Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/Ef7qyDs6D7FEatuxd7r2h5kvIjA.roa
File:                     Ef7qyDs6D7FEatuxd7r2h5kvIjA.roa (raw, json)
Hash identifier:          EeYl58nijYOuuqdoIg8QXcoO31SsaKaSSECnmMNwEfQ=
Subject key identifier:   11:FE:EA:C8:3B:3A:0F:B1:44:6A:DB:B1:77:BA:F6:87:99:2F:22:30
Certificate issuer:       /CN=375a064f301026bc3cf87666d6a820128212a811
Certificate serial:       018CC5014C3E224D6BF5CDBDD1E90428C9BD
Authority key identifier: 37:5A:06:4F:30:10:26:BC:3C:F8:76:66:D6:A8:20:12:82:12:A8:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1oGTzAQJrw8-HZm1qggEoISqBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/Ef7qyDs6D7FEatuxd7r2h5kvIjA.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8966
IP address blocks:        2a03:2887:ff0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/N1oGTzAQJrw8-HZm1qggEoISqBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/N1oGTzAQJrw8-HZm1qggEoISqBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1oGTzAQJrw8-HZm1qggEoISqBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:3e:22:4d:6b:f5:cd:bd:d1:e9:04:28:c9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=375a064f301026bc3cf87666d6a820128212a811
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11feeac83b3a0fb1446adbb177baf687992f2230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:77:12:95:be:b3:74:49:dd:03:30:3d:89:aa:
                    00:35:8a:c7:98:d5:ad:29:e6:8e:7a:74:d1:c8:c3:
                    00:95:7b:5a:e5:37:ef:f4:b4:a4:60:93:89:3f:dc:
                    f0:c6:f0:2b:fc:73:27:90:97:d6:62:fb:8a:9b:2e:
                    42:67:90:94:a6:51:8e:8c:35:5c:b6:c0:ae:88:00:
                    a9:33:6e:ee:f7:6e:36:8b:41:cb:98:06:ae:dc:97:
                    1d:ac:57:47:0c:99:41:7c:d9:d2:4d:f2:7e:96:39:
                    d2:ce:12:ee:02:3c:70:f7:2f:6b:b3:f7:10:3e:5a:
                    78:2c:cf:ca:22:5f:20:3f:1e:35:b4:98:64:a2:7c:
                    40:4a:78:da:5c:99:25:96:5d:13:b3:a6:4a:5b:d1:
                    14:63:80:5a:78:3f:7d:00:39:0a:49:08:da:da:64:
                    70:0b:17:2c:2e:5f:14:e4:13:ba:c0:00:e6:ba:9a:
                    d1:86:92:e9:f7:da:93:56:dd:9c:9a:a7:08:66:59:
                    98:80:e3:0e:e0:d7:61:e9:81:42:f3:61:e9:2e:49:
                    38:69:3d:6d:31:02:d9:4c:cc:a8:70:60:87:f2:d4:
                    8e:54:ee:a4:53:c6:8b:f5:d8:35:70:cf:58:7d:b5:
                    07:43:71:35:a9:7d:d3:ff:1e:4d:e7:0e:c1:f4:d4:
                    c5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:FE:EA:C8:3B:3A:0F:B1:44:6A:DB:B1:77:BA:F6:87:99:2F:22:30
            X509v3 Authority Key Identifier:
                keyid:37:5A:06:4F:30:10:26:BC:3C:F8:76:66:D6:A8:20:12:82:12:A8:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1oGTzAQJrw8-HZm1qggEoISqBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/Ef7qyDs6D7FEatuxd7r2h5kvIjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/dc5881-3632-45af-bf59-f44a57ced73d/1/N1oGTzAQJrw8-HZm1qggEoISqBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2887:ff0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:e8:25:39:de:a2:4f:ca:58:d4:06:99:41:7f:d6:b6:2b:fb:
         21:d8:7a:bb:25:47:3b:44:b8:26:90:db:58:42:4c:1d:4e:7b:
         3f:7f:0b:e5:b2:7a:24:bc:86:a0:62:3c:ed:eb:5a:e0:c4:cb:
         7a:c4:da:04:33:91:98:d1:ce:e2:68:2a:ca:9a:fa:9e:be:67:
         75:4e:46:96:10:8d:59:94:09:0d:39:03:7a:2b:c8:e3:6b:61:
         e1:ae:e2:8e:03:95:ce:51:2f:1e:fc:3c:64:96:dc:7e:d5:65:
         d3:6f:d8:db:dc:03:6b:7d:29:03:93:20:28:54:1f:53:84:59:
         21:bf:6c:09:d4:c7:7b:41:22:27:08:92:52:96:85:29:7d:58:
         50:de:48:9f:14:99:ff:03:9b:54:84:b5:0d:b8:89:7f:1c:9c:
         3c:ea:1f:6c:20:be:33:c3:b4:cb:6a:e4:6e:7c:bb:ee:45:c7:
         9e:a3:61:64:b3:e6:b4:ea:7a:0b:d8:fa:cb:7c:47:0d:79:e1:
         4a:83:42:60:c0:0f:19:88:9e:b7:97:37:ca:ea:5a:20:39:e4:
         40:cc:79:de:73:44:19:3b:86:93:c3:24:28:ef:36:c3:52:2a:
         dd:27:85:34:d0:c5:37:6a:bb:a2:ef:12:63:07:13:2f:3b:c8:
         9d:b5:08:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAUw+Ik1r9c290ekEKMm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NWEwNjRmMzAxMDI2YmMzY2Y4NzY2NmQ2YTgyMDEyODIx
MmE4MTEwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWZlZWFjODNiM2EwZmIxNDQ2YWRiYjE3N2JhZjY4Nzk5MmYyMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73cSlb6zdEndAzA9iaoANYrHmNWt
KeaOenTRyMMAlXta5Tfv9LSkYJOJP9zwxvAr/HMnkJfWYvuKmy5CZ5CUplGOjDVc
tsCuiACpM27u9242i0HLmAau3JcdrFdHDJlBfNnSTfJ+ljnSzhLuAjxw9y9rs/cQ
Plp4LM/KIl8gPx41tJhkonxASnjaXJklll0Ts6ZKW9EUY4BaeD99ADkKSQja2mRw
CxcsLl8U5BO6wADmuprRhpLp99qTVt2cmqcIZlmYgOMO4Ndh6YFC82HpLkk4aT1t
MQLZTMyocGCH8tSOVO6kU8aL9dg1cM9YfbUHQ3E1qX3T/x5N5w7B9NTFVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBH+6sg7Og+xRGrbsXe69oeZLyIwMB8GA1UdIwQY
MBaAFDdaBk8wECa8PPh2ZtaoIBKCEqgRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFvR1R6QVFKcnc4LUhabTFxZ2dFb0lTcUJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9kYzU4ODEtMzYzMi00NWFmLWJmNTkt
ZjQ0YTU3Y2VkNzNkLzEvRWY3cXlEczZEN0ZFYXR1eGQ3cjJoNWt2SWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9kYzU4ODEtMzYzMi00NWFmLWJmNTktZjQ0YTU3Y2VkNzNk
LzEvTjFvR1R6QVFKcnc4LUhabTFxZ2dFb0lTcUJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMoh/8M
MA0GCSqGSIb3DQEBCwUAA4IBAQBX6CU53qJPyljUBplBf9a2K/sh2Hq7JUc7RLgm
kNtYQkwdTns/fwvlsnokvIagYjzt61rgxMt6xNoEM5GY0c7iaCrKmvqevmd1TkaW
EI1ZlAkNOQN6K8jja2HhruKOA5XOUS8e/Dxkltx+1WXTb9jb3ANrfSkDkyAoVB9T
hFkhv2wJ1Md7QSInCJJSloUpfVhQ3kifFJn/A5tUhLUNuIl/HJw86h9sIL4zw7TL
auRufLvuRceeo2Fks+a06noL2PrLfEcNeeFKg0JgwA8ZiJ63lzfK6logOeRAzHne
c0QZO4aTwyQo7zbDUirdJ4U00MU3arui7xJjBxMvO8idtQgd
-----END CERTIFICATE-----