Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/IREguOomczhl9YfxG5YSPsPS_W4.roa
File:                     IREguOomczhl9YfxG5YSPsPS_W4.roa (raw, json)
Hash identifier:          m+QuBZtjdNzVFKgBcYUiD1amQA/uKQDQ+l8NlyxETzA=
Subject key identifier:   21:11:20:B8:EA:26:73:38:65:F5:87:F1:1B:96:12:3E:C3:D2:FD:6E
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       018CC79556CF262C20409F0AA43B2BA74AA6
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/IREguOomczhl9YfxG5YSPsPS_W4.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200299
IP address blocks:        2a04:ff00:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:56:cf:26:2c:20:40:9f:0a:a4:3b:2b:a7:4a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=211120b8ea26733865f587f11b96123ec3d2fd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:61:57:95:67:61:a0:ce:cd:7e:8a:06:59:97:
                    a2:5c:49:4f:79:d0:96:e1:28:5d:91:cd:ad:c4:9f:
                    fc:25:cb:c9:bd:ec:47:14:1c:1f:24:6c:d3:e9:7b:
                    b3:4c:53:4c:12:38:41:66:c1:b5:58:9f:05:1e:fa:
                    e1:d6:55:3f:42:aa:1e:8c:1d:0d:c7:3b:91:81:12:
                    db:9c:41:c0:a2:36:8c:29:61:bd:13:b7:83:d4:b3:
                    da:67:76:ad:30:05:b9:e9:d0:d2:9f:61:47:c5:c5:
                    13:29:9a:1e:25:25:e1:b7:99:51:f1:58:af:d2:0a:
                    0c:06:13:47:a3:82:cd:9b:ef:23:e0:e3:fd:9b:05:
                    71:a5:96:35:e3:2d:6d:a3:06:d2:10:e3:d3:69:bd:
                    97:ee:ea:37:3e:21:fb:5d:34:6b:21:9d:48:fd:f2:
                    d7:f9:02:7f:cc:93:f2:74:f0:36:c1:12:9f:22:b1:
                    2f:29:b5:1c:4e:64:3b:aa:eb:a4:2e:c8:d3:0e:f9:
                    2b:34:56:ea:17:30:ab:e3:11:26:1c:54:14:fc:47:
                    1f:13:d4:b4:20:45:84:c4:0a:1c:ee:d1:0d:c9:f5:
                    ac:16:0b:ad:d5:42:6a:26:0e:45:63:95:63:13:ab:
                    bf:2f:7c:10:4b:33:a0:70:eb:3b:bf:8e:90:1e:40:
                    c8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:11:20:B8:EA:26:73:38:65:F5:87:F1:1B:96:12:3E:C3:D2:FD:6E
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/IREguOomczhl9YfxG5YSPsPS_W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:54:8e:a5:55:b3:36:3c:9c:5a:3e:29:3b:24:16:25:6b:09:
         9b:4c:b6:28:25:fe:7d:26:2f:ba:c1:7e:aa:45:54:18:83:55:
         aa:d8:1c:b3:5d:aa:3b:5e:e4:8e:34:c2:df:cd:46:b6:1e:55:
         27:65:93:bf:b3:fa:56:4f:b7:b4:8b:2b:bb:56:98:41:a4:85:
         bc:ca:87:bc:1d:20:37:fa:0b:0c:12:92:f3:56:f6:72:8a:e0:
         c7:95:e2:ca:75:a3:a1:ab:e2:91:7b:88:96:94:ed:7a:f3:6e:
         fb:cf:13:dc:45:02:b7:8e:c9:53:60:02:b9:f0:05:63:01:17:
         d7:3d:fe:28:2e:21:05:01:19:a1:be:9b:1f:9c:93:52:d7:cf:
         fe:14:1c:47:1d:7c:44:b4:9d:58:d9:24:8c:68:33:36:ff:3f:
         57:6e:b1:3b:40:21:06:80:e7:3b:c9:0a:85:4f:bf:f4:84:f3:
         fe:73:2f:93:ed:5e:84:15:46:cb:f9:83:91:84:5b:20:c8:26:
         a4:70:80:71:8d:5b:c6:98:4a:b0:dd:13:60:c9:11:94:a3:31:
         1f:8c:bf:e5:ff:e1:ce:64:b2:26:27:75:ce:9c:27:42:b2:d0:
         f7:a3:4d:13:30:31:93:73:5b:29:fe:9f:53:a7:13:fd:d4:8a:
         0a:4d:78:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlVbPJiwgQJ8KpDsrp0qmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTExMjBiOGVhMjY3MzM4NjVmNTg3ZjExYjk2MTIzZWMzZDJmZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmFXlWdhoM7NfooGWZeiXElPedCW
4Shdkc2txJ/8JcvJvexHFBwfJGzT6XuzTFNMEjhBZsG1WJ8FHvrh1lU/QqoejB0N
xzuRgRLbnEHAojaMKWG9E7eD1LPaZ3atMAW56dDSn2FHxcUTKZoeJSXht5lR8Viv
0goMBhNHo4LNm+8j4OP9mwVxpZY14y1towbSEOPTab2X7uo3PiH7XTRrIZ1I/fLX
+QJ/zJPydPA2wRKfIrEvKbUcTmQ7quukLsjTDvkrNFbqFzCr4xEmHFQU/EcfE9S0
IEWExAoc7tENyfWsFgut1UJqJg5FY5VjE6u/L3wQSzOgcOs7v46QHkDIEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCERILjqJnM4ZfWH8RuWEj7D0v1uMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvSVJFZ3VPb21jemhsOVlmeEc1WVNQc1BTX1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgT/ALAL
MA0GCSqGSIb3DQEBCwUAA4IBAQAFVI6lVbM2PJxaPik7JBYlawmbTLYoJf59Ji+6
wX6qRVQYg1Wq2ByzXao7XuSONMLfzUa2HlUnZZO/s/pWT7e0iyu7VphBpIW8yoe8
HSA3+gsMEpLzVvZyiuDHleLKdaOhq+KRe4iWlO168277zxPcRQK3jslTYAK58AVj
ARfXPf4oLiEFARmhvpsfnJNS18/+FBxHHXxEtJ1Y2SSMaDM2/z9XbrE7QCEGgOc7
yQqFT7/0hPP+cy+T7V6EFUbL+YORhFsgyCakcIBxjVvGmEqw3RNgyRGUozEfjL/l
/+HOZLImJ3XOnCdCstD3o00TMDGTc1sp/p9TpxP91IoKTXgU
-----END CERTIFICATE-----