Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/43afb6-0d21-4ff6-9863-bc517e121d54/1/P8ODf8vzcR8K4ktF0soWtKAOcmw.roa
File:                     P8ODf8vzcR8K4ktF0soWtKAOcmw.roa (raw, json)
Hash identifier:          9hHpQKB6ME6B+hROELvVA3QlvRmqofAAyMt7lulnAmo=
Subject key identifier:   3F:C3:83:7F:CB:F3:71:1F:0A:E2:4B:45:D2:CA:16:B4:A0:0E:72:6C
Certificate issuer:       /CN=89f4c7873b7fea49ff6eb90d502c1dbc3a5f8c33
Certificate serial:       018CC8DE4C0C66848391B27511334A64F69F
Authority key identifier: 89:F4:C7:87:3B:7F:EA:49:FF:6E:B9:0D:50:2C:1D:BC:3A:5F:8C:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ifTHhzt_6kn_brkNUCwdvDpfjDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/43afb6-0d21-4ff6-9863-bc517e121d54/1/P8ODf8vzcR8K4ktF0soWtKAOcmw.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31655
IP address blocks:        2a03:15c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/43afb6-0d21-4ff6-9863-bc517e121d54/1/ifTHhzt_6kn_brkNUCwdvDpfjDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/43afb6-0d21-4ff6-9863-bc517e121d54/1/ifTHhzt_6kn_brkNUCwdvDpfjDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ifTHhzt_6kn_brkNUCwdvDpfjDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4c:0c:66:84:83:91:b2:75:11:33:4a:64:f6:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89f4c7873b7fea49ff6eb90d502c1dbc3a5f8c33
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fc3837fcbf3711f0ae24b45d2ca16b4a00e726c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f1:80:9e:92:66:05:99:76:62:fd:91:ac:98:
                    d2:56:07:d1:93:93:80:01:c4:7e:73:17:2e:c4:34:
                    fc:08:b9:8e:6e:cc:79:6e:3b:73:8c:13:89:d5:63:
                    69:ae:84:3e:96:98:aa:6f:b0:94:94:7d:e4:28:4b:
                    b5:ea:36:8d:6d:57:e4:45:9b:69:f8:88:54:fe:76:
                    92:21:41:6e:52:b1:13:77:22:a6:0c:44:c6:0f:1f:
                    15:b2:20:58:96:3d:8e:88:a1:d3:5d:38:33:9a:95:
                    2f:8d:f3:d8:d1:3e:fb:83:ba:90:5c:ed:2a:62:35:
                    52:c2:cd:88:7f:09:1b:7c:6c:1c:c9:7c:8b:bd:13:
                    2d:c0:28:09:bf:6d:86:d8:95:a1:15:a1:06:9e:a9:
                    15:aa:a9:ba:4a:bc:55:82:6d:35:74:4b:e1:a6:cd:
                    82:1c:b7:b1:fb:1f:70:7a:dc:c7:12:04:40:5d:ac:
                    51:cb:ff:9a:16:88:44:49:f4:05:12:0e:15:c5:73:
                    be:4d:a9:dc:ea:08:21:6d:30:54:b8:0f:a5:5d:ce:
                    8c:f9:3f:d8:ba:61:d1:77:77:81:d2:4a:04:54:1b:
                    b7:ce:17:ea:a5:de:86:9b:1e:d8:84:5c:38:68:95:
                    a1:8e:75:2a:ea:ca:fa:50:b3:f1:b3:d7:1c:8c:60:
                    f2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C3:83:7F:CB:F3:71:1F:0A:E2:4B:45:D2:CA:16:B4:A0:0E:72:6C
            X509v3 Authority Key Identifier:
                keyid:89:F4:C7:87:3B:7F:EA:49:FF:6E:B9:0D:50:2C:1D:BC:3A:5F:8C:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ifTHhzt_6kn_brkNUCwdvDpfjDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/43afb6-0d21-4ff6-9863-bc517e121d54/1/P8ODf8vzcR8K4ktF0soWtKAOcmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/43afb6-0d21-4ff6-9863-bc517e121d54/1/ifTHhzt_6kn_brkNUCwdvDpfjDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:15c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:51:c4:76:ae:48:d6:9b:62:c9:e6:fc:38:85:f5:94:21:08:
         ec:23:85:5c:4b:e3:bd:17:b3:9c:9d:c2:0b:98:04:cf:e0:95:
         68:a1:00:4d:ee:4c:6d:1b:4f:a3:f6:cd:bb:a2:ae:ee:b5:71:
         e2:91:26:6c:b4:1a:71:f3:a0:d2:bb:e2:72:92:c9:9d:3c:eb:
         24:39:a0:b4:f0:e3:24:ec:95:d0:ab:92:71:db:1d:09:a3:66:
         d6:c7:58:28:b3:44:02:e6:36:78:4d:85:1a:9d:82:5f:08:c9:
         77:fb:fa:8f:1c:72:c1:33:c6:70:09:42:d7:0e:42:c1:0f:f8:
         53:9b:0d:86:8c:d2:71:16:35:56:a3:7b:98:17:01:2e:e6:13:
         51:39:e1:58:fb:0e:17:ee:f0:3d:7a:8b:5e:79:5b:71:14:9b:
         9e:52:51:60:5a:48:31:3e:80:26:95:36:91:13:99:15:d4:3a:
         75:fd:4c:51:6f:05:2f:10:5b:e0:fc:68:bb:37:7f:28:f9:1f:
         16:3d:3e:b2:72:a6:5d:ce:03:f1:f3:31:25:67:ef:74:67:39:
         90:de:85:c9:0e:5f:fc:ba:0b:4f:70:16:28:4e:49:ed:71:d4:
         80:af:1e:31:31:a6:5e:36:b9:33:b6:38:e2:85:51:09:b4:61:
         0b:12:55:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3kwMZoSDkbJ1ETNKZPafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZjRjNzg3M2I3ZmVhNDlmZjZlYjkwZDUwMmMxZGJjM2E1
ZjhjMzMwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmMzODM3ZmNiZjM3MTFmMGFlMjRiNDVkMmNhMTZiNGEwMGU3MjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfGAnpJmBZl2Yv2RrJjSVgfRk5OA
AcR+cxcuxDT8CLmObsx5bjtzjBOJ1WNproQ+lpiqb7CUlH3kKEu16jaNbVfkRZtp
+IhU/naSIUFuUrETdyKmDETGDx8VsiBYlj2OiKHTXTgzmpUvjfPY0T77g7qQXO0q
YjVSws2IfwkbfGwcyXyLvRMtwCgJv22G2JWhFaEGnqkVqqm6SrxVgm01dEvhps2C
HLex+x9wetzHEgRAXaxRy/+aFohESfQFEg4VxXO+Tanc6gghbTBUuA+lXc6M+T/Y
umHRd3eB0koEVBu3zhfqpd6Gmx7YhFw4aJWhjnUq6sr6ULPxs9ccjGDykQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD/Dg3/L83EfCuJLRdLKFrSgDnJsMB8GA1UdIwQY
MBaAFIn0x4c7f+pJ/265DVAsHbw6X4wzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWZUSGh6dF82a25fYnJrTlVDd2R2RHBmakRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80M2FmYjYtMGQyMS00ZmY2LTk4NjMt
YmM1MTdlMTIxZDU0LzEvUDhPRGY4dnpjUjhLNGt0RjBzb1d0S0FPY213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80M2FmYjYtMGQyMS00ZmY2LTk4NjMtYmM1MTdlMTIxZDU0
LzEvaWZUSGh6dF82a25fYnJrTlVDd2R2RHBmakRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMVwDAN
BgkqhkiG9w0BAQsFAAOCAQEAoVHEdq5I1ptiyeb8OIX1lCEI7COFXEvjvReznJ3C
C5gEz+CVaKEATe5MbRtPo/bNu6Ku7rVx4pEmbLQacfOg0rvicpLJnTzrJDmgtPDj
JOyV0KuScdsdCaNm1sdYKLNEAuY2eE2FGp2CXwjJd/v6jxxywTPGcAlC1w5CwQ/4
U5sNhozScRY1VqN7mBcBLuYTUTnhWPsOF+7wPXqLXnlbcRSbnlJRYFpIMT6AJpU2
kROZFdQ6df1MUW8FLxBb4Pxouzd/KPkfFj0+snKmXc4D8fMxJWfvdGc5kN6FyQ5f
/LoLT3AWKE5J7XHUgK8eMTGmXja5M7Y44oVRCbRhCxJVQg==
-----END CERTIFICATE-----