Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/Vp_dqOpaNVGTvOr8iQkYKl_F8I4.roa
File:                     Vp_dqOpaNVGTvOr8iQkYKl_F8I4.roa (raw, json)
Hash identifier:          iV4tJ2c9opFy5/4LuYRFPtXpJ50MgZ8lhiGmz7kCJRk=
Subject key identifier:   56:9F:DD:A8:EA:5A:35:51:93:BC:EA:FC:89:09:18:2A:5F:C5:F0:8E
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       018CC6B7A12A2CD5D18613FA6CCE35DA9B4A
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/Vp_dqOpaNVGTvOr8iQkYKl_F8I4.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205723
IP address blocks:        2a0a:4540:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a1:2a:2c:d5:d1:86:13:fa:6c:ce:35:da:9b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=569fdda8ea5a355193bceafc8909182a5fc5f08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ab:0f:e9:09:94:d9:6f:97:bc:72:69:5b:76:
                    fa:11:ad:fd:6d:42:70:d0:83:f0:82:b0:07:da:0b:
                    b5:aa:33:8e:9b:94:ad:d2:ae:02:cd:16:55:06:32:
                    13:0c:e5:a4:dc:5f:58:c8:b3:82:5c:bc:98:08:4c:
                    77:40:6a:db:ad:99:56:60:22:2b:91:12:31:39:cd:
                    b3:5a:61:cb:c2:54:55:a8:e5:b7:ae:41:7a:80:2c:
                    de:36:83:3c:5a:b6:1a:d3:5b:94:c2:ad:2f:4d:af:
                    43:d6:3f:76:86:ec:64:5d:0d:15:41:d1:97:71:55:
                    9f:38:19:5d:2a:bb:01:e3:68:ca:5e:8a:be:9e:75:
                    62:e9:ab:7d:4a:c0:48:2a:d3:19:89:e6:c4:37:60:
                    e7:02:31:de:00:e9:d7:60:58:96:82:7e:7f:bb:29:
                    be:e5:60:e5:39:e8:86:ac:53:fd:f1:8b:7d:a9:e5:
                    ed:a4:1a:e4:01:61:be:19:45:8c:3c:b2:dc:cc:55:
                    9a:62:44:56:9d:a3:3e:c6:78:20:df:fe:0d:b6:5e:
                    3d:43:d7:ea:1c:79:95:22:cb:f0:7a:ec:99:65:d8:
                    8d:e8:2b:8a:e7:a0:ac:a8:4e:66:55:c9:f3:54:4e:
                    79:21:69:22:bf:fc:51:32:6f:e4:d1:32:81:3f:cf:
                    df:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:9F:DD:A8:EA:5A:35:51:93:BC:EA:FC:89:09:18:2A:5F:C5:F0:8E
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/Vp_dqOpaNVGTvOr8iQkYKl_F8I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:45:9b:71:28:f8:a0:98:e2:d0:fd:0f:36:5f:78:2b:8d:8c:
         12:37:44:15:ca:c6:9c:c1:3d:8f:e9:b1:cc:1f:b3:59:04:96:
         8a:ce:8e:79:12:d0:18:b2:a2:dd:c7:ce:a6:21:10:2b:fb:16:
         db:cb:79:31:87:27:24:7a:26:53:78:8d:ec:96:a2:0d:72:68:
         23:f3:f5:3e:e4:09:69:92:d9:41:3e:c1:e9:e4:4d:2a:11:27:
         d5:ec:f8:88:f5:aa:62:b3:8d:90:e9:eb:a7:15:8b:8f:02:82:
         ad:f2:8a:fc:e9:3c:ef:34:f9:a8:83:08:8d:db:48:c2:37:20:
         6e:1b:2d:6b:cd:24:2f:5c:06:79:3b:c4:c3:1b:d4:00:f7:b7:
         1d:48:60:9b:34:e7:61:eb:c9:5b:57:14:d8:d9:9d:d9:32:c4:
         ab:d6:04:67:58:be:bf:0f:69:3f:85:80:a0:8f:fd:a7:e9:05:
         07:db:15:4e:4c:1a:12:c6:06:7a:16:fe:d1:eb:72:45:38:c4:
         95:67:c9:59:e4:4e:fb:75:08:86:ad:27:68:9f:00:87:fe:cc:
         a8:a5:b3:f9:78:7f:df:84:e6:ab:bd:88:01:81:bd:6e:e2:73:
         60:59:a4:31:74:5f:6b:da:5d:4e:de:ff:c4:e3:c6:c3:da:ba:
         e7:34:07:4a
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGt6EqLNXRhhP6bM412ptKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjlmZGRhOGVhNWEzNTUxOTNiY2VhZmM4OTA5MTgyYTVmYzVmMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiasP6QmU2W+XvHJpW3b6Ea39bUJw
0IPwgrAH2gu1qjOOm5St0q4CzRZVBjITDOWk3F9YyLOCXLyYCEx3QGrbrZlWYCIr
kRIxOc2zWmHLwlRVqOW3rkF6gCzeNoM8WrYa01uUwq0vTa9D1j92huxkXQ0VQdGX
cVWfOBldKrsB42jKXoq+nnVi6at9SsBIKtMZiebEN2DnAjHeAOnXYFiWgn5/uym+
5WDlOeiGrFP98Yt9qeXtpBrkAWG+GUWMPLLczFWaYkRWnaM+xngg3/4Ntl49Q9fq
HHmVIsvweuyZZdiN6CuK56CsqE5mVcnzVE55IWkiv/xRMm/k0TKBP8/fWwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFFaf3ajqWjVRk7zq/IkJGCpfxfCOMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL1ZwX2RxT3BhTlZHVHZPcjhpUWtZS2xfRjhJNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkVA
IAAwDQYJKoZIhvcNAQELBQADggEBABlFm3Eo+KCY4tD9DzZfeCuNjBI3RBXKxpzB
PY/pscwfs1kElorOjnkS0Biyot3HzqYhECv7FtvLeTGHJyR6JlN4jeyWog1yaCPz
9T7kCWmS2UE+wenkTSoRJ9Xs+Ij1qmKzjZDp66cVi48Cgq3yivzpPO80+aiDCI3b
SMI3IG4bLWvNJC9cBnk7xMMb1AD3tx1IYJs052HryVtXFNjZndkyxKvWBGdYvr8P
aT+FgKCP/afpBQfbFU5MGhLGBnoW/tHrckU4xJVnyVnkTvt1CIatJ2ifAIf+zKil
s/l4f9+E5qu9iAGBvW7ic2BZpDF0X2vaXU7e/8TjxsPauuc0B0o=
-----END CERTIFICATE-----