Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/FwnaWIz2mF3qmyQF3TgYaddFip0.roa
File:                     FwnaWIz2mF3qmyQF3TgYaddFip0.roa (raw, json)
Hash identifier:          zDVL4fF1+4JmkeNJFodWO/2zK1Nys25GwDGc6Q/jpXY=
Subject key identifier:   17:09:DA:58:8C:F6:98:5D:EA:9B:24:05:DD:38:18:69:D7:45:8A:9D
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018D83C22657E52A9585CE7072A2793852F0
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/FwnaWIz2mF3qmyQF3TgYaddFip0.roa
Signing time:             Wed 07 Feb 2024 13:29:15 +0000
ROA not before:           Wed 07 Feb 2024 13:29:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215560
IP address blocks:        2a0f:6580:115::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:c2:26:57:e5:2a:95:85:ce:70:72:a2:79:38:52:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Feb  7 13:29:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1709da588cf6985dea9b2405dd381869d7458a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8e:94:d1:9d:60:c8:f3:11:79:c9:de:5d:6b:
                    7f:e7:c0:df:7e:7a:71:3f:b8:15:68:74:63:f8:3b:
                    a9:e0:16:ad:cd:ae:8c:96:5b:c9:88:3e:8a:e3:52:
                    0e:76:2e:d2:a2:39:7a:76:0f:08:03:d1:40:e8:6e:
                    33:31:b2:34:15:97:dd:e9:13:a6:c6:de:a2:82:b5:
                    39:4e:6f:27:3a:26:28:46:f0:c0:2b:80:d8:59:62:
                    f9:e4:4e:d7:af:dc:94:7e:0f:d2:bd:1a:30:35:cb:
                    a6:28:38:a3:4a:f4:fa:cd:17:dc:b0:2e:b4:b9:29:
                    86:a0:2e:c1:11:62:f5:01:33:39:6b:8b:65:9d:12:
                    d4:f2:2d:8c:71:fb:ea:25:77:fe:d2:7a:a7:9a:84:
                    84:4d:32:53:a9:07:3f:e1:3d:5f:24:e6:24:41:fd:
                    8c:d0:59:df:dd:4b:f0:1c:58:d0:cf:86:11:42:96:
                    6e:05:00:0a:ed:bd:37:bf:44:ce:2c:f1:29:b0:a3:
                    0f:94:da:db:67:53:3d:c1:75:49:b4:c1:f9:2f:e7:
                    f4:2d:2e:88:6f:00:b6:b8:4d:6f:c7:be:54:89:e5:
                    31:fc:52:09:fc:3d:6f:d5:98:db:ab:42:39:f6:10:
                    58:6f:83:51:5c:ba:0e:84:d3:6e:a7:ba:95:41:1f:
                    47:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:09:DA:58:8C:F6:98:5D:EA:9B:24:05:DD:38:18:69:D7:45:8A:9D
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/FwnaWIz2mF3qmyQF3TgYaddFip0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:115::/48

    Signature Algorithm: sha256WithRSAEncryption
         cf:61:be:89:c7:e3:5d:eb:33:f7:a9:87:72:d3:ef:ce:2f:4d:
         7d:77:46:b3:c9:02:8e:79:c3:05:30:66:d2:3e:5e:20:37:ba:
         4c:7d:fc:9a:e7:e9:78:2d:39:a0:ae:99:50:aa:d4:cc:1f:cf:
         03:d8:b7:fd:82:b8:ed:c2:f8:d7:63:f7:21:c6:de:2e:b1:fb:
         28:9f:c2:2c:e2:bf:01:10:a5:1e:dd:96:06:8d:42:c3:09:f4:
         43:a9:f2:ea:2b:60:e9:21:76:0c:35:f3:d6:98:3e:4f:7a:12:
         1f:34:20:a7:88:45:26:42:7b:51:06:a7:0e:51:9f:d3:88:77:
         e4:7e:39:0d:69:0b:51:ba:1f:eb:80:e6:f5:b0:4a:ba:ce:c2:
         d8:4d:36:b3:39:36:56:ad:d8:23:71:90:9e:75:a9:fc:36:46:
         43:a5:e5:da:ef:4d:32:ed:d3:41:1b:44:91:5d:4d:81:42:4f:
         50:2d:0f:31:8c:94:f6:bf:e6:b0:a1:3d:d3:32:d6:07:ef:bc:
         63:e4:94:41:a9:f9:70:d4:ab:92:69:be:bb:5e:ff:3d:e6:0f:
         f4:df:06:8c:89:c1:55:89:5b:5c:0a:18:d5:1e:7a:2a:95:57:
         56:10:a1:60:39:e3:05:1b:91:2d:94:e7:55:6b:92:b4:54:e8:
         f1:3c:9f:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2DwiZX5SqVhc5wcqJ5OFLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMjA3MTMyOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzA5ZGE1ODhjZjY5ODVkZWE5YjI0MDVkZDM4MTg2OWQ3NDU4YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI6U0Z1gyPMRecneXWt/58Dffnpx
P7gVaHRj+Dup4Batza6MllvJiD6K41IOdi7Sojl6dg8IA9FA6G4zMbI0FZfd6ROm
xt6igrU5Tm8nOiYoRvDAK4DYWWL55E7Xr9yUfg/SvRowNcumKDijSvT6zRfcsC60
uSmGoC7BEWL1ATM5a4tlnRLU8i2McfvqJXf+0nqnmoSETTJTqQc/4T1fJOYkQf2M
0Fnf3UvwHFjQz4YRQpZuBQAK7b03v0TOLPEpsKMPlNrbZ1M9wXVJtMH5L+f0LS6I
bwC2uE1vx75UieUx/FIJ/D1v1Zjbq0I59hBYb4NRXLoOhNNup7qVQR9HrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBcJ2liM9phd6pskBd04GGnXRYqdMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvRnduYVdJejJtRjNxbXlRRjNUZ1lhZGRGaXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEV
MA0GCSqGSIb3DQEBCwUAA4IBAQDPYb6Jx+Nd6zP3qYdy0+/OL019d0azyQKOecMF
MGbSPl4gN7pMffya5+l4LTmgrplQqtTMH88D2Lf9grjtwvjXY/chxt4usfson8Is
4r8BEKUe3ZYGjULDCfRDqfLqK2DpIXYMNfPWmD5PehIfNCCniEUmQntRBqcOUZ/T
iHfkfjkNaQtRuh/rgOb1sEq6zsLYTTazOTZWrdgjcZCedan8NkZDpeXa700y7dNB
G0SRXU2BQk9QLQ8xjJT2v+awoT3TMtYH77xj5JRBqflw1KuSab67Xv895g/03waM
icFViVtcChjVHnoqlVdWEKFgOeMFG5EtlOdVa5K0VOjxPJ+p
-----END CERTIFICATE-----