Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/m_Nfkkeib9aVEKqU5uDaU5HIS7M.roa
File:                     m_Nfkkeib9aVEKqU5uDaU5HIS7M.roa (raw, json)
Hash identifier:          yW6qnA/fji5QsJhl/Ok6GnGI/GblHLSlSlwR8YAOGyw=
Subject key identifier:   9B:F3:5F:92:47:A2:6F:D6:95:10:AA:94:E6:E0:DA:53:91:C8:4B:B3
Certificate issuer:       /CN=66f8206e3311df394f48389b8122b94aa1f0b05c
Certificate serial:       018D16C03E1F243DB3564301BAA090FAB9A4
Authority key identifier: 66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/m_Nfkkeib9aVEKqU5uDaU5HIS7M.roa
Signing time:             Wed 17 Jan 2024 09:28:34 +0000
ROA not before:           Wed 17 Jan 2024 09:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200223
IP address blocks:        2a03:3a61::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:c0:3e:1f:24:3d:b3:56:43:01:ba:a0:90:fa:b9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f8206e3311df394f48389b8122b94aa1f0b05c
        Validity
            Not Before: Jan 17 09:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bf35f9247a26fd69510aa94e6e0da5391c84bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:be:d9:76:42:80:24:29:59:3b:fc:3b:17:da:
                    7d:10:61:4f:87:4a:56:34:b0:96:2b:ca:04:70:1c:
                    6e:aa:77:f0:24:bf:82:d8:47:a7:3e:3e:52:24:2d:
                    27:1d:18:ba:db:46:38:15:b7:e7:9c:c2:72:68:0a:
                    bb:08:55:69:9c:8a:76:8b:69:2d:35:17:44:95:c7:
                    69:95:9a:4f:47:a5:b4:79:c7:7a:9f:70:0c:5b:87:
                    a3:c2:9d:ec:01:ae:64:61:ae:a2:6d:06:4e:0f:5e:
                    ab:67:80:67:d6:15:35:7f:fe:d8:45:9e:05:7e:b9:
                    bf:6b:a8:d0:e3:8a:e1:14:36:eb:37:2b:d0:e8:da:
                    6a:3e:3d:ff:d6:5d:8d:c4:05:19:a8:cd:86:38:75:
                    81:8f:12:93:0d:83:e3:38:89:a4:23:f5:32:e4:b0:
                    c3:13:a7:40:57:ea:e3:53:f9:d8:9e:25:ed:59:03:
                    8d:85:49:d0:4b:ed:db:fa:24:17:65:cb:83:16:6a:
                    57:7e:56:55:5e:50:b7:c3:3f:77:06:c2:76:71:91:
                    5e:df:38:3a:7a:be:55:11:d5:74:db:36:4b:9d:3f:
                    f7:56:7d:38:8a:0b:03:d0:b2:aa:2e:12:d1:e5:e0:
                    c5:c7:a5:9b:4f:c4:56:26:3f:d9:58:8c:4f:a1:58:
                    b6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F3:5F:92:47:A2:6F:D6:95:10:AA:94:E6:E0:DA:53:91:C8:4B:B3
            X509v3 Authority Key Identifier:
                keyid:66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/m_Nfkkeib9aVEKqU5uDaU5HIS7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:3a61::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:25:83:97:c2:c8:33:36:b6:b1:89:d7:53:a6:d1:50:c4:50:
         8f:1e:b8:dc:93:73:52:d1:33:84:8d:df:40:e1:b1:5c:dc:28:
         bf:5a:ab:2b:cd:f3:2b:ba:10:ba:93:8d:f8:7f:42:90:5e:43:
         c9:be:d1:48:4c:ae:c7:01:32:9d:cc:73:66:11:b0:cd:fd:57:
         d1:63:08:5f:ba:da:67:3b:08:97:86:c5:a3:dc:d0:00:7b:d6:
         47:85:68:1b:c6:da:1f:bd:3c:e7:9e:a4:75:a9:a7:26:70:50:
         80:1d:18:d1:f2:a5:5e:05:9f:1f:8a:3e:32:f4:e4:d4:cb:ad:
         81:c8:aa:f2:90:c8:35:d6:18:68:24:b7:f9:08:0b:cc:15:dc:
         75:21:c8:31:29:e7:19:a8:f0:5b:33:c1:a0:fd:d0:81:c9:24:
         b8:27:94:b6:87:90:d6:6a:19:02:a4:21:02:cb:b1:31:83:5b:
         d6:67:22:06:73:72:d7:33:c7:8a:04:a8:af:63:9c:31:43:1d:
         c6:4f:ca:ae:5c:e2:a9:7e:6e:c1:41:fb:ff:c5:e3:1e:08:71:
         aa:3f:4d:ca:23:cf:47:40:d2:ab:6a:4e:e8:ea:15:c5:c0:a6:
         1d:a8:b0:e9:ef:0e:bb:d6:43:00:75:cf:38:c9:51:89:52:f8:
         6a:97:38:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0WwD4fJD2zVkMBuqCQ+rmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjgyMDZlMzMxMWRmMzk0ZjQ4Mzg5YjgxMjJiOTRhYTFm
MGIwNWMwHhcNMjQwMTE3MDkyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmYzNWY5MjQ3YTI2ZmQ2OTUxMGFhOTRlNmUwZGE1MzkxYzg0YmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb7ZdkKAJClZO/w7F9p9EGFPh0pW
NLCWK8oEcBxuqnfwJL+C2EenPj5SJC0nHRi620Y4FbfnnMJyaAq7CFVpnIp2i2kt
NRdElcdplZpPR6W0ecd6n3AMW4ejwp3sAa5kYa6ibQZOD16rZ4Bn1hU1f/7YRZ4F
frm/a6jQ44rhFDbrNyvQ6NpqPj3/1l2NxAUZqM2GOHWBjxKTDYPjOImkI/Uy5LDD
E6dAV+rjU/nYniXtWQONhUnQS+3b+iQXZcuDFmpXflZVXlC3wz93BsJ2cZFe3zg6
er5VEdV02zZLnT/3Vn04igsD0LKqLhLR5eDFx6WbT8RWJj/ZWIxPoVi2aQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJvzX5JHom/WlRCqlObg2lORyEuzMB8GA1UdIwQY
MBaAFGb4IG4zEd85T0g4m4EiuUqh8LBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgt
YmJmZDQ1Yzg0YmVhLzEvbV9OZmtrZWliOWFWRUtxVTV1RGFVNUhJUzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgtYmJmZDQ1Yzg0YmVh
LzEvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgM6YTAN
BgkqhkiG9w0BAQsFAAOCAQEAXSWDl8LIMza2sYnXU6bRUMRQjx643JNzUtEzhI3f
QOGxXNwov1qrK83zK7oQupON+H9CkF5Dyb7RSEyuxwEyncxzZhGwzf1X0WMIX7ra
ZzsIl4bFo9zQAHvWR4VoG8baH708556kdamnJnBQgB0Y0fKlXgWfH4o+MvTk1Mut
gciq8pDINdYYaCS3+QgLzBXcdSHIMSnnGajwWzPBoP3QgckkuCeUtoeQ1moZAqQh
AsuxMYNb1mciBnNy1zPHigSor2OcMUMdxk/KrlziqX5uwUH7/8XjHghxqj9NyiPP
R0DSq2pO6OoVxcCmHaiw6e8Ou9ZDAHXPOMlRiVL4apc48g==
-----END CERTIFICATE-----