Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/26b4e2-caa0-48a3-8117-7d593033d005/1/R55O6GrI9dEow3zVRMqpT_u3l9A.roa
File:                     R55O6GrI9dEow3zVRMqpT_u3l9A.roa (raw, json)
Hash identifier:          7K49bZPdIgV8V2lQsa+XxhGNxxe8C5ANphSLl+Y8AJA=
Subject key identifier:   47:9E:4E:E8:6A:C8:F5:D1:28:C3:7C:D5:44:CA:A9:4F:FB:B7:97:D0
Certificate issuer:       /CN=71602627679a4980b70d8ade578f14192fafeb95
Certificate serial:       018CC5DC6129756444920A6EBE7952E0B889
Authority key identifier: 71:60:26:27:67:9A:49:80:B7:0D:8A:DE:57:8F:14:19:2F:AF:EB:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cWAmJ2eaSYC3DYreV48UGS-v65U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/26b4e2-caa0-48a3-8117-7d593033d005/1/R55O6GrI9dEow3zVRMqpT_u3l9A.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42352
IP address blocks:        2a07:76c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/26b4e2-caa0-48a3-8117-7d593033d005/1/cWAmJ2eaSYC3DYreV48UGS-v65U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/26b4e2-caa0-48a3-8117-7d593033d005/1/cWAmJ2eaSYC3DYreV48UGS-v65U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cWAmJ2eaSYC3DYreV48UGS-v65U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:61:29:75:64:44:92:0a:6e:be:79:52:e0:b8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71602627679a4980b70d8ade578f14192fafeb95
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=479e4ee86ac8f5d128c37cd544caa94ffbb797d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:87:0e:84:5c:e4:77:13:a6:e9:cb:b6:55:c9:
                    62:36:8b:d0:04:ac:d7:0c:79:81:e6:be:b1:d1:30:
                    1e:7e:eb:1f:d1:59:3a:53:bc:22:db:d6:90:fe:3c:
                    aa:cf:5e:47:5c:97:53:a4:79:bc:7e:d2:54:f3:e0:
                    29:ed:ce:e1:7c:b5:98:96:68:86:28:b9:3a:86:78:
                    a6:8d:83:e6:2c:c0:fd:fc:99:c8:ff:d9:bc:33:ad:
                    f6:3f:b6:d7:0f:fa:f5:2c:bb:de:21:db:3e:e0:4a:
                    c7:59:d4:32:03:e8:f9:1b:be:1e:af:e7:c5:59:95:
                    a6:89:d9:8c:db:f9:de:f3:57:bd:6c:6b:f2:d2:98:
                    26:29:67:26:81:41:8f:a8:3f:0d:a8:9a:b5:ef:e9:
                    78:a2:59:9a:cd:27:a1:41:1b:49:a5:75:f5:4f:9b:
                    3c:06:ec:70:a3:94:b2:6a:8e:49:f8:4a:75:4c:9b:
                    2a:f3:76:a9:77:48:eb:d9:ba:2b:1f:75:e0:74:b9:
                    bb:76:7a:28:df:cc:18:eb:dc:c3:9b:b7:0f:9c:87:
                    a1:5d:9a:42:17:3b:3e:10:5c:12:25:8e:08:0b:74:
                    9c:f7:c4:59:a6:15:0f:e2:9e:d5:fa:d9:98:7f:67:
                    7c:48:fe:66:19:6f:9b:b9:27:ba:63:4c:8f:de:ef:
                    75:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:9E:4E:E8:6A:C8:F5:D1:28:C3:7C:D5:44:CA:A9:4F:FB:B7:97:D0
            X509v3 Authority Key Identifier:
                keyid:71:60:26:27:67:9A:49:80:B7:0D:8A:DE:57:8F:14:19:2F:AF:EB:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cWAmJ2eaSYC3DYreV48UGS-v65U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/26b4e2-caa0-48a3-8117-7d593033d005/1/R55O6GrI9dEow3zVRMqpT_u3l9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/26b4e2-caa0-48a3-8117-7d593033d005/1/cWAmJ2eaSYC3DYreV48UGS-v65U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:76c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:f9:72:ba:4b:8f:34:92:1b:83:ab:07:d6:69:a5:39:29:74:
         d2:ac:e7:5a:d4:4f:ac:13:00:9f:23:b6:d5:2d:cf:98:20:bc:
         8a:7c:7a:f7:5f:db:d5:0f:49:25:ff:09:73:08:ef:7c:ab:72:
         1f:ee:d9:6e:f6:4c:cb:f3:22:20:21:1b:a8:43:a5:be:ab:3c:
         24:7a:7b:6a:e1:55:aa:71:66:88:30:68:52:68:78:48:a4:68:
         bf:0d:03:67:53:f4:f6:cd:53:a1:c1:0f:ba:3c:5a:4c:66:dc:
         25:30:47:1e:07:6b:55:f1:bd:5b:53:52:d0:b7:44:e4:21:21:
         2f:5d:b7:77:80:08:d7:af:9e:66:0a:6c:cd:d1:fa:df:bd:77:
         5d:fb:91:53:5a:03:4b:2b:0f:a2:a4:27:7f:33:68:7c:3e:9a:
         52:b9:28:a8:48:2c:18:06:73:8c:b2:f1:d1:ae:3e:7b:89:67:
         37:3b:db:df:22:17:69:32:bb:2d:c1:47:0e:82:d9:0a:a7:f8:
         8d:2d:38:aa:64:32:d4:88:b1:9e:70:4a:1e:34:3e:f6:eb:48:
         b7:b0:35:a0:cb:44:ab:bd:25:4c:ca:e7:33:65:39:3f:f5:01:
         46:8d:19:0b:1b:a5:83:d1:dc:39:3b:1d:b5:a3:ea:02:44:5b:
         4e:c6:49:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3GEpdWREkgpuvnlS4LiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNjAyNjI3Njc5YTQ5ODBiNzBkOGFkZTU3OGYxNDE5MmZh
ZmViOTUwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzllNGVlODZhYzhmNWQxMjhjMzdjZDU0NGNhYTk0ZmZiYjc5N2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4cOhFzkdxOm6cu2VcliNovQBKzX
DHmB5r6x0TAefusf0Vk6U7wi29aQ/jyqz15HXJdTpHm8ftJU8+Ap7c7hfLWYlmiG
KLk6hnimjYPmLMD9/JnI/9m8M632P7bXD/r1LLveIds+4ErHWdQyA+j5G74er+fF
WZWmidmM2/ne81e9bGvy0pgmKWcmgUGPqD8NqJq17+l4olmazSehQRtJpXX1T5s8
Buxwo5Syao5J+Ep1TJsq83apd0jr2borH3XgdLm7dnoo38wY69zDm7cPnIehXZpC
Fzs+EFwSJY4IC3Sc98RZphUP4p7V+tmYf2d8SP5mGW+buSe6Y0yP3u915wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEeeTuhqyPXRKMN81UTKqU/7t5fQMB8GA1UdIwQY
MBaAFHFgJidnmkmAtw2K3lePFBkvr+uVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1dBbUoyZWFTWUMzRFlyZVY0OFVHUy12NjVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yNmI0ZTItY2FhMC00OGEzLTgxMTct
N2Q1OTMwMzNkMDA1LzEvUjU1TzZHckk5ZEVvdzN6VlJNcXBUX3UzbDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yNmI0ZTItY2FhMC00OGEzLTgxMTctN2Q1OTMwMzNkMDA1
LzEvY1dBbUoyZWFTWUMzRFlyZVY0OFVHUy12NjVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgd2wAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQA5+XK6S480khuDqwfWaaU5KXTSrOda1E+sEwCf
I7bVLc+YILyKfHr3X9vVD0kl/wlzCO98q3If7tlu9kzL8yIgIRuoQ6W+qzwkentq
4VWqcWaIMGhSaHhIpGi/DQNnU/T2zVOhwQ+6PFpMZtwlMEceB2tV8b1bU1LQt0Tk
ISEvXbd3gAjXr55mCmzN0frfvXdd+5FTWgNLKw+ipCd/M2h8PppSuSioSCwYBnOM
svHRrj57iWc3O9vfIhdpMrstwUcOgtkKp/iNLTiqZDLUiLGecEoeND7260i3sDWg
y0SrvSVMyuczZTk/9QFGjRkLG6WD0dw5Ox21o+oCRFtOxkmy
-----END CERTIFICATE-----