Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uE7fBnbRHYfmBCkHPxXmbGGjA8o.roa
File:                     uE7fBnbRHYfmBCkHPxXmbGGjA8o.roa (raw, json)
Hash identifier:          qoYnsB8xu2nQbGo8D50i97IapNq2JumQn04kxc9+nE0=
Subject key identifier:   B8:4E:DF:06:76:D1:1D:87:E6:04:29:07:3F:15:E6:6C:61:A3:03:CA
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF4A77666C6347C91723E57FABA69
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uE7fBnbRHYfmBCkHPxXmbGGjA8o.roa
Signing time:             Mon 01 Jan 2024 16:30:41 +0000
ROA not before:           Mon 01 Jan 2024 16:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38008
IP address blocks:        2a0f:607:1060::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f4:a7:76:66:c6:34:7c:91:72:3e:57:fa:ba:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b84edf0676d11d87e60429073f15e66c61a303ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:28:9d:af:6a:dc:25:db:5a:8f:b0:8d:b0:9f:
                    8f:d9:0a:1e:f0:6b:21:49:5c:38:08:33:90:9b:70:
                    4b:94:d9:2b:a2:d7:33:1e:aa:9b:56:e5:87:e1:70:
                    10:3b:d6:e6:12:52:65:16:0d:2a:e8:e2:f5:ba:70:
                    25:9e:6a:ab:77:ba:36:52:54:d1:10:c7:78:f1:a9:
                    77:a2:4c:4d:d0:41:6c:0f:d5:16:ad:08:cc:bc:8e:
                    b5:81:00:e9:f0:85:c2:4a:a2:01:be:0e:1d:3e:24:
                    f9:60:2b:a3:19:26:34:85:0e:15:12:11:2c:00:9a:
                    07:18:6f:77:2d:4b:c8:94:26:29:de:bb:d7:f2:e3:
                    c1:b1:04:1b:56:55:24:02:68:fe:18:a5:cc:42:fd:
                    a1:7f:cc:af:5f:d9:48:d5:2c:52:85:bc:7e:9c:62:
                    0d:3e:ef:2a:38:9a:e0:71:c6:d9:cd:58:22:39:7b:
                    fd:1a:9f:69:44:97:ff:65:9b:14:e4:ad:42:23:96:
                    b3:70:b5:1a:81:c2:9d:c8:14:16:1c:a4:03:cf:49:
                    13:01:96:9f:b6:07:32:1a:d7:d3:7a:86:c6:77:4d:
                    a4:03:44:ef:23:7b:e4:1b:8b:79:61:da:cc:c1:7d:
                    f3:d1:3f:3f:c1:32:42:cb:d0:b9:1d:8e:c6:60:e3:
                    61:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:4E:DF:06:76:D1:1D:87:E6:04:29:07:3F:15:E6:6C:61:A3:03:CA
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/uE7fBnbRHYfmBCkHPxXmbGGjA8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1060::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:3d:88:72:10:79:25:48:bb:cb:7a:90:64:ef:a8:26:ed:b9:
         8e:ad:c3:de:e7:a9:b0:a1:5e:90:b4:b3:2b:a9:c1:d3:fb:d5:
         67:bb:fe:d0:1a:8c:c3:a2:02:00:ac:5c:44:3e:47:00:1a:d3:
         7c:3a:8d:e6:6c:1a:28:1a:16:e3:5d:78:40:99:16:46:0c:e7:
         b0:fb:3a:27:9d:7f:74:da:df:98:e2:73:ad:8b:7c:ec:b5:d8:
         8e:d5:9c:b7:52:db:bd:dd:d9:bb:70:a9:7f:99:32:c0:5a:9f:
         44:7c:5f:6b:53:9a:aa:51:e2:1a:88:37:36:24:d7:3a:97:33:
         d7:e3:eb:83:f4:6c:6e:8e:c8:57:c7:79:7c:ec:d6:37:28:13:
         36:c7:9c:65:de:0e:89:15:e8:96:82:4e:ea:8a:82:45:f7:75:
         1c:30:10:95:56:70:49:9d:cf:32:e9:90:90:f0:99:08:0d:94:
         16:d4:a5:ad:cf:e5:12:ac:32:da:81:33:aa:58:ce:2c:68:e0:
         71:fb:a9:92:ff:44:c3:02:30:02:55:68:2a:ef:c2:bd:e0:a0:
         0f:8f:c6:45:36:b2:73:c5:3c:84:eb:76:d5:cf:09:8b:b1:57:
         25:ba:3c:fd:a8:f7:f1:5b:cc:82:18:93:08:ab:84:fa:2c:d1:
         8c:83:72:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PSndmbGNHyRcj5X+rppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODRlZGYwNjc2ZDExZDg3ZTYwNDI5MDczZjE1ZTY2YzYxYTMwM2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliidr2rcJdtaj7CNsJ+P2Qoe8Gsh
SVw4CDOQm3BLlNkrotczHqqbVuWH4XAQO9bmElJlFg0q6OL1unAlnmqrd7o2UlTR
EMd48al3okxN0EFsD9UWrQjMvI61gQDp8IXCSqIBvg4dPiT5YCujGSY0hQ4VEhEs
AJoHGG93LUvIlCYp3rvX8uPBsQQbVlUkAmj+GKXMQv2hf8yvX9lI1SxShbx+nGIN
Pu8qOJrgccbZzVgiOXv9Gp9pRJf/ZZsU5K1CI5azcLUagcKdyBQWHKQDz0kTAZaf
tgcyGtfTeobGd02kA0TvI3vkG4t5YdrMwX3z0T8/wTJCy9C5HY7GYONhKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLhO3wZ20R2H5gQpBz8V5mxhowPKMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvdUU3ZkJuYlJIWWZtQkNrSFB4WG1iR0dqQThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxBg
MA0GCSqGSIb3DQEBCwUAA4IBAQB9PYhyEHklSLvLepBk76gm7bmOrcPe56mwoV6Q
tLMrqcHT+9Vnu/7QGozDogIArFxEPkcAGtN8Oo3mbBooGhbjXXhAmRZGDOew+zon
nX902t+Y4nOti3zstdiO1Zy3Utu93dm7cKl/mTLAWp9EfF9rU5qqUeIaiDc2JNc6
lzPX4+uD9GxujshXx3l87NY3KBM2x5xl3g6JFeiWgk7qioJF93UcMBCVVnBJnc8y
6ZCQ8JkIDZQW1KWtz+USrDLagTOqWM4saOBx+6mS/0TDAjACVWgq78K94KAPj8ZF
NrJzxTyE63bVzwmLsVclujz9qPfxW8yCGJMIq4T6LNGMg3Jt
-----END CERTIFICATE-----