Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/3U67JVDpA8mUTURSr9Algxuc0wo.roa
File:                     3U67JVDpA8mUTURSr9Algxuc0wo.roa (raw, json)
Hash identifier:          T4bRqefF4AWwXdi5sx0JkcVQWuufmzssf/q775taBhY=
Subject key identifier:   DD:4E:BB:25:50:E9:03:C9:94:4D:44:52:AF:D0:25:83:1B:9C:D3:0A
Certificate issuer:       /CN=785840e3a0f0474a4acce45ed5fc9cff77858d93
Certificate serial:       018CC6B80F7EF458B7E5B52CF204C00214F9
Authority key identifier: 78:58:40:E3:A0:F0:47:4A:4A:CC:E4:5E:D5:FC:9C:FF:77:85:8D:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/3U67JVDpA8mUTURSr9Algxuc0wo.roa
Signing time:             Mon 01 Jan 2024 20:30:00 +0000
ROA not before:           Mon 01 Jan 2024 20:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48329
IP address blocks:        2a10:9640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:0f:7e:f4:58:b7:e5:b5:2c:f2:04:c0:02:14:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785840e3a0f0474a4acce45ed5fc9cff77858d93
        Validity
            Not Before: Jan  1 20:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd4ebb2550e903c9944d4452afd025831b9cd30a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:36:88:e2:a9:22:45:68:ca:10:d9:02:dc:84:
                    8d:d8:f0:6d:7e:0e:42:e1:4a:cd:33:6b:4e:cf:7d:
                    f9:56:50:3f:3c:10:73:9c:c5:7b:d5:5d:54:ae:4c:
                    2f:39:d8:f9:76:6a:8d:79:eb:82:61:71:7d:44:91:
                    a4:b5:14:b8:4c:48:eb:52:b2:7d:8c:27:b0:61:b6:
                    77:10:92:19:b3:f2:b9:8d:04:56:1e:08:4f:38:dc:
                    19:00:fd:17:9a:8a:c4:85:c7:90:75:90:ee:68:82:
                    86:9c:cf:1d:bb:91:4d:cb:1e:37:e5:9d:d6:3e:76:
                    80:fa:65:2a:ce:44:16:bb:4a:9b:51:2f:73:94:f8:
                    1a:82:c8:a2:09:ae:54:83:2a:12:4a:81:3c:7b:68:
                    aa:dc:5b:19:23:13:8e:12:f5:36:36:74:9b:b9:48:
                    94:9d:ba:1b:4a:f4:cd:37:e3:39:3f:dc:51:0e:17:
                    58:97:8b:8f:44:62:c2:9c:9a:48:de:e9:8d:0b:ef:
                    1d:1d:d4:ec:cd:1f:0e:a6:bd:ca:db:ed:bd:b0:85:
                    36:63:95:43:ca:bc:4c:fa:0a:af:c6:9d:35:d2:1b:
                    9f:0c:26:97:e5:1a:e5:14:fc:66:26:17:46:db:b0:
                    cc:b9:df:de:77:97:8b:7b:fe:ff:85:a4:ca:ae:02:
                    55:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4E:BB:25:50:E9:03:C9:94:4D:44:52:AF:D0:25:83:1B:9C:D3:0A
            X509v3 Authority Key Identifier:
                keyid:78:58:40:E3:A0:F0:47:4A:4A:CC:E4:5E:D5:FC:9C:FF:77:85:8D:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/3U67JVDpA8mUTURSr9Algxuc0wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9640::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:67:28:09:26:43:aa:9a:8a:6c:24:14:9e:e3:07:45:f2:42:
         27:4f:4e:27:9f:92:eb:0f:5c:38:e9:aa:ca:23:cf:a1:19:fb:
         5f:b9:a2:f1:2f:5d:1d:b2:42:ea:f6:10:12:df:03:99:7f:0e:
         65:ff:70:0e:16:d8:c0:ad:9f:d9:f1:74:ad:d1:c0:cc:2c:a4:
         b7:9b:3c:b2:3f:07:d5:44:c8:bd:d7:49:fc:78:ce:4b:87:08:
         03:ba:f5:87:e8:f6:a9:ab:4c:a5:0a:cf:5b:1b:12:2b:de:2e:
         3d:1a:5b:06:44:fb:7c:a0:cb:94:e1:f2:26:04:ba:2c:ae:f4:
         2a:11:bb:4a:ec:b5:f0:99:9f:fd:83:9c:38:d1:c8:1c:ec:11:
         57:f2:87:25:7b:08:32:88:05:41:c9:bf:a9:c0:b1:f2:e9:2e:
         88:d3:5b:b2:95:67:c2:b6:ff:c0:1e:1c:30:94:a2:5c:74:08:
         e4:37:6f:26:93:52:cc:8c:ea:91:bb:0a:15:a2:00:f8:d6:fc:
         6a:c2:af:be:ac:14:5d:af:ca:e4:1f:9a:bd:9b:13:6b:81:4e:
         6c:5f:7f:98:ec:c5:68:79:86:48:e0:52:70:e5:ea:41:fb:00:
         47:9c:47:38:4c:07:50:fb:37:5d:ee:8f:23:7f:8c:7b:56:1e:
         6f:e8:92:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuA9+9Fi35bUs8gTAAhT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NTg0MGUzYTBmMDQ3NGE0YWNjZTQ1ZWQ1ZmM5Y2ZmNzc4
NThkOTMwHhcNMjQwMTAxMjAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRlYmIyNTUwZTkwM2M5OTQ0ZDQ0NTJhZmQwMjU4MzFiOWNkMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTaI4qkiRWjKENkC3ISN2PBtfg5C
4UrNM2tOz335VlA/PBBznMV71V1UrkwvOdj5dmqNeeuCYXF9RJGktRS4TEjrUrJ9
jCewYbZ3EJIZs/K5jQRWHghPONwZAP0XmorEhceQdZDuaIKGnM8du5FNyx435Z3W
PnaA+mUqzkQWu0qbUS9zlPgagsiiCa5UgyoSSoE8e2iq3FsZIxOOEvU2NnSbuUiU
nbobSvTNN+M5P9xRDhdYl4uPRGLCnJpI3umNC+8dHdTszR8Opr3K2+29sIU2Y5VD
yrxM+gqvxp010hufDCaX5RrlFPxmJhdG27DMud/ed5eLe/7/haTKrgJVOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN1OuyVQ6QPJlE1EUq/QJYMbnNMKMB8GA1UdIwQY
MBaAFHhYQOOg8EdKSszkXtX8nP93hY2TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUZoQTQ2RHdSMHBLek9SZTFmeWNfM2VGalpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xNDI2NjQtNGMzMy00NDJhLWI0MzIt
ZmFmYjEyYTE2YzMxLzEvM1U2N0pWRHBBOG1VVFVSU3I5QWxneHVjMHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xNDI2NjQtNGMzMy00NDJhLWI0MzItZmFmYjEyYTE2YzMx
LzEvZUZoQTQ2RHdSMHBLek9SZTFmeWNfM2VGalpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCWQDAN
BgkqhkiG9w0BAQsFAAOCAQEAAGcoCSZDqpqKbCQUnuMHRfJCJ09OJ5+S6w9cOOmq
yiPPoRn7X7mi8S9dHbJC6vYQEt8DmX8OZf9wDhbYwK2f2fF0rdHAzCykt5s8sj8H
1UTIvddJ/HjOS4cIA7r1h+j2qatMpQrPWxsSK94uPRpbBkT7fKDLlOHyJgS6LK70
KhG7Suy18Jmf/YOcONHIHOwRV/KHJXsIMogFQcm/qcCx8ukuiNNbspVnwrb/wB4c
MJSiXHQI5DdvJpNSzIzqkbsKFaIA+Nb8asKvvqwUXa/K5B+avZsTa4FObF9/mOzF
aHmGSOBScOXqQfsAR5xHOEwHUPs3Xe6PI3+Me1Yeb+iSKA==
-----END CERTIFICATE-----