Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/B1yCIyfmxhtovQyNrmmk-qztnl4.roa
File:                     B1yCIyfmxhtovQyNrmmk-qztnl4.roa (raw, json)
Hash identifier:          pa4PVQ8ELTmOpU2gc+jgxp67LMdpg7aTMgoeWMlTgpI=
Subject key identifier:   07:5C:82:23:27:E6:C6:1B:68:BD:0C:8D:AE:69:A4:FA:AC:ED:9E:5E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4257423E11D521BE24662B33143A02B
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/B1yCIyfmxhtovQyNrmmk-qztnl4.roa
Signing time:             Mon 01 Jan 2024 08:30:38 +0000
ROA not before:           Mon 01 Jan 2024 08:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212647
IP address blocks:        2a0b:b87:ffa0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:74:23:e1:1d:52:1b:e2:46:62:b3:31:43:a0:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=075c822327e6c61b68bd0c8dae69a4faaced9e5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fe:82:c3:15:c0:41:02:65:b0:f1:38:60:4c:
                    2c:a6:81:80:78:a1:c0:a7:28:1b:01:70:4e:53:b9:
                    3d:33:2b:cd:81:ee:72:28:04:99:73:24:42:f0:18:
                    9c:27:b1:3c:59:29:70:17:97:80:08:8e:8d:97:cd:
                    a6:47:6e:3c:a8:c9:b7:b8:2c:3c:dc:d0:d5:95:cf:
                    26:01:8b:fc:81:1e:de:7d:cb:c4:9b:be:43:42:02:
                    d2:97:76:fd:93:5c:d6:92:83:27:8d:1c:97:6b:06:
                    88:d9:42:48:84:50:9d:c7:75:44:39:f6:00:a8:4f:
                    bf:4e:b7:ed:26:96:3e:0d:8e:92:ad:0d:7c:ba:00:
                    e5:72:56:76:fe:61:de:69:a5:e6:80:49:3e:8f:36:
                    01:8a:df:6b:39:ca:73:ec:9c:dd:04:44:b8:44:60:
                    60:db:85:48:77:6d:90:69:9d:30:aa:9e:3d:54:72:
                    d2:7e:2e:f3:a6:20:e4:bd:2d:38:fd:77:1f:43:a5:
                    25:87:37:ef:8e:44:30:11:00:6c:fa:75:f3:58:ea:
                    cd:3d:28:20:cd:d0:32:65:5c:8c:ff:a9:45:47:9f:
                    7a:66:41:b7:4d:12:e3:39:70:e3:90:0a:82:ad:46:
                    88:c3:46:db:08:f7:86:24:9b:de:d7:0e:62:41:97:
                    57:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5C:82:23:27:E6:C6:1B:68:BD:0C:8D:AE:69:A4:FA:AC:ED:9E:5E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/B1yCIyfmxhtovQyNrmmk-qztnl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffa0::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:a4:5a:61:7e:d1:ec:8f:2d:dd:3a:98:60:7c:ff:a0:27:87:
         5f:2c:5c:ff:2f:ae:c4:53:54:4b:e6:98:8a:48:3b:d4:ea:78:
         14:f3:19:c5:6b:04:0f:ee:9c:33:47:79:b1:73:5e:92:be:95:
         31:34:99:ff:f8:e0:f6:20:57:fe:88:fb:78:8d:c9:4c:51:6d:
         60:83:5e:e4:68:5e:68:9a:51:89:7f:05:43:13:95:fe:d3:7b:
         13:2f:97:8b:2b:10:04:f4:b2:18:4c:5f:ac:00:86:a4:95:e5:
         13:77:22:82:0d:c9:c8:a8:b1:ef:13:ef:e9:0d:7e:c2:b0:9d:
         45:2f:72:1a:6b:c8:6f:67:c4:c3:8d:d5:47:b4:f7:74:6d:23:
         4b:b8:06:a8:81:45:11:51:a6:1f:3e:ab:30:cd:4a:0d:24:b9:
         04:92:b8:30:c5:46:77:9e:86:f6:e8:82:ae:a4:f9:7e:98:3b:
         88:f8:3b:07:78:e0:22:b3:22:ad:68:e8:67:7d:31:ab:7b:4a:
         ec:5c:96:4f:e7:d7:08:0b:24:b6:c4:57:fd:bd:56:06:97:e9:
         07:cf:38:8e:8c:7f:90:0b:a0:51:b8:1f:3d:42:ce:84:f6:03:
         30:03:96:ff:67:a2:8c:48:22:8e:b8:fb:94:ec:e6:2e:81:1f:
         b4:b6:16:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJXQj4R1SG+JGYrMxQ6ArMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzVjODIyMzI3ZTZjNjFiNjhiZDBjOGRhZTY5YTRmYWFjZWQ5ZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtv6CwxXAQQJlsPE4YEwspoGAeKHA
pygbAXBOU7k9MyvNge5yKASZcyRC8BicJ7E8WSlwF5eACI6Nl82mR248qMm3uCw8
3NDVlc8mAYv8gR7efcvEm75DQgLSl3b9k1zWkoMnjRyXawaI2UJIhFCdx3VEOfYA
qE+/TrftJpY+DY6SrQ18ugDlclZ2/mHeaaXmgEk+jzYBit9rOcpz7JzdBES4RGBg
24VId22QaZ0wqp49VHLSfi7zpiDkvS04/XcfQ6UlhzfvjkQwEQBs+nXzWOrNPSgg
zdAyZVyM/6lFR596ZkG3TRLjOXDjkAqCrUaIw0bbCPeGJJve1w5iQZdXKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAdcgiMn5sYbaL0Mja5ppPqs7Z5eMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvQjF5Q0l5Zm14aHRvdlF5TnJtbWstcXp0bmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+g
MA0GCSqGSIb3DQEBCwUAA4IBAQBppFphftHsjy3dOphgfP+gJ4dfLFz/L67EU1RL
5piKSDvU6ngU8xnFawQP7pwzR3mxc16SvpUxNJn/+OD2IFf+iPt4jclMUW1gg17k
aF5omlGJfwVDE5X+03sTL5eLKxAE9LIYTF+sAIakleUTdyKCDcnIqLHvE+/pDX7C
sJ1FL3Iaa8hvZ8TDjdVHtPd0bSNLuAaogUURUaYfPqswzUoNJLkEkrgwxUZ3nob2
6IKupPl+mDuI+DsHeOAisyKtaOhnfTGre0rsXJZP59cICyS2xFf9vVYGl+kHzziO
jH+QC6BRuB89Qs6E9gMwA5b/Z6KMSCKOuPuU7OYugR+0thao
-----END CERTIFICATE-----