Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/7GEspiBDgmHKDoem39KIHLIIX5w.roa
File:                     7GEspiBDgmHKDoem39KIHLIIX5w.roa (raw, json)
Hash identifier:          0CHV6SnDiIvhGHqWJxuLybfY6S/HkhdyTfiY9jh++kQ=
Subject key identifier:   EC:61:2C:A6:20:43:82:61:CA:0E:87:A6:DF:D2:88:1C:B2:08:5F:9C
Certificate issuer:       /CN=ba6d46b76bfd6d42bbd575e2f26fce136b9b6a6d
Certificate serial:       018CC4929F8F45BF6FB6C761FA8E3834FDC8
Authority key identifier: BA:6D:46:B7:6B:FD:6D:42:BB:D5:75:E2:F2:6F:CE:13:6B:9B:6A:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/7GEspiBDgmHKDoem39KIHLIIX5w.roa
Signing time:             Mon 01 Jan 2024 10:29:52 +0000
ROA not before:           Mon 01 Jan 2024 10:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        2a04:f400:3001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:9f:8f:45:bf:6f:b6:c7:61:fa:8e:38:34:fd:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6d46b76bfd6d42bbd575e2f26fce136b9b6a6d
        Validity
            Not Before: Jan  1 10:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec612ca620438261ca0e87a6dfd2881cb2085f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9d:8e:cf:83:4a:e2:7c:24:ed:b0:97:73:90:
                    fb:ff:a8:1c:ee:51:4a:b2:e3:98:17:90:47:91:f0:
                    08:d4:3a:a9:80:c2:79:2f:bb:3b:52:4d:04:bc:16:
                    fd:a0:a6:71:0d:57:8d:9f:bf:01:d0:c3:dd:c6:f3:
                    55:23:87:df:cb:e5:57:65:58:09:7d:2f:87:c9:23:
                    5f:33:50:27:db:9b:3d:84:7d:2e:e7:f7:a8:7c:0b:
                    54:eb:57:f8:ab:23:22:0b:04:4b:31:ec:07:72:e9:
                    0a:d5:ca:e1:34:38:ac:f1:a6:c8:a1:b8:78:b6:8c:
                    24:13:29:17:12:24:50:3e:a1:d8:6a:f4:24:26:30:
                    17:84:e6:56:4a:79:ba:f9:76:14:c1:bf:7b:51:5b:
                    1f:17:37:5a:5a:f1:ee:f7:93:f6:01:71:35:05:de:
                    8d:63:fa:ac:5a:7c:72:77:ce:3d:2b:19:29:53:c6:
                    15:fe:1b:70:60:bd:32:d7:3f:e2:02:65:40:0c:53:
                    03:1c:07:65:cc:2e:5d:0a:cb:b0:c2:4b:7c:19:a9:
                    03:bf:a6:7f:e2:81:93:8e:73:e1:1b:fb:3d:00:8b:
                    8e:15:c1:66:25:5d:a3:6a:f8:db:af:f4:9d:8e:85:
                    40:0e:d5:a0:c5:be:3c:c2:ed:42:73:3b:78:68:da:
                    f5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:61:2C:A6:20:43:82:61:CA:0E:87:A6:DF:D2:88:1C:B2:08:5F:9C
            X509v3 Authority Key Identifier:
                keyid:BA:6D:46:B7:6B:FD:6D:42:BB:D5:75:E2:F2:6F:CE:13:6B:9B:6A:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/7GEspiBDgmHKDoem39KIHLIIX5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:f400:3001::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:41:56:e1:f1:c2:82:c2:9c:63:ab:6f:5e:f5:95:e4:96:d7:
         87:b0:09:87:83:21:32:d2:6e:1f:9c:19:f7:01:7a:3f:0e:a6:
         95:17:44:9c:5a:2a:b1:69:dd:1a:38:a7:d9:e0:da:d6:a2:e6:
         68:ea:e4:1b:e6:22:38:82:60:17:c1:07:c1:be:5f:4c:aa:a3:
         40:ab:0a:91:8d:0c:b1:f8:c5:b1:f3:d2:0b:70:74:77:96:59:
         47:6f:5c:43:f9:d5:02:21:68:ed:1a:10:e7:d9:e6:db:c6:93:
         f0:72:97:8c:80:8f:1b:de:38:c9:a9:82:da:72:db:75:00:9b:
         fb:48:c7:bf:d2:a6:5a:e4:59:3e:4e:9d:96:c2:9c:36:a3:2b:
         48:f5:85:fe:be:12:58:90:2a:c1:f5:f1:4f:d1:b1:75:33:cf:
         8b:d8:3c:ab:ed:9a:4d:30:80:2c:5b:61:7e:49:00:8d:5d:e8:
         a7:09:ef:17:73:c8:f0:7a:6d:a2:db:61:51:ef:e4:32:fb:dd:
         d2:04:47:0b:93:34:9e:01:3b:74:ce:96:11:1c:58:35:f6:fb:
         81:5e:f0:a9:48:bb:0f:52:86:72:81:fc:71:ec:cd:04:65:68:
         dd:2b:96:04:21:47:d9:c5:30:b3:37:b4:2c:fb:a7:fa:5f:8c:
         0b:63:54:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkp+PRb9vtsdh+o44NP3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmQ0NmI3NmJmZDZkNDJiYmQ1NzVlMmYyNmZjZTEzNmI5
YjZhNmQwHhcNMjQwMTAxMTAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzYxMmNhNjIwNDM4MjYxY2EwZTg3YTZkZmQyODgxY2IyMDg1ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZ2Oz4NK4nwk7bCXc5D7/6gc7lFK
suOYF5BHkfAI1DqpgMJ5L7s7Uk0EvBb9oKZxDVeNn78B0MPdxvNVI4ffy+VXZVgJ
fS+HySNfM1An25s9hH0u5/eofAtU61f4qyMiCwRLMewHcukK1crhNDis8abIobh4
towkEykXEiRQPqHYavQkJjAXhOZWSnm6+XYUwb97UVsfFzdaWvHu95P2AXE1Bd6N
Y/qsWnxyd849KxkpU8YV/htwYL0y1z/iAmVADFMDHAdlzC5dCsuwwkt8GakDv6Z/
4oGTjnPhG/s9AIuOFcFmJV2javjbr/SdjoVADtWgxb48wu1Cczt4aNr1kwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOxhLKYgQ4Jhyg6Hpt/SiByyCF+cMB8GA1UdIwQY
MBaAFLptRrdr/W1Cu9V14vJvzhNrm2ptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW0xR3QydjliVUs3MVhYaThtX09FMnViYW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lOGJlMGUtYTgwZC00YTRmLWI1MmYt
ZGZmMWNmZmI3YjE4LzEvN0dFc3BpQkRnbUhLRG9lbTM5S0lITElJWDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lOGJlMGUtYTgwZC00YTRmLWI1MmYtZGZmMWNmZmI3YjE4
LzEvdW0xR3QydjliVUs3MVhYaThtX09FMnViYW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgT0ADAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAlQVbh8cKCwpxjq29e9ZXklteHsAmHgyEy0m4f
nBn3AXo/DqaVF0ScWiqxad0aOKfZ4NrWouZo6uQb5iI4gmAXwQfBvl9MqqNAqwqR
jQyx+MWx89ILcHR3lllHb1xD+dUCIWjtGhDn2ebbxpPwcpeMgI8b3jjJqYLactt1
AJv7SMe/0qZa5Fk+Tp2Wwpw2oytI9YX+vhJYkCrB9fFP0bF1M8+L2Dyr7ZpNMIAs
W2F+SQCNXeinCe8Xc8jwem2i22FR7+Qy+93SBEcLkzSeATt0zpYRHFg19vuBXvCp
SLsPUoZygfxx7M0EZWjdK5YEIUfZxTCzN7Qs+6f6X4wLY1Tv
-----END CERTIFICATE-----