Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/B4ggzxg0Rx763dGuIjTojJPBIZU.roa
File:                     B4ggzxg0Rx763dGuIjTojJPBIZU.roa (raw, json)
Hash identifier:          zt1Y01VrtAIzQsadt+VjoIpZi6f279/j4PnVCutiJ5A=
Subject key identifier:   07:88:20:CF:18:34:47:1E:FA:DD:D1:AE:22:34:E8:8C:93:C1:21:95
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348FADA48486CAB7C03AB78422E820A
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/B4ggzxg0Rx763dGuIjTojJPBIZU.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203833
IP address blocks:        2a00:11c0:38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fa:da:48:48:6c:ab:7c:03:ab:78:42:2e:82:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=078820cf1834471efaddd1ae2234e88c93c12195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0f:d1:93:91:d5:88:6a:01:0b:50:ae:fd:7e:
                    77:e4:00:2e:98:ee:b6:aa:80:96:82:60:e2:b8:d2:
                    00:bf:1c:37:8f:8f:5c:a4:1d:3f:46:fe:1a:5e:05:
                    dc:4c:37:f6:a7:2e:05:a6:af:a6:13:69:f9:82:e0:
                    ed:3b:07:58:91:2a:0a:0c:0b:04:c0:c4:70:a6:99:
                    0a:23:60:f8:91:c4:e6:a5:cd:26:8e:c2:dc:5c:57:
                    66:d7:95:e3:7b:66:b0:23:23:0d:64:71:eb:8f:5e:
                    78:69:04:88:67:a5:76:90:89:0e:51:16:fb:94:26:
                    2e:fe:b3:02:8c:c2:13:05:a8:01:fa:53:5c:90:14:
                    f1:39:43:d2:91:83:90:cf:c5:41:b6:e0:76:ab:52:
                    7c:1a:5c:9f:22:2a:07:fe:55:f1:27:dd:70:3e:0e:
                    6c:dc:9a:56:9b:82:e4:91:e1:2f:04:65:e4:58:0c:
                    2e:35:44:d0:94:1d:ce:e9:3c:7c:80:ea:6c:e8:4d:
                    32:e0:de:96:a6:1c:02:e2:8f:7a:18:91:cc:c7:24:
                    33:95:af:83:23:0f:9e:63:37:a2:21:12:6d:2f:1e:
                    ce:62:79:fe:2c:1e:04:38:ba:72:e4:c5:3b:b3:d8:
                    34:3c:c5:35:c8:0b:db:de:a5:f3:40:31:1b:a2:69:
                    eb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:88:20:CF:18:34:47:1E:FA:DD:D1:AE:22:34:E8:8C:93:C1:21:95
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/B4ggzxg0Rx763dGuIjTojJPBIZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:11c0:38::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:2c:20:bf:28:d4:7d:e1:2f:00:1d:c9:7c:40:5b:24:d0:40:
         ad:0a:45:81:a7:28:22:10:e1:7d:45:94:be:ec:75:ff:96:6d:
         f9:e8:1d:25:28:7a:14:23:09:64:b7:81:50:a8:e6:a7:23:16:
         ba:92:b9:cf:9d:5c:61:7e:74:c8:e6:45:c6:cd:4d:85:d8:09:
         db:d4:7b:b2:b5:92:8a:cd:2c:68:13:d9:b9:4e:de:91:35:b3:
         46:19:8a:2c:ac:f1:a7:24:e4:e1:4a:8b:c8:5e:78:9f:1e:67:
         79:77:0f:50:43:43:01:43:f8:26:40:46:af:29:dd:66:de:9d:
         f4:19:39:8f:be:1d:c6:d9:8f:16:1f:2c:14:d6:c6:6c:1b:98:
         2b:74:54:3f:f5:38:98:fc:86:65:bb:cf:0a:be:2d:b0:94:70:
         81:bb:5f:d4:3e:97:34:29:b6:0d:35:df:a6:03:b6:62:b1:b8:
         e6:9a:c3:cc:07:36:99:2d:62:9c:b7:6f:d0:66:dc:7c:2a:84:
         cf:90:b2:bf:fe:a2:d5:ac:9e:55:ff:4e:48:bc:28:95:f5:ba:
         7e:2f:ab:48:9a:97:7b:61:09:40:56:03:75:df:28:f3:63:c3:
         d8:94:ac:df:5d:6a:6f:8a:e7:c8:d7:3e:e9:92:94:29:9f:e0:
         c2:62:8d:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSPraSEhsq3wDq3hCLoIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzg4MjBjZjE4MzQ0NzFlZmFkZGQxYWUyMjM0ZTg4YzkzYzEyMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg/Rk5HViGoBC1Cu/X535AAumO62
qoCWgmDiuNIAvxw3j49cpB0/Rv4aXgXcTDf2py4Fpq+mE2n5guDtOwdYkSoKDAsE
wMRwppkKI2D4kcTmpc0mjsLcXFdm15Xje2awIyMNZHHrj154aQSIZ6V2kIkOURb7
lCYu/rMCjMITBagB+lNckBTxOUPSkYOQz8VBtuB2q1J8GlyfIioH/lXxJ91wPg5s
3JpWm4LkkeEvBGXkWAwuNUTQlB3O6Tx8gOps6E0y4N6WphwC4o96GJHMxyQzla+D
Iw+eYzeiIRJtLx7OYnn+LB4EOLpy5MU7s9g0PMU1yAvb3qXzQDEbomnrKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAeIIM8YNEce+t3RriI06IyTwSGVMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvQjRnZ3p4ZzBSeDc2M2RHdUlqVG9qSlBCSVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgARwAA4
MA0GCSqGSIb3DQEBCwUAA4IBAQBLLCC/KNR94S8AHcl8QFsk0ECtCkWBpygiEOF9
RZS+7HX/lm356B0lKHoUIwlkt4FQqOanIxa6krnPnVxhfnTI5kXGzU2F2Anb1Huy
tZKKzSxoE9m5Tt6RNbNGGYosrPGnJOThSovIXnifHmd5dw9QQ0MBQ/gmQEavKd1m
3p30GTmPvh3G2Y8WHywU1sZsG5grdFQ/9TiY/IZlu88Kvi2wlHCBu1/UPpc0KbYN
Nd+mA7ZisbjmmsPMBzaZLWKct2/QZtx8KoTPkLK//qLVrJ5V/05IvCiV9bp+L6tI
mpd7YQlAVgN13yjzY8PYlKzfXWpviufI1z7pkpQpn+DCYo1o
-----END CERTIFICATE-----