Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/fN8NDnxCUfZEKFZ_eoNGOjxvkyY.roa
File:                     fN8NDnxCUfZEKFZ_eoNGOjxvkyY.roa (raw, json)
Hash identifier:          Evj1tbQ3gAo87o+97aSEvUMzpqxEMM2P9tx1vR6Izqk=
Subject key identifier:   7C:DF:0D:0E:7C:42:51:F6:44:28:56:7F:7A:83:46:3A:3C:6F:93:26
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC5015A7C8992EF0E3E49D7FE0EF3A228
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/fN8NDnxCUfZEKFZ_eoNGOjxvkyY.roa
Signing time:             Mon 01 Jan 2024 12:30:49 +0000
ROA not before:           Mon 01 Jan 2024 12:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209474
IP address blocks:        2a0f:6580:108::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:5a:7c:89:92:ef:0e:3e:49:d7:fe:0e:f3:a2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cdf0d0e7c4251f64428567f7a83463a3c6f9326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9f:2c:4b:64:a7:59:46:b8:07:4b:e8:8f:91:
                    0c:76:28:a7:74:d9:df:85:17:4b:26:f8:9a:01:97:
                    ef:44:4a:aa:cd:36:4e:8d:cd:5e:15:a6:c4:c7:b9:
                    87:5f:d9:90:fe:5e:3a:a1:b5:99:42:6a:15:8a:a6:
                    2a:c3:7e:22:a7:1f:5f:f7:e1:64:96:40:7b:a6:0d:
                    20:5a:f4:b7:27:c8:d1:7b:59:6a:95:5f:61:5c:8b:
                    65:ef:f7:60:66:f3:4a:d5:f6:8c:39:a0:ad:85:2b:
                    3c:5f:ae:c1:e7:cb:17:93:e4:8e:8f:bd:87:6a:9e:
                    16:fb:ee:a9:e9:c9:0d:77:36:c9:1a:67:de:14:c9:
                    03:68:cc:41:54:cc:7b:d9:b2:8e:9e:82:c5:02:ae:
                    4f:df:ee:bb:b9:a7:03:aa:46:b9:45:1a:83:fc:02:
                    d9:25:0a:5a:64:a9:b5:fd:f4:a6:e7:bf:75:83:02:
                    0f:2f:c1:a3:3e:62:4a:c5:80:8a:c8:23:6a:e4:81:
                    3a:df:47:5b:e9:93:b1:03:ed:3a:95:12:2a:9c:f3:
                    51:15:e2:58:d4:0a:50:05:ba:e5:4a:56:78:c2:14:
                    f1:4b:23:a9:ea:e7:44:f4:11:51:55:ee:ec:db:7e:
                    48:db:d4:75:cb:f3:f2:4a:57:a6:d0:8a:f1:a3:5a:
                    7e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:DF:0D:0E:7C:42:51:F6:44:28:56:7F:7A:83:46:3A:3C:6F:93:26
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/fN8NDnxCUfZEKFZ_eoNGOjxvkyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:6d:e8:86:09:9d:38:19:de:34:1e:27:b0:63:7f:ef:9c:c3:
         28:e9:2b:94:ed:e0:aa:04:7f:e9:68:78:2e:5d:85:56:5b:40:
         18:2d:1e:f3:1d:1c:5c:87:84:03:65:d0:cf:4c:4f:4c:99:74:
         6e:05:32:08:99:35:09:1a:e2:f2:4b:8a:fa:49:4c:37:7c:5f:
         8f:21:29:a2:37:2f:fb:d1:7d:5d:5f:45:f7:58:ce:38:3b:50:
         4d:b8:dd:c8:ec:97:de:63:34:26:47:4c:d2:fe:97:76:1a:99:
         72:ff:8a:3e:5a:45:e2:6c:a6:32:de:2e:bd:fc:fb:7f:df:49:
         b0:97:d3:cb:4d:39:f0:e2:b4:92:41:e6:e9:25:eb:21:af:fa:
         68:8e:df:03:ea:c5:8e:8c:cc:2b:91:86:c7:ab:c1:ed:1d:99:
         8b:33:e1:06:f6:ac:43:c0:7b:58:eb:b6:49:fb:4f:4f:7e:bb:
         8e:3f:f0:e5:f3:28:36:44:a0:ed:7d:55:ca:5f:c7:7c:56:4b:
         73:5b:18:25:c8:72:ea:a7:5c:00:5a:0b:60:42:4c:d9:7e:c5:
         a3:50:58:0a:fb:b2:50:6c:f5:17:97:cd:19:df:9d:33:f3:0e:
         00:5e:53:ef:07:d5:5b:b7:3e:8f:e6:0e:21:7e:db:68:81:22:
         ff:58:10:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAVp8iZLvDj5J1/4O86IoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2RmMGQwZTdjNDI1MWY2NDQyODU2N2Y3YTgzNDYzYTNjNmY5MzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ8sS2SnWUa4B0voj5EMdiindNnf
hRdLJviaAZfvREqqzTZOjc1eFabEx7mHX9mQ/l46obWZQmoViqYqw34ipx9f9+Fk
lkB7pg0gWvS3J8jRe1lqlV9hXItl7/dgZvNK1faMOaCthSs8X67B58sXk+SOj72H
ap4W++6p6ckNdzbJGmfeFMkDaMxBVMx72bKOnoLFAq5P3+67uacDqka5RRqD/ALZ
JQpaZKm1/fSm5791gwIPL8GjPmJKxYCKyCNq5IE630db6ZOxA+06lRIqnPNRFeJY
1ApQBbrlSlZ4whTxSyOp6udE9BFRVe7s235I29R1y/PySlem0Irxo1p+BwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHzfDQ58QlH2RChWf3qDRjo8b5MmMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvZk44TkRueENVZlpFS0ZaX2VvTkdPanh2a3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEI
MA0GCSqGSIb3DQEBCwUAA4IBAQCabeiGCZ04Gd40HiewY3/vnMMo6SuU7eCqBH/p
aHguXYVWW0AYLR7zHRxch4QDZdDPTE9MmXRuBTIImTUJGuLyS4r6SUw3fF+PISmi
Ny/70X1dX0X3WM44O1BNuN3I7JfeYzQmR0zS/pd2Gply/4o+WkXibKYy3i69/Pt/
30mwl9PLTTnw4rSSQebpJeshr/pojt8D6sWOjMwrkYbHq8HtHZmLM+EG9qxDwHtY
67ZJ+09PfruOP/Dl8yg2RKDtfVXKX8d8VktzWxglyHLqp1wAWgtgQkzZfsWjUFgK
+7JQbPUXl80Z350z8w4AXlPvB9Vbtz6P5g4hfttogSL/WBBf
-----END CERTIFICATE-----