Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/_bBDK1nUQdsI5Vhj546N3ABb9f8.roa
File:                     _bBDK1nUQdsI5Vhj546N3ABb9f8.roa (raw, json)
Hash identifier:          8TWPO4hI51cVFijwej2pk6cT1UBE6HMej65AQk5QpzU=
Subject key identifier:   FD:B0:43:2B:59:D4:41:DB:08:E5:58:63:E7:8E:8D:DC:00:5B:F5:FF
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       018CC79558674128796FA26E3E400FB7FF65
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/_bBDK1nUQdsI5Vhj546N3ABb9f8.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207616
IP address blocks:        2a04:ff00:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:58:67:41:28:79:6f:a2:6e:3e:40:0f:b7:ff:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdb0432b59d441db08e55863e78e8ddc005bf5ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ec:df:de:07:29:f4:6b:ef:1d:cb:2f:24:6b:
                    1a:23:48:73:8e:ee:7c:3c:ed:27:23:4c:45:27:dd:
                    6b:a1:a4:88:d9:b7:62:ac:16:bd:94:1f:94:0a:a4:
                    df:95:50:c1:72:99:47:b1:55:58:37:ff:b8:9e:97:
                    1e:3d:65:b6:6b:b5:d2:ea:88:97:73:58:c1:45:a9:
                    cc:34:b1:42:ee:60:5f:e6:44:7d:ac:6e:1e:f8:11:
                    d8:75:ef:97:60:e4:78:4e:fc:fc:80:c9:50:6e:43:
                    a3:a1:1c:53:a0:c2:89:9f:c8:fa:26:b3:84:0d:4b:
                    0d:3c:66:52:0a:9f:0a:90:3e:0a:a4:71:75:a6:87:
                    72:f6:f6:3c:1b:24:d0:ce:d0:25:45:9e:07:57:ce:
                    3c:1f:4d:0f:f0:97:91:ed:fc:24:f0:e1:11:e2:a2:
                    c4:b2:5e:c7:4a:44:e5:f7:fb:27:df:a3:01:3b:d8:
                    a8:dc:d6:79:ba:45:4f:77:f4:b3:93:26:09:a1:25:
                    a7:fa:19:c1:43:20:72:f0:dc:14:c6:50:35:80:4c:
                    1a:fa:6a:15:92:e2:1b:de:46:30:d1:4d:2b:01:3f:
                    32:c6:4c:60:5f:d0:a6:96:e8:c0:00:bd:23:68:8f:
                    85:83:e4:b6:80:4d:40:bc:b0:3f:57:8b:a0:69:26:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B0:43:2B:59:D4:41:DB:08:E5:58:63:E7:8E:8D:DC:00:5B:F5:FF
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/_bBDK1nUQdsI5Vhj546N3ABb9f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:a6:83:c7:fa:cf:2b:ae:fd:d0:4a:1a:7f:f2:de:a8:77:f5:
         68:30:df:b1:49:d1:6a:da:16:07:10:2b:61:e4:7e:ac:b5:da:
         c1:7e:a0:3d:e3:32:37:4e:cd:f9:29:81:7b:36:62:3f:63:cb:
         41:d9:48:7e:c9:d0:7f:0d:f3:a6:87:37:6b:95:a7:51:ee:1a:
         54:2c:f4:6a:da:45:f3:5e:87:21:cf:f0:26:7e:6a:75:42:85:
         ba:9a:c5:b3:a0:ec:37:1e:b3:be:ac:35:ff:83:cd:f6:1b:7d:
         d5:74:06:00:5c:89:0a:55:94:80:64:58:af:ce:c3:5b:dc:64:
         16:ae:df:22:2b:f9:58:45:83:2e:c6:0c:7d:fa:db:7f:ed:8f:
         10:d0:5e:82:b2:d4:2b:a2:87:26:2b:4d:dc:44:58:77:18:f3:
         fc:01:ae:1f:67:db:01:04:04:01:0e:9d:d7:8b:a3:63:19:2e:
         7b:15:33:ac:da:db:51:85:c2:85:43:ef:6d:85:77:cc:2e:4c:
         eb:b2:02:d4:a0:72:3f:d6:fc:bc:41:ea:91:41:6c:98:21:c1:
         c4:b2:2a:e1:52:ff:b4:d5:3c:b2:fa:3e:ff:4f:cc:75:fb:46:
         58:11:dd:b2:63:f2:43:aa:08:08:6c:b0:0c:8a:f0:fd:bf:f7:
         c9:ba:ed:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlVhnQSh5b6JuPkAPt/9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGIwNDMyYjU5ZDQ0MWRiMDhlNTU4NjNlNzhlOGRkYzAwNWJmNWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguzf3gcp9GvvHcsvJGsaI0hzju58
PO0nI0xFJ91roaSI2bdirBa9lB+UCqTflVDBcplHsVVYN/+4npcePWW2a7XS6oiX
c1jBRanMNLFC7mBf5kR9rG4e+BHYde+XYOR4Tvz8gMlQbkOjoRxToMKJn8j6JrOE
DUsNPGZSCp8KkD4KpHF1pody9vY8GyTQztAlRZ4HV848H00P8JeR7fwk8OER4qLE
sl7HSkTl9/sn36MBO9io3NZ5ukVPd/SzkyYJoSWn+hnBQyBy8NwUxlA1gEwa+moV
kuIb3kYw0U0rAT8yxkxgX9CmlujAAL0jaI+Fg+S2gE1AvLA/V4ugaSYwswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP2wQytZ1EHbCOVYY+eOjdwAW/X/MB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvX2JCREsxblVRZHNJNVZoajU0Nk4zQUJiOWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgT/AAEB
MA0GCSqGSIb3DQEBCwUAA4IBAQADpoPH+s8rrv3QShp/8t6od/VoMN+xSdFq2hYH
ECth5H6stdrBfqA94zI3Ts35KYF7NmI/Y8tB2Uh+ydB/DfOmhzdrladR7hpULPRq
2kXzXochz/Amfmp1QoW6msWzoOw3HrO+rDX/g832G33VdAYAXIkKVZSAZFivzsNb
3GQWrt8iK/lYRYMuxgx9+tt/7Y8Q0F6CstQroocmK03cRFh3GPP8Aa4fZ9sBBAQB
Dp3Xi6NjGS57FTOs2ttRhcKFQ+9thXfMLkzrsgLUoHI/1vy8QeqRQWyYIcHEsirh
Uv+01Tyy+j7/T8x1+0ZYEd2yY/JDqggIbLAMivD9v/fJuu0a
-----END CERTIFICATE-----