Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/rLJBW-lVLAhd5TXpRwsmdfXF2_E.roa
File:                     rLJBW-lVLAhd5TXpRwsmdfXF2_E.roa (raw, json)
Hash identifier:          wnWD+7jtLO15EQ/RITt2PLn50YkBXJMnrr6YS0mhGXM=
Subject key identifier:   AC:B2:41:5B:E9:55:2C:08:5D:E5:35:E9:47:0B:26:75:F5:C5:DB:F1
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94A8AC6DCA20048EB012221CFFF38
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/rLJBW-lVLAhd5TXpRwsmdfXF2_E.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47172
IP address blocks:        2a03:f85:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4a:8a:c6:dc:a2:00:48:eb:01:22:21:cf:ff:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acb2415be9552c085de535e9470b2675f5c5dbf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d7:2c:df:07:5d:9d:61:93:bd:b0:e0:b1:59:
                    d1:d1:f4:9e:fe:f6:a8:8a:ac:85:c6:dc:98:7f:7b:
                    18:3a:f6:d5:5e:df:fb:80:07:cb:48:83:06:d6:e1:
                    98:e4:66:96:fd:d7:e5:44:81:d4:3b:5f:fd:bd:57:
                    8d:44:f9:d2:c8:7f:b1:e2:f5:b9:f6:b7:aa:48:92:
                    b2:86:c7:7a:5e:2f:03:73:34:68:ce:a9:46:8a:ac:
                    f4:4e:0a:b6:dd:2c:86:8b:69:1d:cd:ee:ec:ec:08:
                    2d:82:aa:27:ad:9f:7a:7e:98:26:a8:e1:65:4d:a6:
                    f5:1c:00:9c:27:dd:ed:de:27:1e:f8:d1:46:17:cf:
                    b6:f1:52:41:67:8a:e3:75:36:07:2c:a3:d9:f9:67:
                    58:b1:c8:36:2d:f7:b6:f7:99:2f:61:94:5f:b1:51:
                    8c:f1:5f:da:52:c1:fe:17:d8:5f:23:96:f2:be:6a:
                    76:96:84:d4:57:d4:85:39:6a:02:26:5e:71:ae:c8:
                    b3:6e:f5:3d:8e:87:e9:fe:07:c1:64:73:4b:84:20:
                    cd:5f:6d:85:ff:83:28:ce:0c:76:70:90:80:12:b7:
                    bc:a5:ad:40:ba:27:fd:33:27:d5:e6:36:bf:00:75:
                    37:66:98:71:d9:f9:0b:4c:2e:ea:b4:48:5c:88:dc:
                    82:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:B2:41:5B:E9:55:2C:08:5D:E5:35:E9:47:0B:26:75:F5:C5:DB:F1
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/rLJBW-lVLAhd5TXpRwsmdfXF2_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:02:55:75:cf:b7:3f:ee:51:8f:d3:de:ce:c1:c4:7a:c1:e5:
         ac:8b:4b:15:1d:74:49:bf:82:35:38:42:e2:fa:da:01:65:7c:
         7c:3a:ce:f3:46:1e:7d:93:e0:e4:bd:43:40:af:47:25:a4:b6:
         e8:65:21:33:02:3d:e8:14:99:83:8e:91:cd:15:76:c2:3e:22:
         87:84:9f:3c:25:18:22:ae:83:46:c7:81:f7:23:e1:26:43:2c:
         1a:b7:e9:84:42:0b:8b:4a:b0:43:83:5c:c3:d3:ac:20:f2:17:
         3a:4b:cf:ec:b1:8c:cb:42:c5:a1:16:ac:85:19:22:7d:c9:8f:
         ea:76:2e:28:11:62:55:c0:eb:4c:ea:ab:a2:f7:93:22:e4:02:
         9f:1e:33:3d:0c:9f:03:9d:44:07:a8:34:48:e3:c8:18:29:b3:
         c8:68:b1:a5:a2:5c:70:ea:d9:1c:e8:7a:6e:22:72:34:f0:bd:
         72:71:89:4c:da:b0:d1:99:f6:55:7b:8d:97:0b:06:a1:66:60:
         c4:5d:56:78:26:be:32:99:6e:b1:ff:6d:b5:20:b1:b7:e3:66:
         73:35:6e:d4:39:4d:eb:2a:02:a3:ef:f0:c0:af:c5:3a:62:88:
         38:2d:89:47:34:13:d0:21:04:f0:f4:84:49:57:ee:39:a4:8f:
         59:17:11:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuUqKxtyiAEjrASIhz/84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2IyNDE1YmU5NTUyYzA4NWRlNTM1ZTk0NzBiMjY3NWY1YzVkYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9cs3wddnWGTvbDgsVnR0fSe/vao
iqyFxtyYf3sYOvbVXt/7gAfLSIMG1uGY5GaW/dflRIHUO1/9vVeNRPnSyH+x4vW5
9reqSJKyhsd6Xi8DczRozqlGiqz0Tgq23SyGi2kdze7s7AgtgqonrZ96fpgmqOFl
Tab1HACcJ93t3ice+NFGF8+28VJBZ4rjdTYHLKPZ+WdYscg2Lfe295kvYZRfsVGM
8V/aUsH+F9hfI5byvmp2loTUV9SFOWoCJl5xrsizbvU9jofp/gfBZHNLhCDNX22F
/4Mozgx2cJCAEre8pa1Auif9MyfV5ja/AHU3Zphx2fkLTC7qtEhciNyCZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKyyQVvpVSwIXeU16UcLJnX1xdvxMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvckxKQlctbFZMQWhkNVRYcFJ3c21kZlhGMl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBsAlV1z7c/7lGP097OwcR6weWsi0sVHXRJv4I1
OELi+toBZXx8Os7zRh59k+DkvUNAr0clpLboZSEzAj3oFJmDjpHNFXbCPiKHhJ88
JRgiroNGx4H3I+EmQywat+mEQguLSrBDg1zD06wg8hc6S8/ssYzLQsWhFqyFGSJ9
yY/qdi4oEWJVwOtM6qui95Mi5AKfHjM9DJ8DnUQHqDRI48gYKbPIaLGlolxw6tkc
6HpuInI08L1ycYlM2rDRmfZVe42XCwahZmDEXVZ4Jr4ymW6x/221ILG342ZzNW7U
OU3rKgKj7/DAr8U6Yog4LYlHNBPQIQTw9IRJV+45pI9ZFxGn
-----END CERTIFICATE-----