Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/fIbGyZQ6UyPgNHVxzVi_wKTTDbw.roa
File:                     fIbGyZQ6UyPgNHVxzVi_wKTTDbw.roa (raw, json)
Hash identifier:          L+2wB0rKgSw7WT2Tg1ak15+R12/V9eSRZ/WH8vEgBuA=
Subject key identifier:   7C:86:C6:C9:94:3A:53:23:E0:34:75:71:CD:58:BF:C0:A4:D3:0D:BC
Certificate issuer:       /CN=ba6d46b76bfd6d42bbd575e2f26fce136b9b6a6d
Certificate serial:       018CC4929FFF8F8AC991D914DDBD5271CFE0
Authority key identifier: BA:6D:46:B7:6B:FD:6D:42:BB:D5:75:E2:F2:6F:CE:13:6B:9B:6A:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/fIbGyZQ6UyPgNHVxzVi_wKTTDbw.roa
Signing time:             Mon 01 Jan 2024 10:29:52 +0000
ROA not before:           Mon 01 Jan 2024 10:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36351
IP address blocks:        2a04:f400:3000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:9f:ff:8f:8a:c9:91:d9:14:dd:bd:52:71:cf:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6d46b76bfd6d42bbd575e2f26fce136b9b6a6d
        Validity
            Not Before: Jan  1 10:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c86c6c9943a5323e0347571cd58bfc0a4d30dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f9:7d:ad:7f:d3:c8:b7:8f:6b:f2:19:7f:24:
                    b6:2a:48:59:9b:51:10:a2:0d:c2:49:4c:44:08:2d:
                    12:3a:30:46:8f:d2:a5:8e:76:d6:bd:09:83:79:fe:
                    20:78:3e:03:45:d3:d6:76:50:f9:41:de:b0:1b:f1:
                    76:7e:62:f7:6c:7b:02:ef:cf:5c:ae:bc:0d:90:bf:
                    6f:68:c2:cc:c2:03:f4:0d:b6:ca:33:0f:7d:f7:e9:
                    54:d8:04:e8:ce:dc:bf:55:1a:24:5c:e5:25:be:7f:
                    e2:85:d0:6b:a6:3d:8b:8a:b9:b4:d9:3d:95:00:da:
                    2d:6a:70:a6:79:ed:a3:31:95:8e:c6:75:5f:9b:e5:
                    57:9b:62:d0:41:b5:a9:64:12:01:0d:91:0f:0d:23:
                    85:48:4a:0c:35:12:c2:97:f9:7e:76:a2:29:99:9d:
                    54:4f:30:e6:72:1c:59:d8:7b:f9:d6:b3:70:ef:7d:
                    a2:26:8c:54:a7:da:01:a5:c5:ea:d5:4e:92:14:82:
                    cd:87:c8:67:b0:e5:c9:83:67:d9:93:5e:00:0e:08:
                    9c:7d:8b:63:62:2c:f9:66:82:29:33:97:7d:bf:55:
                    26:2c:67:92:a1:f8:9f:56:40:bb:3e:11:11:ee:e9:
                    28:c5:d5:c4:bf:b5:c5:1f:8b:7c:85:a8:97:75:e6:
                    d4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:86:C6:C9:94:3A:53:23:E0:34:75:71:CD:58:BF:C0:A4:D3:0D:BC
            X509v3 Authority Key Identifier:
                keyid:BA:6D:46:B7:6B:FD:6D:42:BB:D5:75:E2:F2:6F:CE:13:6B:9B:6A:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/fIbGyZQ6UyPgNHVxzVi_wKTTDbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:f400:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:08:37:95:2a:b5:72:32:87:62:64:55:58:f1:dd:14:40:15:
         50:e5:a9:61:79:61:1c:95:22:07:45:8b:b3:10:8d:a0:f5:30:
         8e:dc:15:a0:e2:37:7e:30:bd:57:45:83:ef:02:a3:14:ae:b7:
         81:d1:76:1d:d4:20:f9:ba:d6:4b:c8:a0:01:9c:19:d7:d6:b5:
         a8:08:7d:3b:61:34:bb:e3:a4:7e:ee:4f:a4:93:3c:e1:ac:9a:
         55:14:1d:ad:dd:ad:8a:46:53:de:c3:f6:ce:cb:f5:60:01:d9:
         39:23:c7:91:87:7b:9e:10:5f:a5:f8:4c:28:87:6b:2a:35:08:
         89:07:4e:2a:dc:7b:08:77:3f:9a:a4:80:4c:14:7e:84:79:cc:
         79:4d:88:80:b6:b0:b3:cf:fc:4c:ac:dc:83:4e:51:31:4c:c7:
         8d:84:93:9f:1d:01:1c:31:61:d1:1b:08:71:ae:c9:c6:96:e0:
         bf:14:32:8e:3b:e6:59:a5:2f:5d:c2:37:e2:ba:cb:47:07:b6:
         99:66:2d:82:f4:6c:e8:f6:57:cf:9c:1c:38:9c:c5:d6:48:35:
         95:6b:6c:df:a4:89:e8:60:6d:c4:2d:f9:e7:12:17:a9:b7:14:
         1c:c4:78:a0:7b:7a:e6:a4:30:1a:9d:ce:99:f7:3a:b1:f2:3e:
         0f:61:e7:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkp//j4rJkdkU3b1Scc/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmQ0NmI3NmJmZDZkNDJiYmQ1NzVlMmYyNmZjZTEzNmI5
YjZhNmQwHhcNMjQwMTAxMTAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg2YzZjOTk0M2E1MzIzZTAzNDc1NzFjZDU4YmZjMGE0ZDMwZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfl9rX/TyLePa/IZfyS2KkhZm1EQ
og3CSUxECC0SOjBGj9KljnbWvQmDef4geD4DRdPWdlD5Qd6wG/F2fmL3bHsC789c
rrwNkL9vaMLMwgP0DbbKMw999+lU2ATozty/VRokXOUlvn/ihdBrpj2Lirm02T2V
ANotanCmee2jMZWOxnVfm+VXm2LQQbWpZBIBDZEPDSOFSEoMNRLCl/l+dqIpmZ1U
TzDmchxZ2Hv51rNw732iJoxUp9oBpcXq1U6SFILNh8hnsOXJg2fZk14ADgicfYtj
Yiz5ZoIpM5d9v1UmLGeSofifVkC7PhER7ukoxdXEv7XFH4t8haiXdebUpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHyGxsmUOlMj4DR1cc1Yv8Ck0w28MB8GA1UdIwQY
MBaAFLptRrdr/W1Cu9V14vJvzhNrm2ptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW0xR3QydjliVUs3MVhYaThtX09FMnViYW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lOGJlMGUtYTgwZC00YTRmLWI1MmYt
ZGZmMWNmZmI3YjE4LzEvZkliR3laUTZVeVBnTkhWeHpWaV93S1RURGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lOGJlMGUtYTgwZC00YTRmLWI1MmYtZGZmMWNmZmI3YjE4
LzEvdW0xR3QydjliVUs3MVhYaThtX09FMnViYW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgT0ADAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCACDeVKrVyModiZFVY8d0UQBVQ5alheWEclSIH
RYuzEI2g9TCO3BWg4jd+ML1XRYPvAqMUrreB0XYd1CD5utZLyKABnBnX1rWoCH07
YTS746R+7k+kkzzhrJpVFB2t3a2KRlPew/bOy/VgAdk5I8eRh3ueEF+l+Ewoh2sq
NQiJB04q3HsIdz+apIBMFH6Eecx5TYiAtrCzz/xMrNyDTlExTMeNhJOfHQEcMWHR
GwhxrsnGluC/FDKOO+ZZpS9dwjfiustHB7aZZi2C9Gzo9lfPnBw4nMXWSDWVa2zf
pInoYG3ELfnnEheptxQcxHige3rmpDAanc6Z9zqx8j4PYecH
-----END CERTIFICATE-----