Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/190d47-68da-44d2-950e-37664d75b254/1/CzaGiilaZyLyTQ5tMRAS3a9Cbwk.roa
File:                     CzaGiilaZyLyTQ5tMRAS3a9Cbwk.roa (raw, json)
Hash identifier:          XQWtoXgkUEha6xe9XURfqAfLJfXEW2YTqQ0uWWTHVJw=
Subject key identifier:   0B:36:86:8A:29:5A:67:22:F2:4D:0E:6D:31:10:12:DD:AF:42:6F:09
Certificate issuer:       /CN=b7ac780eb2042c8c57001b65ef156e6f5931239b
Certificate serial:       018CC727527B994BAC5E303A9611FAD33EE5
Authority key identifier: B7:AC:78:0E:B2:04:2C:8C:57:00:1B:65:EF:15:6E:6F:59:31:23:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t6x4DrIELIxXABtl7xVub1kxI5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/190d47-68da-44d2-950e-37664d75b254/1/CzaGiilaZyLyTQ5tMRAS3a9Cbwk.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47292
IP address blocks:        2a0b:7e00::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/190d47-68da-44d2-950e-37664d75b254/1/t6x4DrIELIxXABtl7xVub1kxI5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/190d47-68da-44d2-950e-37664d75b254/1/t6x4DrIELIxXABtl7xVub1kxI5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t6x4DrIELIxXABtl7xVub1kxI5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:52:7b:99:4b:ac:5e:30:3a:96:11:fa:d3:3e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7ac780eb2042c8c57001b65ef156e6f5931239b
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b36868a295a6722f24d0e6d311012ddaf426f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a2:3b:6e:f2:97:73:2e:14:73:8d:de:8e:13:
                    1b:e1:0e:df:f1:57:30:03:e5:df:8a:4b:c2:2b:67:
                    1a:d2:ff:2e:2d:65:42:db:d3:2f:3d:9e:ac:b9:19:
                    d5:d7:0c:ed:df:0f:5d:9a:7e:8e:b6:79:ba:d8:1c:
                    3d:7b:ab:b6:4b:b3:5f:b8:a8:cd:3b:16:f4:7b:a6:
                    68:d2:b3:46:11:d6:0b:d7:43:c6:9a:66:39:59:1f:
                    0a:80:07:fa:9f:70:14:dc:45:88:6a:8c:0a:ad:d7:
                    74:4a:53:24:b1:4f:f4:23:e6:fb:a3:7d:53:be:74:
                    5c:14:2c:ba:95:75:24:91:85:84:86:b0:9f:d6:f7:
                    5f:a9:fd:56:14:89:be:54:6b:17:97:7c:8a:40:9e:
                    a3:f2:1b:8e:bb:28:e9:89:97:6d:bf:49:8c:87:22:
                    54:1b:9b:8d:7a:e1:53:92:06:63:10:59:6f:8a:b8:
                    1e:3a:7f:52:57:10:17:16:82:cc:fd:6d:6c:15:39:
                    b8:f7:a5:c3:00:16:a7:0a:f8:2c:45:d0:a0:71:b7:
                    03:72:0d:41:5b:2e:44:7a:13:42:31:fe:97:47:24:
                    7d:41:f5:07:5a:8b:eb:65:e5:1e:8e:eb:98:fb:dd:
                    f0:6d:bb:7e:1f:eb:47:2f:85:07:03:cd:7a:4a:71:
                    4a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:36:86:8A:29:5A:67:22:F2:4D:0E:6D:31:10:12:DD:AF:42:6F:09
            X509v3 Authority Key Identifier:
                keyid:B7:AC:78:0E:B2:04:2C:8C:57:00:1B:65:EF:15:6E:6F:59:31:23:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t6x4DrIELIxXABtl7xVub1kxI5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/190d47-68da-44d2-950e-37664d75b254/1/CzaGiilaZyLyTQ5tMRAS3a9Cbwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/190d47-68da-44d2-950e-37664d75b254/1/t6x4DrIELIxXABtl7xVub1kxI5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7e00::/36

    Signature Algorithm: sha256WithRSAEncryption
         38:38:b7:f3:78:f5:b9:1a:c7:9e:3b:5e:3c:08:f9:c7:af:86:
         1c:e2:89:d7:1b:15:c3:ec:46:e5:8b:8e:dc:8c:ba:35:5d:29:
         0a:5b:8c:a8:5a:c9:11:8d:a6:87:af:99:d2:a1:5f:23:36:e1:
         56:1c:d9:5a:5b:10:05:90:98:df:5f:12:39:e1:51:97:c2:3d:
         6a:38:1e:c9:7c:07:cf:d6:ea:8f:11:53:e7:cc:24:7a:86:72:
         02:53:eb:22:8b:6b:df:1d:4c:12:da:30:74:65:e5:d9:f4:15:
         6c:25:31:a6:8e:75:eb:19:dd:a4:53:62:e1:7a:28:10:6e:9f:
         cc:d6:09:86:ae:bb:db:96:ed:bf:dc:e0:25:96:e4:42:68:e2:
         a9:6f:5e:a4:3a:93:a4:9c:da:a7:1e:89:90:f1:0f:96:6f:b4:
         ab:12:5c:cf:81:ba:72:69:92:c4:c2:d1:49:95:7c:0a:74:fb:
         1c:21:6c:df:85:10:27:39:f9:1c:06:42:d3:8e:43:77:44:cd:
         fd:6a:7d:a3:ad:5f:54:68:2d:21:42:30:74:d4:ab:75:4d:eb:
         19:60:b9:54:a8:af:7e:3a:55:d2:c3:83:de:13:87:11:98:66:
         af:ac:cc:77:cd:4f:59:70:88:63:d4:2e:be:9a:01:2f:b8:d5:
         d3:8a:1f:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1J7mUusXjA6lhH60z7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YWM3ODBlYjIwNDJjOGM1NzAwMWI2NWVmMTU2ZTZmNTkz
MTIzOWIwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjM2ODY4YTI5NWE2NzIyZjI0ZDBlNmQzMTEwMTJkZGFmNDI2ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqI7bvKXcy4Uc43ejhMb4Q7f8Vcw
A+XfikvCK2ca0v8uLWVC29MvPZ6suRnV1wzt3w9dmn6Otnm62Bw9e6u2S7NfuKjN
Oxb0e6Zo0rNGEdYL10PGmmY5WR8KgAf6n3AU3EWIaowKrdd0SlMksU/0I+b7o31T
vnRcFCy6lXUkkYWEhrCf1vdfqf1WFIm+VGsXl3yKQJ6j8huOuyjpiZdtv0mMhyJU
G5uNeuFTkgZjEFlvirgeOn9SVxAXFoLM/W1sFTm496XDABanCvgsRdCgcbcDcg1B
Wy5EehNCMf6XRyR9QfUHWovrZeUejuuY+93wbbt+H+tHL4UHA816SnFKhwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAs2hoopWmci8k0ObTEQEt2vQm8JMB8GA1UdIwQY
MBaAFLeseA6yBCyMVwAbZe8Vbm9ZMSObMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDZ4NERySUVMSXhYQUJ0bDd4VnViMWt4STVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xOTBkNDctNjhkYS00NGQyLTk1MGUt
Mzc2NjRkNzViMjU0LzEvQ3phR2lpbGFaeUx5VFE1dE1SQVMzYTlDYndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xOTBkNDctNjhkYS00NGQyLTk1MGUtMzc2NjRkNzViMjU0
LzEvdDZ4NERySUVMSXhYQUJ0bDd4VnViMWt4STVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgt+AAAw
DQYJKoZIhvcNAQELBQADggEBADg4t/N49bkax547XjwI+cevhhziidcbFcPsRuWL
jtyMujVdKQpbjKhayRGNpoevmdKhXyM24VYc2VpbEAWQmN9fEjnhUZfCPWo4Hsl8
B8/W6o8RU+fMJHqGcgJT6yKLa98dTBLaMHRl5dn0FWwlMaaOdesZ3aRTYuF6KBBu
n8zWCYauu9uW7b/c4CWW5EJo4qlvXqQ6k6Sc2qceiZDxD5ZvtKsSXM+BunJpksTC
0UmVfAp0+xwhbN+FECc5+RwGQtOOQ3dEzf1qfaOtX1RoLSFCMHTUq3VN6xlguVSo
r346VdLDg94ThxGYZq+szHfNT1lwiGPULr6aAS+41dOKH4I=
-----END CERTIFICATE-----