi3
G6+hQ6L/F95ZtLTt3K/cgH34K0dt7ZFdiEq4oFjD2YbdXA==
-----END CERTIFICATE-----