Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/N23ldJos3TXHlJ612NTSbYEOjGE.roa
File:                     N23ldJos3TXHlJ612NTSbYEOjGE.roa (raw, json)
Hash identifier:          pN3xaViiIzdeyC78ASKSC7QAGaTFPfRleJamxz6onzM=
Subject key identifier:   37:6D:E5:74:9A:2C:DD:35:C7:94:9E:B5:D8:D4:D2:6D:81:0E:8C:61
Certificate issuer:       /CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
Certificate serial:       018CC8714B5E0F30E907E6704B85A9D278A4
Authority key identifier: 7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/N23ldJos3TXHlJ612NTSbYEOjGE.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216370
IP address blocks:        2a06:9686:a00::/39 maxlen: 39
                          2a06:9686:c00::/39 maxlen: 39
                          2a06:9686:e00::/39 maxlen: 39

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4b:5e:0f:30:e9:07:e6:70:4b:85:a9:d2:78:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=376de5749a2cdd35c7949eb5d8d4d26d810e8c61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1d:0e:0c:30:ae:a6:ed:3a:39:48:03:07:ef:
                    10:f2:0d:55:9e:cf:89:e2:cc:9c:cc:79:2d:56:0a:
                    4e:7b:e4:d1:c0:38:c1:5c:c6:0b:bc:0d:e8:02:c4:
                    4f:fe:73:5d:aa:a8:03:96:60:00:6e:f4:37:3b:57:
                    68:2f:37:7c:fa:0d:62:73:5d:70:a4:d2:c0:1e:97:
                    f8:94:f5:fc:27:1f:16:71:2e:c1:09:9f:94:20:9e:
                    77:3f:40:7d:8e:05:ec:d7:7c:36:9a:a2:8d:2f:cc:
                    98:f4:9b:8b:e1:af:bf:2e:ca:72:17:e4:60:ba:9e:
                    5d:3a:60:04:90:7f:86:13:1e:97:c6:10:fd:8f:fc:
                    9c:78:5d:9a:d3:bc:e9:7f:f1:1f:20:51:c8:45:23:
                    d7:a7:47:f0:08:3f:44:14:a0:ab:3c:32:98:34:5a:
                    47:3f:a9:d6:0d:c7:57:a9:f0:81:dd:1f:fa:60:65:
                    49:c2:2d:c5:b5:a2:3c:1d:28:59:fd:3d:8c:1c:03:
                    f3:d4:e6:19:30:61:a8:d1:14:16:74:7f:c9:5b:ec:
                    ee:dd:28:4c:af:19:fd:c9:f0:63:f2:1e:5d:43:e5:
                    b0:2a:3a:11:bf:bb:bb:27:1c:e9:ab:e5:5f:d0:0e:
                    37:28:23:5d:d7:71:e4:35:73:f0:22:1b:fc:4f:e9:
                    ae:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6D:E5:74:9A:2C:DD:35:C7:94:9E:B5:D8:D4:D2:6D:81:0E:8C:61
            X509v3 Authority Key Identifier:
                keyid:7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/N23ldJos3TXHlJ612NTSbYEOjGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9686:a00::-2a06:9686:fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         52:1f:bb:e8:3b:b0:62:ba:f0:53:3a:08:62:83:c9:be:72:01:
         42:99:ed:67:06:fb:1b:1e:32:aa:8e:38:00:04:98:8a:0f:1c:
         02:32:e1:40:df:2c:39:b9:11:5e:48:9b:2a:0c:6f:33:f8:e2:
         a7:aa:fb:e0:2d:50:be:bc:94:e8:32:5d:c6:f3:3a:7a:1d:9a:
         80:2d:dd:32:0e:b6:27:40:b2:ae:dd:88:de:92:21:1a:7b:cd:
         68:51:55:47:fd:77:19:dd:b1:bf:a1:4b:d5:9b:d4:c8:a8:27:
         6f:6b:9a:bf:2c:28:04:32:42:94:10:04:a8:bc:72:00:4e:d9:
         ab:df:4c:d9:db:94:09:93:22:7d:44:9c:a9:57:c0:7c:cd:9e:
         e4:a6:7c:37:4a:f9:e7:9e:1e:09:0b:2f:a1:49:aa:80:a5:0b:
         57:1b:6a:26:33:25:a8:65:39:a9:ad:27:8b:ce:4c:5f:95:22:
         13:3a:35:20:e7:c1:b7:be:a1:b8:cd:ec:59:f5:ab:e3:91:b4:
         a2:36:28:11:c5:f4:8e:a3:f3:a4:48:e3:83:a4:62:ac:e1:5f:
         f1:10:7e:50:a3:9a:a9:6a:b8:66:dd:72:2d:ef:46:5e:ef:24:
         20:da:48:f3:6e:5c:68:73:a8:58:3b:29:d4:02:c7:bb:74:b0:
         29:0b:b3:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIcUteDzDpB+ZwS4Wp0nikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2I4ODc3ZTFhMTMwZmU1MDM4NmM2MTBkNmVhZDU2NDFi
OTdiYTYwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZkZTU3NDlhMmNkZDM1Yzc5NDllYjVkOGQ0ZDI2ZDgxMGU4YzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkh0ODDCupu06OUgDB+8Q8g1Vns+J
4syczHktVgpOe+TRwDjBXMYLvA3oAsRP/nNdqqgDlmAAbvQ3O1doLzd8+g1ic11w
pNLAHpf4lPX8Jx8WcS7BCZ+UIJ53P0B9jgXs13w2mqKNL8yY9JuL4a+/LspyF+Rg
up5dOmAEkH+GEx6XxhD9j/yceF2a07zpf/EfIFHIRSPXp0fwCD9EFKCrPDKYNFpH
P6nWDcdXqfCB3R/6YGVJwi3FtaI8HShZ/T2MHAPz1OYZMGGo0RQWdH/JW+zu3ShM
rxn9yfBj8h5dQ+WwKjoRv7u7Jxzpq+Vf0A43KCNd13HkNXPwIhv8T+mutQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDdt5XSaLN01x5SetdjU0m2BDoxhMB8GA1UdIwQY
MBaAFHw7iHfhoTD+UDhsYQ1urVZBuXumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTIt
MTIwMjVjNTRmNDg0LzEvTjIzbGRKb3MzVFhIbEo2MTJOVFNiWUVPakdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTItMTIwMjVjNTRmNDg0
LzEvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgEqBpaG
CgMGBCoGloYAMA0GCSqGSIb3DQEBCwUAA4IBAQBSH7voO7BiuvBTOghig8m+cgFC
me1nBvsbHjKqjjgABJiKDxwCMuFA3yw5uRFeSJsqDG8z+OKnqvvgLVC+vJToMl3G
8zp6HZqALd0yDrYnQLKu3YjekiEae81oUVVH/XcZ3bG/oUvVm9TIqCdva5q/LCgE
MkKUEASovHIATtmr30zZ25QJkyJ9RJypV8B8zZ7kpnw3Svnnnh4JCy+hSaqApQtX
G2omMyWoZTmprSeLzkxflSITOjUg58G3vqG4zexZ9avjkbSiNigRxfSOo/OkSOOD
pGKs4V/xEH5Qo5qparhm3XIt70Ze7yQg2kjzblxoc6hYOynUAse7dLApC7Mv
-----END CERTIFICATE-----