Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/M9uny4rY1hRqvDOjZqUkW-qwl-k.roa
File:                     M9uny4rY1hRqvDOjZqUkW-qwl-k.roa (raw, json)
Hash identifier:          IKbC1Rmx1suyRe0qCGXus0whW/gNpvE1d6Jqa78CaiA=
Subject key identifier:   33:DB:A7:CB:8A:D8:D6:14:6A:BC:33:A3:66:A5:24:5B:EA:B0:97:E9
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B79BE46A9D4753917995B79A4542B
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/M9uny4rY1hRqvDOjZqUkW-qwl-k.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138987
IP address blocks:        2a0d:1a40:faf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 22:57:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:79:be:46:a9:d4:75:39:17:99:5b:79:a4:54:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33dba7cb8ad8d6146abc33a366a5245beab097e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a8:eb:51:b0:76:d2:fa:75:18:f2:76:5a:ce:
                    4e:93:50:e1:0e:aa:29:90:f9:45:88:bf:fe:05:9a:
                    56:31:8c:1e:23:a2:a0:b7:44:69:04:47:12:a3:49:
                    c4:3d:ec:2a:7c:9c:a0:49:cd:be:0c:a0:bd:c4:4d:
                    e3:5c:b7:94:7d:fd:91:e9:f2:1a:16:a0:05:1a:cf:
                    92:5b:31:09:2e:66:ea:47:da:d4:98:16:f5:81:08:
                    df:de:79:a6:c8:f5:b5:1b:7d:08:0a:f6:c0:56:c3:
                    e6:fa:a2:be:d7:70:bc:08:de:23:cc:e9:11:99:b5:
                    a8:b8:0c:72:e9:31:12:3f:d2:5a:f9:67:b6:b5:53:
                    43:b1:a7:5c:2e:f4:9c:06:c3:81:45:ff:50:25:a2:
                    96:33:84:7f:04:88:0a:63:3f:82:e8:e8:17:cc:b5:
                    78:8d:22:a8:8d:e5:1b:29:f1:ba:66:9b:3f:3f:0b:
                    38:1a:9b:6f:8d:50:f4:ae:ee:c9:bc:9e:73:04:e4:
                    b5:98:39:f7:69:9c:c6:16:c4:d5:d7:1e:46:55:77:
                    85:7e:62:11:be:ed:9d:c9:ed:ef:69:bf:40:ea:3c:
                    c0:4e:54:8c:14:a4:9f:a3:a2:1e:80:97:d0:02:f8:
                    3d:b4:9a:4d:5b:55:82:b2:4c:98:92:b7:a8:bd:d8:
                    93:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DB:A7:CB:8A:D8:D6:14:6A:BC:33:A3:66:A5:24:5B:EA:B0:97:E9
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/M9uny4rY1hRqvDOjZqUkW-qwl-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:faf::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:33:0d:f0:1f:11:12:4a:39:17:7e:1d:ef:04:89:1d:9d:2c:
         b2:6b:1c:0a:89:60:d9:c6:6a:24:b3:79:47:e4:16:59:66:1c:
         7f:c9:1d:c8:48:5d:ce:d5:8e:dd:93:c3:02:69:b8:cc:7c:d9:
         3d:57:a3:8e:54:03:29:1b:5b:f5:93:48:a2:9e:44:b4:ca:d8:
         a2:68:59:10:b3:ef:98:36:54:76:19:26:8b:cb:7c:6e:d4:bf:
         fd:56:87:b4:7a:9c:46:91:b6:19:78:e2:f5:bb:16:ac:68:1a:
         9e:d3:4f:a2:7b:a2:cb:be:48:85:b4:92:80:ab:0c:3f:5f:26:
         40:1b:05:32:65:61:ad:2b:a3:61:6b:b5:1c:77:5e:a9:51:85:
         84:54:20:0d:64:0b:85:d7:ef:3a:9c:97:69:79:e6:00:e8:fd:
         67:01:32:69:ee:aa:af:0f:a2:67:0c:57:db:c1:cf:48:a4:d5:
         2a:52:30:4f:62:de:e0:67:47:15:c6:0e:a7:6b:46:b3:b1:b6:
         16:96:11:10:65:46:f6:35:93:75:80:52:a2:9b:67:c9:e7:ec:
         d6:48:6b:08:2a:af:0e:bb:bc:d7:ab:32:cd:be:02:8d:6c:71:
         6f:a4:a7:46:53:ab:29:32:e3:08:c2:9c:32:11:6c:00:64:50:
         94:13:cd:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS3m+RqnUdTkXmVt5pFQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2RiYTdjYjhhZDhkNjE0NmFiYzMzYTM2NmE1MjQ1YmVhYjA5N2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKjrUbB20vp1GPJ2Ws5Ok1DhDqop
kPlFiL/+BZpWMYweI6Kgt0RpBEcSo0nEPewqfJygSc2+DKC9xE3jXLeUff2R6fIa
FqAFGs+SWzEJLmbqR9rUmBb1gQjf3nmmyPW1G30ICvbAVsPm+qK+13C8CN4jzOkR
mbWouAxy6TESP9Ja+We2tVNDsadcLvScBsOBRf9QJaKWM4R/BIgKYz+C6OgXzLV4
jSKojeUbKfG6Zps/Pws4GptvjVD0ru7JvJ5zBOS1mDn3aZzGFsTV1x5GVXeFfmIR
vu2dye3vab9A6jzATlSMFKSfo6IegJfQAvg9tJpNW1WCskyYkreovdiTTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDPbp8uK2NYUarwzo2alJFvqsJfpMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvTTl1bnk0clkxaFJxdkRPalpxVWtXLXF3bC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0aQA+v
MA0GCSqGSIb3DQEBCwUAA4IBAQBcMw3wHxESSjkXfh3vBIkdnSyyaxwKiWDZxmok
s3lH5BZZZhx/yR3ISF3O1Y7dk8MCabjMfNk9V6OOVAMpG1v1k0iinkS0ytiiaFkQ
s++YNlR2GSaLy3xu1L/9Voe0epxGkbYZeOL1uxasaBqe00+ie6LLvkiFtJKAqww/
XyZAGwUyZWGtK6Nha7Ucd16pUYWEVCANZAuF1+86nJdpeeYA6P1nATJp7qqvD6Jn
DFfbwc9IpNUqUjBPYt7gZ0cVxg6na0azsbYWlhEQZUb2NZN1gFKim2fJ5+zWSGsI
Kq8Ou7zXqzLNvgKNbHFvpKdGU6spMuMIwpwyEWwAZFCUE82l
-----END CERTIFICATE-----