Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/BaXoR613Kps-FK-uidn5TA0Nx8o.roa
File:                     BaXoR613Kps-FK-uidn5TA0Nx8o.roa (raw, json)
Hash identifier:          qtH/yNM3seqNY+qZXAEXugnW3NVziSX1QKhVbR5wPS8=
Subject key identifier:   05:A5:E8:47:AD:77:2A:9B:3E:14:AF:AE:89:D9:F9:4C:0D:0D:C7:CA
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255E5FF31660C897A6B00FB71015A7
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/BaXoR613Kps-FK-uidn5TA0Nx8o.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44754
IP address blocks:        2a0b:b87:ffe8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5e:5f:f3:16:60:c8:97:a6:b0:0f:b7:10:15:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a5e847ad772a9b3e14afae89d9f94c0d0dc7ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c2:50:9c:7b:6f:3a:3b:7b:0d:63:6e:60:86:
                    bc:82:3a:a5:41:92:d5:d6:99:32:1c:43:26:61:25:
                    6a:f7:04:5d:fa:6d:92:f1:ef:0f:3d:66:10:fc:72:
                    d7:de:11:50:d7:98:b5:3f:dd:12:f1:17:8b:f8:52:
                    cd:23:36:92:3d:c1:d4:f9:3f:bb:ed:62:0e:19:bf:
                    36:f2:de:c0:b3:6a:51:74:9f:bc:aa:c0:c2:cb:0c:
                    13:17:c0:53:33:61:27:5f:e9:3b:05:94:7e:86:81:
                    69:41:84:c2:ac:7a:db:e3:7b:32:d1:de:f7:5f:74:
                    3f:73:31:e3:fe:9f:bf:45:83:f9:d8:cf:e0:d0:2c:
                    0c:5f:42:41:e7:32:de:d8:ee:bc:38:a0:02:08:74:
                    18:15:c4:e6:9c:99:b5:52:55:db:16:ba:e1:85:19:
                    e1:50:34:39:67:81:29:5b:f4:7d:51:9b:07:cd:d8:
                    61:af:66:b8:dd:4d:11:fb:67:de:0a:24:7f:17:bb:
                    37:36:40:ee:5f:74:e4:3e:36:81:8b:29:48:cc:3e:
                    6f:42:51:d4:17:76:78:1c:d9:7f:a9:8e:c2:ae:7e:
                    c0:ee:3e:53:44:27:78:3f:b6:7d:d0:56:e3:ef:48:
                    be:c3:de:a3:68:17:a7:85:ac:29:ad:ae:5d:50:48:
                    72:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A5:E8:47:AD:77:2A:9B:3E:14:AF:AE:89:D9:F9:4C:0D:0D:C7:CA
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/BaXoR613Kps-FK-uidn5TA0Nx8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffe8::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:91:e1:a1:ce:9e:ce:dc:33:fc:28:60:e8:e7:94:fc:73:6f:
         a0:47:8c:03:79:42:49:2b:52:8c:6b:79:1f:fd:49:6f:6f:d7:
         c9:b1:8f:7b:28:03:61:40:85:cb:ec:78:82:d8:6f:7e:2f:1c:
         16:c4:8f:54:08:5f:68:12:53:75:31:0f:ad:d0:1e:54:af:c1:
         f8:be:90:56:06:17:6a:1d:de:6a:72:d8:f7:63:f3:6b:4b:68:
         ed:e6:41:43:25:14:08:87:60:19:9f:f0:52:f0:ca:bc:0f:82:
         04:39:bd:92:a5:aa:f1:ea:5a:4d:26:78:e5:04:cb:46:0e:6c:
         23:dd:88:6b:ce:8c:7e:48:af:d2:66:0f:05:6c:89:ad:fc:f1:
         42:27:a1:63:3d:1f:4b:1a:9e:d3:9d:e8:44:8c:53:29:0e:0c:
         d5:1f:de:7b:75:34:ff:70:56:ab:a4:64:0c:05:ae:f1:95:9c:
         84:51:d4:02:80:06:92:47:5e:35:eb:b2:97:ca:7a:64:9a:f3:
         69:fa:71:c4:da:6e:e1:f9:42:34:f8:7c:22:53:80:82:6b:42:
         16:c9:b0:a4:88:b7:7b:da:5c:8b:09:fe:a0:86:f0:b1:15:f3:
         b6:4e:5f:ea:6b:2a:1f:25:2c:9d:9a:68:01:69:75:15:ed:19:
         d7:08:d1:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJV5f8xZgyJemsA+3EBWnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE1ZTg0N2FkNzcyYTliM2UxNGFmYWU4OWQ5Zjk0YzBkMGRjN2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcJQnHtvOjt7DWNuYIa8gjqlQZLV
1pkyHEMmYSVq9wRd+m2S8e8PPWYQ/HLX3hFQ15i1P90S8ReL+FLNIzaSPcHU+T+7
7WIOGb828t7As2pRdJ+8qsDCywwTF8BTM2EnX+k7BZR+hoFpQYTCrHrb43sy0d73
X3Q/czHj/p+/RYP52M/g0CwMX0JB5zLe2O68OKACCHQYFcTmnJm1UlXbFrrhhRnh
UDQ5Z4EpW/R9UZsHzdhhr2a43U0R+2feCiR/F7s3NkDuX3TkPjaBiylIzD5vQlHU
F3Z4HNl/qY7Crn7A7j5TRCd4P7Z90Fbj70i+w96jaBenhawpra5dUEhyZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAWl6EetdyqbPhSvronZ+UwNDcfKMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvQmFYb1I2MTNLcHMtRkstdWlkbjVUQTBOeDhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//o
MA0GCSqGSIb3DQEBCwUAA4IBAQBAkeGhzp7O3DP8KGDo55T8c2+gR4wDeUJJK1KM
a3kf/Ulvb9fJsY97KANhQIXL7HiC2G9+LxwWxI9UCF9oElN1MQ+t0B5Ur8H4vpBW
BhdqHd5qctj3Y/NrS2jt5kFDJRQIh2AZn/BS8Mq8D4IEOb2Sparx6lpNJnjlBMtG
Dmwj3Yhrzox+SK/SZg8FbImt/PFCJ6FjPR9LGp7TnehEjFMpDgzVH957dTT/cFar
pGQMBa7xlZyEUdQCgAaSR14167KXynpkmvNp+nHE2m7h+UI0+HwiU4CCa0IWybCk
iLd72lyLCf6ghvCxFfO2Tl/qayofJSydmmgBaXUV7RnXCNFc
-----END CERTIFICATE-----