Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/fDgow4igK-0xM73aMw708ZJ6Ljs.roa
File:                     fDgow4igK-0xM73aMw708ZJ6Ljs.roa (raw, json)
Hash identifier:          wpDZV1g0+YNpQ+LRCIjzQhfzLEI8QSGizNDplk+q3SY=
Subject key identifier:   7C:38:28:C3:88:A0:2B:ED:31:33:BD:DA:33:0E:F4:F1:92:7A:2E:3B
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018E205206924C680EA9A4CB1470DF50D0E7
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/fDgow4igK-0xM73aMw708ZJ6Ljs.roa
Signing time:             Fri 08 Mar 2024 23:07:10 +0000
ROA not before:           Fri 08 Mar 2024 23:07:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206361
IP address blocks:        2a09:ff00:300::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:20:52:06:92:4c:68:0e:a9:a4:cb:14:70:df:50:d0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Mar  8 23:07:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c3828c388a02bed3133bdda330ef4f1927a2e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:44:9d:48:87:7c:78:c7:f5:55:e1:72:85:52:
                    0b:14:39:3b:21:57:5d:57:1b:75:63:fe:dd:2f:db:
                    11:49:2b:15:f2:ec:f8:e1:93:97:15:df:60:4c:36:
                    69:2b:3b:c2:f4:f6:52:6d:81:30:37:2f:0d:31:8d:
                    b2:b8:6a:ba:a4:10:02:6e:e1:e8:56:ee:cf:90:b9:
                    b6:b8:53:e1:38:d8:a2:40:1d:f5:47:7d:26:de:81:
                    04:f8:8a:23:e9:8e:2f:10:d5:5f:8c:cc:91:81:37:
                    74:8e:ba:c1:c8:bd:c4:c3:83:a6:2b:5a:a6:7e:f4:
                    97:4a:2d:dc:67:e9:b8:56:3e:f0:7f:56:0b:d5:46:
                    55:1a:ce:aa:64:ed:b8:de:31:b2:20:86:fd:55:7e:
                    5d:10:12:7b:a0:cf:2d:df:77:c5:ff:86:ed:1f:af:
                    57:9b:af:6d:4b:b0:52:68:37:36:86:9f:3c:95:55:
                    01:38:9f:89:73:19:c0:b9:0a:b2:9a:d0:aa:3f:9c:
                    63:1b:e2:1c:22:b2:46:47:6d:40:97:af:c4:b3:74:
                    9b:18:33:10:d9:d3:8f:e2:47:e7:da:84:a2:23:5f:
                    7d:b6:aa:dd:03:78:44:43:ec:d9:f2:f4:50:3b:dd:
                    b2:88:55:1a:cf:57:76:ce:f4:2f:0b:8c:5a:6d:10:
                    23:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:38:28:C3:88:A0:2B:ED:31:33:BD:DA:33:0E:F4:F1:92:7A:2E:3B
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/fDgow4igK-0xM73aMw708ZJ6Ljs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ff00:300::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:6a:4d:88:e1:f1:27:bd:1b:19:b5:6d:fa:9e:39:66:15:22:
         dc:80:a5:d7:51:ed:13:89:f6:a2:94:e5:47:27:33:bd:c5:76:
         c6:10:12:5f:fd:a1:d5:cd:29:2d:50:cf:90:db:86:a1:d7:51:
         4d:c8:cf:07:95:56:1b:5a:2b:1f:e2:42:9c:94:99:36:4b:01:
         e5:93:64:e1:92:98:0b:39:20:81:64:5d:aa:f5:62:ea:a5:d0:
         84:23:b6:f5:c5:64:c0:26:c2:7e:97:3e:22:a5:54:75:82:da:
         5f:5d:01:55:16:ab:6c:f3:75:e2:38:ff:20:5a:b4:48:4d:ff:
         d2:d3:22:f5:85:47:af:fe:4d:48:77:42:ea:bd:6e:25:1f:d5:
         09:52:0f:3d:5a:89:02:4a:f9:a0:40:a8:c2:24:28:26:8b:04:
         ac:da:8c:3e:07:e5:11:59:72:96:10:ec:06:6d:46:41:41:3f:
         2f:02:18:00:08:46:a0:a4:7d:55:ff:68:2b:f9:ed:91:1c:f3:
         84:e8:7a:5f:5c:4b:bf:af:16:82:c8:a8:46:d8:da:fb:11:7a:
         0f:6d:06:95:c3:e3:24:14:c0:1a:39:e6:ad:92:c9:91:4a:23:
         15:57:bb:1e:b5:c1:3e:ba:8c:97:63:5c:3f:2c:5b:ef:96:6c:
         8f:99:c7:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4gUgaSTGgOqaTLFHDfUNDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwMzA4MjMwNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzM4MjhjMzg4YTAyYmVkMzEzM2JkZGEzMzBlZjRmMTkyN2EyZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzESdSId8eMf1VeFyhVILFDk7IVdd
Vxt1Y/7dL9sRSSsV8uz44ZOXFd9gTDZpKzvC9PZSbYEwNy8NMY2yuGq6pBACbuHo
Vu7PkLm2uFPhONiiQB31R30m3oEE+Ioj6Y4vENVfjMyRgTd0jrrByL3Ew4OmK1qm
fvSXSi3cZ+m4Vj7wf1YL1UZVGs6qZO243jGyIIb9VX5dEBJ7oM8t33fF/4btH69X
m69tS7BSaDc2hp88lVUBOJ+JcxnAuQqymtCqP5xjG+IcIrJGR21Al6/Es3SbGDMQ
2dOP4kfn2oSiI199tqrdA3hEQ+zZ8vRQO92yiFUaz1d2zvQvC4xabRAj1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHw4KMOIoCvtMTO92jMO9PGSei47MB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvZkRnb3c0aWdLLTB4TTczYU13NzA4Wko2TGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgn/AAMA
MA0GCSqGSIb3DQEBCwUAA4IBAQAIak2I4fEnvRsZtW36njlmFSLcgKXXUe0Tifai
lOVHJzO9xXbGEBJf/aHVzSktUM+Q24ah11FNyM8HlVYbWisf4kKclJk2SwHlk2Th
kpgLOSCBZF2q9WLqpdCEI7b1xWTAJsJ+lz4ipVR1gtpfXQFVFqts83XiOP8gWrRI
Tf/S0yL1hUev/k1Id0LqvW4lH9UJUg89WokCSvmgQKjCJCgmiwSs2ow+B+URWXKW
EOwGbUZBQT8vAhgACEagpH1V/2gr+e2RHPOE6HpfXEu/rxaCyKhG2Nr7EXoPbQaV
w+MkFMAaOeatksmRSiMVV7setcE+uoyXY1w/LFvvlmyPmcd2
-----END CERTIFICATE-----