Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/f3yGmWTthhGkZ0zRjn40IrzsGAI.roa
File:                     f3yGmWTthhGkZ0zRjn40IrzsGAI.roa (raw, json)
Hash identifier:          SswwYGOAklhmYtD5v9se5qrK+50XLD7/QxTwv4/LIrU=
Subject key identifier:   7F:7C:86:99:64:ED:86:11:A4:67:4C:D1:8E:7E:34:22:BC:EC:18:02
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       018FEE172E17EF6D31D139F38493650CA7C4
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/f3yGmWTthhGkZ0zRjn40IrzsGAI.roa
Signing time:             Thu 06 Jun 2024 15:07:27 +0000
ROA not before:           Thu 06 Jun 2024 15:07:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214757
IP address blocks:        2a04:ff00:103::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 00:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ee:17:2e:17:ef:6d:31:d1:39:f3:84:93:65:0c:a7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Jun  6 15:07:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f7c869964ed8611a4674cd18e7e3422bcec1802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d5:82:c4:51:1f:6a:41:5e:84:17:14:b9:09:
                    b6:4a:0c:e1:8c:d4:c9:69:9a:5a:df:51:e5:ee:ee:
                    cd:99:33:4d:7d:6d:dc:10:68:90:4c:3d:6c:f0:a0:
                    e4:e2:5a:67:56:37:fa:88:1f:d5:8f:d0:9a:c7:a7:
                    91:aa:43:65:0a:78:eb:7a:4e:ea:90:86:3d:06:cc:
                    ef:57:43:63:bf:42:2c:20:e0:f0:69:17:43:7d:13:
                    ba:d2:ba:a9:e6:20:4c:61:48:e9:b5:25:93:69:b8:
                    88:42:69:a7:e4:22:87:cb:e8:d8:f8:96:25:be:dc:
                    7b:a4:a0:cf:3d:ea:6a:b5:18:99:d0:fe:c1:f5:1a:
                    2c:3e:11:dd:02:09:62:8a:ea:3f:45:47:0b:ea:c3:
                    69:58:fd:58:f3:90:81:ca:51:70:dd:5d:ff:67:94:
                    d9:4f:2e:0c:67:68:c9:64:d2:6e:0e:06:74:0d:49:
                    bf:1d:c2:aa:77:46:9e:24:cd:e1:b7:26:a9:23:a0:
                    1f:f0:34:63:e1:91:cb:1c:c4:14:16:2f:b2:74:b2:
                    5b:89:29:f2:d8:06:8b:3c:54:3a:bd:21:4d:71:2c:
                    6e:00:6f:ee:97:87:00:0f:ce:d7:60:74:b0:06:0a:
                    ff:b4:5a:5c:04:80:b3:01:14:ad:92:18:14:56:b6:
                    bb:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7C:86:99:64:ED:86:11:A4:67:4C:D1:8E:7E:34:22:BC:EC:18:02
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/f3yGmWTthhGkZ0zRjn40IrzsGAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:ef:61:45:1b:5d:31:0a:4c:a7:15:33:09:02:44:56:05:5f:
         11:d5:f9:1d:d4:3d:38:e4:a4:65:74:70:c0:d2:94:2b:fa:64:
         ee:84:71:dc:e1:6f:5e:63:85:1d:ba:85:95:db:0c:ff:e9:27:
         e8:b5:ce:e3:ca:4c:6f:50:25:08:6d:ae:5a:e3:93:36:7f:10:
         ac:64:6f:2b:44:73:2c:a0:84:ab:0f:94:a7:8c:42:d2:82:ae:
         d2:82:59:5b:58:74:77:ef:13:82:30:34:a5:10:18:8f:c1:95:
         c7:19:1e:54:df:86:9b:45:0e:94:c3:53:cd:63:3b:5b:1d:11:
         8a:01:99:83:5f:dc:5f:86:49:a8:9c:89:8c:af:12:1a:ee:a6:
         5d:12:b0:81:bc:13:e7:40:db:41:a5:9a:fc:9a:3a:ae:83:67:
         2b:bf:ec:ab:d7:5b:25:98:20:72:8f:06:63:c2:ec:ca:52:2e:
         40:cf:30:1f:01:65:78:43:69:15:45:11:04:f2:9c:f5:72:08:
         f9:64:db:10:55:c3:eb:b2:d0:70:39:bd:f4:4e:3c:3f:4e:ff:
         75:60:7b:9e:72:c5:08:51:54:94:49:29:85:c5:7f:23:88:5b:
         08:92:c9:a8:8e:c6:ba:9a:0c:1d:b5:75:5c:e4:8a:81:df:5a:
         9f:bd:ae:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/uFy4X720x0TnzhJNlDKfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjQwNjA2MTUwNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjdjODY5OTY0ZWQ4NjExYTQ2NzRjZDE4ZTdlMzQyMmJjZWMxODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dWCxFEfakFehBcUuQm2SgzhjNTJ
aZpa31Hl7u7NmTNNfW3cEGiQTD1s8KDk4lpnVjf6iB/Vj9Cax6eRqkNlCnjrek7q
kIY9BszvV0Njv0IsIODwaRdDfRO60rqp5iBMYUjptSWTabiIQmmn5CKHy+jY+JYl
vtx7pKDPPepqtRiZ0P7B9RosPhHdAgliiuo/RUcL6sNpWP1Y85CBylFw3V3/Z5TZ
Ty4MZ2jJZNJuDgZ0DUm/HcKqd0aeJM3htyapI6Af8DRj4ZHLHMQUFi+ydLJbiSny
2AaLPFQ6vSFNcSxuAG/ul4cAD87XYHSwBgr/tFpcBICzARStkhgUVra7uQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH98hplk7YYRpGdM0Y5+NCK87BgCMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvZjN5R21XVHRoaEdrWjB6UmpuNDBJcnpzR0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgT/AAED
MA0GCSqGSIb3DQEBCwUAA4IBAQB672FFG10xCkynFTMJAkRWBV8R1fkd1D045KRl
dHDA0pQr+mTuhHHc4W9eY4UduoWV2wz/6Sfotc7jykxvUCUIba5a45M2fxCsZG8r
RHMsoISrD5SnjELSgq7SgllbWHR37xOCMDSlEBiPwZXHGR5U34abRQ6Uw1PNYztb
HRGKAZmDX9xfhkmonImMrxIa7qZdErCBvBPnQNtBpZr8mjqug2crv+yr11slmCBy
jwZjwuzKUi5AzzAfAWV4Q2kVRREE8pz1cgj5ZNsQVcPrstBwOb30Tjw/Tv91YHue
csUIUVSUSSmFxX8jiFsIksmojsa6mgwdtXVc5IqB31qfva7f
-----END CERTIFICATE-----