Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/80rCcXN6U3l6c3pqPcp-TsbQHx4.roa
File:                     80rCcXN6U3l6c3pqPcp-TsbQHx4.roa (raw, json)
Hash identifier:          dLshUJ/c9gDz9OkUGfsARS5j/snimHxtTpVF2/QzS+4=
Subject key identifier:   F3:4A:C2:71:73:7A:53:79:7A:73:7A:6A:3D:CA:7E:4E:C6:D0:1F:1E
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94E8A281560D32EE956928567D857
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/80rCcXN6U3l6c3pqPcp-TsbQHx4.roa
Signing time:             Mon 01 Jan 2024 20:31:22 +0000
ROA not before:           Mon 01 Jan 2024 20:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62588
IP address blocks:        2a03:f87:aabb::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4e:8a:28:15:60:d3:2e:e9:56:92:85:67:d8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f34ac271737a53797a737a6a3dca7e4ec6d01f1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5f:60:d3:84:c8:28:ec:42:bc:cc:f5:83:07:
                    6c:08:07:64:03:81:ac:a5:60:67:ed:d1:89:ef:d1:
                    78:f1:6d:49:13:9c:fb:64:75:00:41:7f:99:eb:b5:
                    00:27:e2:52:21:ff:d8:f7:22:c9:d8:fc:9f:54:52:
                    62:8f:e6:d7:a5:8d:24:60:38:60:30:06:6f:33:09:
                    68:14:dd:59:fb:62:43:75:ec:3d:36:4d:24:96:92:
                    e7:b0:40:9d:be:83:e4:ed:b6:ca:03:f0:df:99:4b:
                    c1:ab:be:f8:bc:ba:b2:95:aa:21:bd:77:be:1e:2d:
                    78:6b:ab:29:6d:58:41:3a:23:18:59:27:1f:d7:24:
                    26:fa:bc:bd:d0:fb:f6:5c:c5:4a:d1:02:22:a9:8d:
                    96:bd:09:35:03:13:4c:ca:14:74:e2:bb:3c:4d:a0:
                    c7:96:1c:82:4d:3f:34:c1:88:c5:5e:69:15:f6:ed:
                    8d:93:0f:1e:8d:8a:39:2e:67:78:27:cd:be:fa:40:
                    5b:1b:6e:cd:8f:d3:35:53:18:b7:91:e9:d9:30:45:
                    d0:84:06:d1:16:c0:8e:d6:cd:50:d1:9d:5b:85:d4:
                    2f:10:36:5a:f0:0f:34:75:1d:31:10:35:b8:50:26:
                    fa:d4:f4:2f:53:19:98:5e:2b:d5:0e:00:84:0c:7f:
                    49:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:4A:C2:71:73:7A:53:79:7A:73:7A:6A:3D:CA:7E:4E:C6:D0:1F:1E
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/80rCcXN6U3l6c3pqPcp-TsbQHx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f87:aabb::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:74:99:9d:41:ec:97:c3:5d:58:9d:fd:da:4b:d7:59:a9:9c:
         d4:1d:4a:f8:9a:78:b1:e1:1b:95:03:60:a9:4c:2c:da:d3:88:
         62:b8:0d:31:65:33:7e:bc:50:cf:46:40:1e:1a:17:fc:f3:85:
         45:a4:ba:0c:2d:54:6e:da:d3:09:5c:10:e3:99:f1:ee:b5:3f:
         0c:5b:e8:23:f0:62:ef:32:ba:ee:cd:94:d6:b6:5f:4f:75:ba:
         9e:a6:92:73:d1:64:10:c4:cf:50:69:51:92:82:2e:0e:55:76:
         36:59:31:56:e3:f5:78:74:52:ac:1b:0c:41:07:ab:21:c9:36:
         2c:75:bb:69:fb:ca:5a:bf:44:f2:d9:b1:cc:c0:2e:19:76:10:
         72:94:0d:5b:4d:28:3f:68:36:45:17:95:2b:eb:38:e2:18:89:
         74:9f:da:12:6b:c6:4f:ce:46:94:73:e7:67:10:57:af:da:eb:
         5d:57:47:d3:c9:d9:4e:67:90:37:c0:6b:38:ba:6e:cc:1f:05:
         0a:69:86:23:e0:dd:60:b6:92:10:3f:9f:0b:76:80:d2:11:6e:
         40:b3:b7:74:cc:da:c8:ff:6d:95:d8:55:45:2a:e8:9b:0f:c2:
         bf:3b:47:d1:17:f0:d5:a5:c7:57:7f:9c:2b:7a:9f:b3:20:55:
         ec:4b:7c:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuU6KKBVg0y7pVpKFZ9hXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzRhYzI3MTczN2E1Mzc5N2E3MzdhNmEzZGNhN2U0ZWM2ZDAxZjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgV9g04TIKOxCvMz1gwdsCAdkA4Gs
pWBn7dGJ79F48W1JE5z7ZHUAQX+Z67UAJ+JSIf/Y9yLJ2PyfVFJij+bXpY0kYDhg
MAZvMwloFN1Z+2JDdew9Nk0klpLnsECdvoPk7bbKA/DfmUvBq774vLqylaohvXe+
Hi14a6spbVhBOiMYWScf1yQm+ry90Pv2XMVK0QIiqY2WvQk1AxNMyhR04rs8TaDH
lhyCTT80wYjFXmkV9u2Nkw8ejYo5Lmd4J82++kBbG27Nj9M1Uxi3kenZMEXQhAbR
FsCO1s1Q0Z1bhdQvEDZa8A80dR0xEDW4UCb61PQvUxmYXivVDgCEDH9J3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPNKwnFzelN5enN6aj3Kfk7G0B8eMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvODByQ2NYTjZVM2w2YzNwcVBjcC1Uc2JRSHg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPh6q7
MA0GCSqGSIb3DQEBCwUAA4IBAQCLdJmdQeyXw11Ynf3aS9dZqZzUHUr4mnix4RuV
A2CpTCza04hiuA0xZTN+vFDPRkAeGhf884VFpLoMLVRu2tMJXBDjmfHutT8MW+gj
8GLvMrruzZTWtl9PdbqeppJz0WQQxM9QaVGSgi4OVXY2WTFW4/V4dFKsGwxBB6sh
yTYsdbtp+8pav0Ty2bHMwC4ZdhBylA1bTSg/aDZFF5Ur6zjiGIl0n9oSa8ZPzkaU
c+dnEFev2utdV0fTydlOZ5A3wGs4um7MHwUKaYYj4N1gtpIQP58LdoDSEW5As7d0
zNrI/22V2FVFKuibD8K/O0fRF/DVpcdXf5wrep+zIFXsS3ws
-----END CERTIFICATE-----