Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/46Az8scpD6TVDTBbwyi3z6jW8jk.roa
File:                     46Az8scpD6TVDTBbwyi3z6jW8jk.roa (raw, json)
Hash identifier:          6YpWxwSOJjA2gXHo8/YKsD/E7b6hMhH33IgDNcckVr4=
Subject key identifier:   E3:A0:33:F2:C7:29:0F:A4:D5:0D:30:5B:C3:28:B7:CF:A8:D6:F2:39
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B4602CC500311E8BD5A0DB616B110
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/46Az8scpD6TVDTBbwyi3z6jW8jk.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        2a0f:7880:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:46:02:cc:50:03:11:e8:bd:5a:0d:b6:16:b1:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3a033f2c7290fa4d50d305bc328b7cfa8d6f239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c8:b1:7d:3f:3c:c0:ff:03:bc:c1:92:d5:fd:
                    1d:48:25:af:8c:a3:bb:a0:70:9e:79:a3:e0:75:0c:
                    0e:71:a3:a0:57:4c:1a:69:ab:32:7d:35:ac:e9:79:
                    90:eb:74:07:43:f1:40:13:30:33:b5:cc:9c:ed:44:
                    b5:6e:01:b2:9e:61:60:05:f6:a3:51:bc:b3:4a:ec:
                    5e:43:0f:d5:50:c3:a1:4b:a0:bb:7b:db:16:70:99:
                    b3:35:cb:f5:c3:a9:f2:31:a9:df:fc:c9:ae:84:b2:
                    22:6e:c4:e9:6d:3c:50:92:7a:93:80:3f:36:38:fa:
                    24:ae:d0:a6:d9:99:f7:ee:79:48:05:d7:e8:70:38:
                    54:30:eb:70:96:ae:56:73:ef:a9:77:8f:2c:dc:80:
                    65:8b:30:6e:cc:0f:47:14:85:7d:0c:ad:11:10:81:
                    9e:5a:43:9c:fd:dd:33:59:da:a8:e2:06:58:99:bc:
                    27:ba:f0:10:bd:d6:22:f0:08:05:d0:e2:9b:4c:e6:
                    bf:44:cd:a3:37:f5:e2:2a:33:d7:d9:81:79:6f:5d:
                    ed:99:eb:7f:eb:16:d6:ad:01:4b:ea:30:0c:21:68:
                    ad:d2:f2:2c:9c:0c:3e:30:4b:c3:a7:bb:61:bc:29:
                    94:bf:47:8c:f0:e2:8c:ee:2e:00:e3:5f:7d:82:7b:
                    be:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A0:33:F2:C7:29:0F:A4:D5:0D:30:5B:C3:28:B7:CF:A8:D6:F2:39
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/46Az8scpD6TVDTBbwyi3z6jW8jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7880:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         7a:1a:36:ab:8e:ca:cf:96:37:7c:09:fa:f4:1e:ac:73:d7:e5:
         e5:71:c3:40:cf:a9:2f:53:81:e2:7e:30:65:ff:0d:1f:90:53:
         8e:2c:c9:bc:83:89:8d:c3:05:f9:fa:d3:3a:0b:ab:f5:b5:a4:
         8a:b9:3b:68:b7:61:7a:5d:ed:01:1a:38:6b:3f:23:56:1a:ad:
         be:47:08:aa:8c:ec:a4:1b:91:8e:32:0c:c0:31:c5:d1:25:15:
         0c:d5:71:1a:7c:ff:52:57:ac:09:f2:0f:a2:f5:b4:d0:35:63:
         15:29:a7:e2:4c:1b:8d:da:3e:f3:b6:ca:c6:4c:85:d5:24:90:
         fc:50:0d:86:42:02:96:82:a0:c8:22:11:85:55:01:0f:c1:04:
         0d:15:9c:9c:e9:9a:1c:69:b4:27:65:dc:0a:75:67:3b:d3:3a:
         95:32:aa:fb:27:35:29:cc:7b:1f:d7:c4:e1:d2:7b:9d:8c:32:
         a2:07:18:96:b5:7b:97:0c:f7:af:58:e3:4b:70:d9:08:1a:8b:
         73:6f:ad:6a:7d:3f:f7:6d:5c:72:32:97:d6:94:98:0c:5b:39:
         8a:21:cc:90:57:70:2a:2b:d6:94:ee:d6:78:f4:ef:38:e6:3b:
         bb:e4:97:f0:95:d3:d3:a6:10:9b:11:44:57:2a:73:a6:4b:02:
         2c:be:8e:94
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKK0YCzFADEei9Wg22FrEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2EwMzNmMmM3MjkwZmE0ZDUwZDMwNWJjMzI4YjdjZmE4ZDZmMjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8ixfT88wP8DvMGS1f0dSCWvjKO7
oHCeeaPgdQwOcaOgV0waaasyfTWs6XmQ63QHQ/FAEzAztcyc7US1bgGynmFgBfaj
UbyzSuxeQw/VUMOhS6C7e9sWcJmzNcv1w6nyManf/MmuhLIibsTpbTxQknqTgD82
OPokrtCm2Zn37nlIBdfocDhUMOtwlq5Wc++pd48s3IBlizBuzA9HFIV9DK0REIGe
WkOc/d0zWdqo4gZYmbwnuvAQvdYi8AgF0OKbTOa/RM2jN/XiKjPX2YF5b13tmet/
6xbWrQFL6jAMIWit0vIsnAw+MEvDp7thvCmUv0eM8OKM7i4A4199gnu+/QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOOgM/LHKQ+k1Q0wW8Mot8+o1vI5MB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvNDZBejhzY3BENlRWRFRCYnd5aTN6NmpXOGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94gAEw
DQYJKoZIhvcNAQELBQADggEBAHoaNquOys+WN3wJ+vQerHPX5eVxw0DPqS9TgeJ+
MGX/DR+QU44sybyDiY3DBfn60zoLq/W1pIq5O2i3YXpd7QEaOGs/I1Yarb5HCKqM
7KQbkY4yDMAxxdElFQzVcRp8/1JXrAnyD6L1tNA1YxUpp+JMG43aPvO2ysZMhdUk
kPxQDYZCApaCoMgiEYVVAQ/BBA0VnJzpmhxptCdl3Ap1ZzvTOpUyqvsnNSnMex/X
xOHSe52MMqIHGJa1e5cM969Y40tw2Qgai3NvrWp9P/dtXHIyl9aUmAxbOYohzJBX
cCor1pTu1nj07zjmO7vkl/CV09OmEJsRRFcqc6ZLAiy+jpQ=
-----END CERTIFICATE-----