Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-UIXHy0Mrz5Ye7TzkYdgg1BoYF8.roa
File:                     1-UIXHy0Mrz5Ye7TzkYdgg1BoYF8.roa (raw, json)
Hash identifier:          +lSolSQga6oV9Poltu8qj8nSknfQQ6/rZi8jAyivxuQ=
Subject key identifier:   F9:42:17:1F:2D:0C:AF:3E:58:7B:B4:F3:91:87:60:83:50:68:60:5F
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       018CC6B7A15394E4E8DAFBBC155D420E1DF2
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-UIXHy0Mrz5Ye7TzkYdgg1BoYF8.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213396
IP address blocks:        2a0a:4540:3000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a1:53:94:e4:e8:da:fb:bc:15:5d:42:0e:1d:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f942171f2d0caf3e587bb4f3918760835068605f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ef:fe:d9:77:74:c5:d4:c1:e0:a3:ae:88:86:
                    31:f9:7c:88:38:87:e1:df:85:57:96:16:b9:12:ad:
                    0e:43:fa:03:d2:81:17:29:c7:47:f4:9e:f7:39:24:
                    7a:0f:1f:36:8b:a8:88:a1:09:b7:c9:10:f7:a8:81:
                    39:bd:7e:6c:6a:9b:53:61:3c:11:1c:be:70:da:f2:
                    3c:2d:35:fb:8f:74:52:49:b0:f7:1d:99:88:55:c1:
                    b8:24:cb:74:1a:78:28:28:15:4e:be:b6:4e:45:60:
                    aa:85:1d:b3:26:b9:c9:9f:42:c1:4d:08:b7:53:d1:
                    36:46:6d:3f:11:d2:79:e7:5d:e2:4d:18:54:56:d2:
                    8f:12:e2:c6:ea:8f:63:65:ed:7e:28:1b:6c:8c:b2:
                    6d:10:d2:1e:ab:f4:1f:62:09:3f:ad:cb:f1:2f:8c:
                    07:6b:a3:6b:9a:5d:69:3f:4d:0b:35:de:67:43:9f:
                    6c:8e:3e:11:d0:7c:f3:c1:e0:84:fe:8b:5b:55:6a:
                    b0:38:c1:44:ae:38:d1:43:c2:14:e7:d3:8c:93:23:
                    4f:6c:5b:e8:64:2e:6b:92:80:64:76:7b:e2:ec:7c:
                    f8:94:be:32:75:ba:09:42:97:75:9d:e7:d0:ed:f1:
                    22:07:59:64:28:aa:38:35:e9:27:08:a7:6b:d1:c1:
                    10:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:42:17:1F:2D:0C:AF:3E:58:7B:B4:F3:91:87:60:83:50:68:60:5F
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-UIXHy0Mrz5Ye7TzkYdgg1BoYF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:36:5f:50:41:8f:b1:c8:b0:23:b3:d1:27:1e:a9:3c:8a:4b:
         ef:9e:d4:bd:fd:e0:1e:f0:f9:06:27:52:f6:c5:f2:e6:a2:f0:
         79:f7:50:ec:ed:f1:a7:e1:b2:4b:f9:73:3e:ab:a2:a3:dd:9a:
         0e:17:13:93:d9:5d:a4:72:fa:93:c1:44:ea:64:b7:98:9a:4f:
         2a:ce:e8:38:09:82:4c:eb:6c:12:a5:13:9a:cc:91:ae:51:f8:
         1e:c1:d5:2b:72:fb:2d:b7:70:cc:6a:8b:ac:40:87:d1:29:d4:
         df:db:df:47:cc:dd:a1:ac:eb:77:94:2a:2e:78:6c:75:1e:16:
         6f:39:fe:44:64:6f:1a:96:fd:59:c1:78:08:8f:67:7d:b0:53:
         7a:7e:38:8d:b9:6f:75:b0:91:89:e5:9f:73:82:6a:c9:fa:21:
         d5:60:d3:df:a6:2c:7c:9f:34:3e:dd:09:21:eb:b2:0d:18:a6:
         6c:4c:82:43:d6:60:fe:cb:6f:5e:5a:2a:69:ee:8e:67:fe:bc:
         13:70:69:ba:f1:4b:46:1f:cc:1f:10:d2:aa:b4:c3:76:70:24:
         6a:e4:3d:1c:a4:43:13:c9:b2:8c:87:19:4d:c4:38:04:7e:c9:
         f7:4a:64:82:64:79:1f:93:83:77:2a:c7:56:be:3f:c6:dc:47:
         0c:a1:31:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt6FTlOTo2vu8FV1CDh3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQyMTcxZjJkMGNhZjNlNTg3YmI0ZjM5MTg3NjA4MzUwNjg2MDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+/+2Xd0xdTB4KOuiIYx+XyIOIfh
34VXlha5Eq0OQ/oD0oEXKcdH9J73OSR6Dx82i6iIoQm3yRD3qIE5vX5saptTYTwR
HL5w2vI8LTX7j3RSSbD3HZmIVcG4JMt0GngoKBVOvrZORWCqhR2zJrnJn0LBTQi3
U9E2Rm0/EdJ5513iTRhUVtKPEuLG6o9jZe1+KBtsjLJtENIeq/QfYgk/rcvxL4wH
a6Nrml1pP00LNd5nQ59sjj4R0HzzweCE/otbVWqwOMFErjjRQ8IU59OMkyNPbFvo
ZC5rkoBkdnvi7Hz4lL4ydboJQpd1nefQ7fEiB1lkKKo4NeknCKdr0cEQPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPlCFx8tDK8+WHu085GHYINQaGBfMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xLzEtVUlYSHkwTXJ6NVllN1R6a1lkZ2cxQm9ZRjgucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzRlLzhmYzA5ZC03ZDI1LTQyNWMtOGI5MS1kNjJlNDU0YmYz
N2YvMS8xLTZ4UThaMlpNSzdzQ2MwbjlRajhVQzZoVFI4LmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgpF
QDAAMA0GCSqGSIb3DQEBCwUAA4IBAQAwNl9QQY+xyLAjs9EnHqk8ikvvntS9/eAe
8PkGJ1L2xfLmovB591Ds7fGn4bJL+XM+q6Kj3ZoOFxOT2V2kcvqTwUTqZLeYmk8q
zug4CYJM62wSpROazJGuUfgewdUrcvstt3DMaousQIfRKdTf299HzN2hrOt3lCou
eGx1HhZvOf5EZG8alv1ZwXgIj2d9sFN6fjiNuW91sJGJ5Z9zgmrJ+iHVYNPfpix8
nzQ+3Qkh67INGKZsTIJD1mD+y29eWipp7o5n/rwTcGm68UtGH8wfENKqtMN2cCRq
5D0cpEMTybKMhxlNxDgEfsn3SmSCZHkfk4N3KsdWvj/G3EcMoTEq
-----END CERTIFICATE-----