Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1LDI_3qCyH18cfsZV6kwj1Vqh6E.roa
File:                     1LDI_3qCyH18cfsZV6kwj1Vqh6E.roa (raw, json)
Hash identifier:          GBpuswr3PH5GiXdPZohCuCH+lczqpc0n+INCttB+L7Y=
Subject key identifier:   D4:B0:C8:FF:7A:82:C8:7D:7C:71:FB:19:57:A9:30:8F:55:6A:87:A1
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256DB3D437D8736CD69FB9915A05BB
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1LDI_3qCyH18cfsZV6kwj1Vqh6E.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209862
IP address blocks:        2a0b:b87:ff17::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6d:b3:d4:37:d8:73:6c:d6:9f:b9:91:5a:05:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4b0c8ff7a82c87d7c71fb1957a9308f556a87a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:69:7a:0c:bb:7a:db:83:26:51:6a:1b:86:ae:
                    2e:7f:14:c5:d6:66:b7:5c:8d:34:83:a2:c7:9a:dd:
                    35:4b:83:ed:97:b7:42:45:c1:e4:d8:af:39:9f:06:
                    98:64:3d:93:26:f1:49:9e:ed:e5:5a:84:ed:77:75:
                    d9:0c:eb:83:d7:6c:d8:a5:c3:81:3e:d4:d0:3d:6d:
                    42:c7:f1:23:d5:41:6f:a6:54:3d:95:c6:07:fa:fa:
                    82:a9:81:01:9a:79:d6:5c:bd:17:f9:45:38:03:90:
                    88:ff:b9:db:78:1a:94:08:a1:4d:31:66:c8:64:c1:
                    94:ca:0d:fb:d1:96:ed:f5:64:27:2d:17:40:c2:38:
                    e6:d2:1e:48:56:14:fa:5d:ed:8c:32:01:f3:e9:9e:
                    a3:e3:4d:e3:db:b5:27:01:cb:b0:80:d0:7e:60:f0:
                    a0:33:9b:13:1b:93:c8:9a:96:f1:fd:47:bb:bd:42:
                    2e:48:c1:5d:a4:cb:5e:3a:3d:3a:36:ee:de:fd:d7:
                    c5:0f:c0:50:16:58:d3:09:23:d9:3b:21:1d:1a:2a:
                    1a:c7:ac:e6:2a:3b:63:18:ca:00:f4:dc:d7:88:3f:
                    56:ee:43:2a:5d:87:c3:70:85:dd:c8:1c:68:3a:29:
                    52:7e:56:4a:8f:69:ad:9c:e8:83:da:c7:80:49:6a:
                    b6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B0:C8:FF:7A:82:C8:7D:7C:71:FB:19:57:A9:30:8F:55:6A:87:A1
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1LDI_3qCyH18cfsZV6kwj1Vqh6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff17::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:79:b7:fc:f4:6a:0e:28:5a:94:31:a6:01:28:e3:21:53:42:
         e3:6b:4a:01:f4:31:2b:6d:ae:87:0b:66:34:71:af:30:c7:7f:
         df:61:a6:f8:0b:f6:44:15:9b:36:89:0f:83:3a:8b:87:58:48:
         db:e7:9a:1c:8e:9b:95:09:c1:77:bc:44:99:40:f9:ef:0e:ca:
         02:61:57:03:cb:81:b8:3b:31:19:a0:ab:77:c5:ad:6b:fd:a0:
         02:95:68:d6:97:f2:5e:a5:6c:a4:b2:bb:28:54:8b:34:f7:db:
         85:ee:cd:89:04:95:e0:58:72:63:61:44:52:37:27:f9:03:42:
         58:99:f4:d4:80:3b:b9:ab:14:06:cf:3c:33:d6:97:4f:d1:ac:
         48:45:29:1e:60:16:20:aa:a8:7a:3c:3b:c4:6f:5d:e2:e4:7a:
         50:5e:d7:ff:a0:1d:fe:14:58:3b:0d:37:a8:6a:58:f9:f5:6a:
         1b:a2:50:64:a6:1d:08:b2:81:6a:65:19:01:8a:32:04:97:99:
         d2:be:39:4b:ad:0c:53:cc:db:0f:69:96:18:e3:52:f4:41:43:
         8e:f2:5b:87:d1:67:af:37:1d:38:a3:a1:8b:ff:8b:6d:b2:27:
         ea:9e:f8:46:74:25:fa:d7:7e:59:dd:2c:c8:9f:61:7b:b2:7c:
         90:30:c4:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJW2z1DfYc2zWn7mRWgW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGIwYzhmZjdhODJjODdkN2M3MWZiMTk1N2E5MzA4ZjU1NmE4N2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmml6DLt624MmUWobhq4ufxTF1ma3
XI00g6LHmt01S4Ptl7dCRcHk2K85nwaYZD2TJvFJnu3lWoTtd3XZDOuD12zYpcOB
PtTQPW1Cx/Ej1UFvplQ9lcYH+vqCqYEBmnnWXL0X+UU4A5CI/7nbeBqUCKFNMWbI
ZMGUyg370Zbt9WQnLRdAwjjm0h5IVhT6Xe2MMgHz6Z6j403j27UnAcuwgNB+YPCg
M5sTG5PImpbx/Ue7vUIuSMFdpMteOj06Nu7e/dfFD8BQFljTCSPZOyEdGioax6zm
KjtjGMoA9NzXiD9W7kMqXYfDcIXdyBxoOilSflZKj2mtnOiD2seASWq29QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNSwyP96gsh9fHH7GVepMI9VaoehMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvMUxESV8zcUN5SDE4Y2ZzWlY2a3dqMVZxaDZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8X
MA0GCSqGSIb3DQEBCwUAA4IBAQAXebf89GoOKFqUMaYBKOMhU0Lja0oB9DErba6H
C2Y0ca8wx3/fYab4C/ZEFZs2iQ+DOouHWEjb55ocjpuVCcF3vESZQPnvDsoCYVcD
y4G4OzEZoKt3xa1r/aAClWjWl/JepWyksrsoVIs099uF7s2JBJXgWHJjYURSNyf5
A0JYmfTUgDu5qxQGzzwz1pdP0axIRSkeYBYgqqh6PDvEb13i5HpQXtf/oB3+FFg7
DTeoalj59WobolBkph0IsoFqZRkBijIEl5nSvjlLrQxTzNsPaZYY41L0QUOO8luH
0WevNx04o6GL/4ttsifqnvhGdCX6135Z3SzIn2F7snyQMMRu
-----END CERTIFICATE-----