Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/3447dd-8dc4-405d-9c0b-6ffc5d9e0fed/1/w5L3U8w9DvYrm3gKtN5L67YpgVk.roa
File:                     w5L3U8w9DvYrm3gKtN5L67YpgVk.roa (raw, json)
Hash identifier:          8gzrK7a9VY/OBNpk0fQ30Tn+mhFDwqK6C2GbbWrIGOQ=
Subject key identifier:   C3:92:F7:53:CC:3D:0E:F6:2B:9B:78:0A:B4:DE:4B:EB:B6:29:81:59
Certificate issuer:       /CN=94deea5626d9e832640f1ecdf7f8bb7257240847
Certificate serial:       018CC793715DDB5232D4E2590CAAA0FF3FEB
Authority key identifier: 94:DE:EA:56:26:D9:E8:32:64:0F:1E:CD:F7:F8:BB:72:57:24:08:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lN7qVibZ6DJkDx7N9_i7clckCEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/3447dd-8dc4-405d-9c0b-6ffc5d9e0fed/1/w5L3U8w9DvYrm3gKtN5L67YpgVk.roa
Signing time:             Tue 02 Jan 2024 00:29:37 +0000
ROA not before:           Tue 02 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6900
IP address blocks:        2a02:9f8:9000::/48 maxlen: 48
                          2a02:9f8:9000::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/3447dd-8dc4-405d-9c0b-6ffc5d9e0fed/1/lN7qVibZ6DJkDx7N9_i7clckCEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/3447dd-8dc4-405d-9c0b-6ffc5d9e0fed/1/lN7qVibZ6DJkDx7N9_i7clckCEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lN7qVibZ6DJkDx7N9_i7clckCEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:71:5d:db:52:32:d4:e2:59:0c:aa:a0:ff:3f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94deea5626d9e832640f1ecdf7f8bb7257240847
        Validity
            Not Before: Jan  2 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c392f753cc3d0ef62b9b780ab4de4bebb6298159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:24:f7:bc:6c:97:98:af:66:71:61:9c:d5:1c:
                    21:c7:42:2a:86:51:1e:c5:33:7d:41:20:fc:9c:da:
                    c2:84:f9:52:55:49:81:37:c2:47:22:5c:58:64:a0:
                    9e:68:86:fd:b4:b0:1e:fb:3a:fd:c7:e1:92:23:5f:
                    f5:97:64:7f:72:9b:30:67:fe:5f:ed:b6:23:2a:c2:
                    c5:98:b5:4e:5d:f1:14:9f:7f:8f:ab:08:6a:71:d0:
                    2b:65:64:3c:2d:89:f3:4a:20:ee:07:6c:19:08:02:
                    72:1f:08:7f:f7:81:38:41:db:ff:91:47:f1:a5:ca:
                    a6:7f:22:f1:10:b3:62:f6:6c:07:57:c2:af:e6:34:
                    58:75:1d:fc:eb:52:a5:b8:22:f7:04:bf:f7:ce:af:
                    4f:a5:a4:2a:45:71:c2:d3:8c:c8:8b:a0:49:31:3a:
                    bd:0a:01:d5:5b:de:7a:ae:d2:fa:7f:23:2d:b0:73:
                    62:10:6b:21:c1:ef:2d:65:3e:8d:7b:cd:05:ce:a2:
                    93:fc:09:af:6f:99:7e:76:a5:7e:59:f9:ad:54:21:
                    d9:1b:e2:2d:fc:74:86:d3:0d:e1:63:1e:8b:1d:7a:
                    66:7f:73:a3:67:be:27:d9:1c:7f:a1:8b:d5:d9:6c:
                    b2:bf:76:a1:b2:fd:d1:2e:f1:b6:13:e8:7d:ce:d2:
                    b1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:92:F7:53:CC:3D:0E:F6:2B:9B:78:0A:B4:DE:4B:EB:B6:29:81:59
            X509v3 Authority Key Identifier:
                keyid:94:DE:EA:56:26:D9:E8:32:64:0F:1E:CD:F7:F8:BB:72:57:24:08:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lN7qVibZ6DJkDx7N9_i7clckCEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/3447dd-8dc4-405d-9c0b-6ffc5d9e0fed/1/w5L3U8w9DvYrm3gKtN5L67YpgVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/3447dd-8dc4-405d-9c0b-6ffc5d9e0fed/1/lN7qVibZ6DJkDx7N9_i7clckCEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:9f8:9000::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:98:f7:45:4f:4c:cc:a5:b2:69:e4:ff:84:ae:23:3f:c1:86:
         c0:34:3d:8b:d1:88:07:0c:5f:e2:11:2f:62:00:36:49:9b:8f:
         06:eb:1c:d7:a2:91:fc:9d:ca:7c:fc:aa:df:dc:8d:29:bd:58:
         10:3f:57:28:e1:d1:57:cd:40:f9:8a:0a:22:8e:7c:25:58:fa:
         ee:e1:da:ab:c9:17:28:ba:27:fa:ac:ef:01:08:0e:99:e5:2b:
         64:6d:2e:b5:3a:b6:cc:57:f4:02:df:97:06:ad:2d:ab:6c:47:
         8e:89:e1:fa:9f:33:26:58:08:71:6c:37:3d:3a:16:3a:46:80:
         70:97:ff:2f:84:29:d0:4e:de:e0:a3:3d:20:66:b1:91:d5:0a:
         28:b8:7b:ee:cb:27:96:23:08:c4:65:2a:29:7f:11:3d:28:fd:
         1c:8a:c9:3b:ac:a9:f2:b2:a4:bc:9c:a9:7b:df:08:16:27:ad:
         a8:16:ee:72:e4:51:7d:58:c4:fb:2c:1f:c2:50:5c:83:54:fe:
         c5:e9:4d:81:5c:57:2d:53:49:ca:84:54:ad:f8:44:5b:91:9a:
         6a:66:37:a8:d3:9b:8a:76:63:50:ef:26:95:59:41:49:16:17:
         9e:67:41:de:67:34:d9:ac:c9:38:ae:31:5b:82:a4:b8:83:b6:
         b6:ae:f8:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk3Fd21Iy1OJZDKqg/z/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZGVlYTU2MjZkOWU4MzI2NDBmMWVjZGY3ZjhiYjcyNTcy
NDA4NDcwHhcNMjQwMTAyMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzkyZjc1M2NjM2QwZWY2MmI5Yjc4MGFiNGRlNGJlYmI2Mjk4MTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiT3vGyXmK9mcWGc1Rwhx0IqhlEe
xTN9QSD8nNrChPlSVUmBN8JHIlxYZKCeaIb9tLAe+zr9x+GSI1/1l2R/cpswZ/5f
7bYjKsLFmLVOXfEUn3+PqwhqcdArZWQ8LYnzSiDuB2wZCAJyHwh/94E4Qdv/kUfx
pcqmfyLxELNi9mwHV8Kv5jRYdR3861KluCL3BL/3zq9PpaQqRXHC04zIi6BJMTq9
CgHVW956rtL6fyMtsHNiEGshwe8tZT6Ne80FzqKT/Amvb5l+dqV+WfmtVCHZG+It
/HSG0w3hYx6LHXpmf3OjZ74n2Rx/oYvV2Wyyv3ahsv3RLvG2E+h9ztKx1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMOS91PMPQ72K5t4CrTeS+u2KYFZMB8GA1UdIwQY
MBaAFJTe6lYm2egyZA8ezff4u3JXJAhHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE43cVZpYlo2REprRHg3TjlfaTdjbGNrQ0VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8zNDQ3ZGQtOGRjNC00MDVkLTljMGIt
NmZmYzVkOWUwZmVkLzEvdzVMM1U4dzlEdllybTNnS3RONUw2N1lwZ1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8zNDQ3ZGQtOGRjNC00MDVkLTljMGItNmZmYzVkOWUwZmVk
LzEvbE43cVZpYlo2REprRHg3TjlfaTdjbGNrQ0VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgIJ+JAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6mPdFT0zMpbJp5P+EriM/wYbAND2L0YgHDF/i
ES9iADZJm48G6xzXopH8ncp8/Krf3I0pvVgQP1co4dFXzUD5igoijnwlWPru4dqr
yRcouif6rO8BCA6Z5StkbS61OrbMV/QC35cGrS2rbEeOieH6nzMmWAhxbDc9OhY6
RoBwl/8vhCnQTt7goz0gZrGR1QoouHvuyyeWIwjEZSopfxE9KP0cisk7rKnysqS8
nKl73wgWJ62oFu5y5FF9WMT7LB/CUFyDVP7F6U2BXFctU0nKhFSt+ERbkZpqZjeo
05uKdmNQ7yaVWUFJFheeZ0HeZzTZrMk4rjFbgqS4g7a2rvhD
-----END CERTIFICATE-----