Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MTfWguz6dAy40qDGN61UIqLeDCM.roa
File:                     MTfWguz6dAy40qDGN61UIqLeDCM.roa (raw, json)
Hash identifier:          +q4DAiG6fxKtAGOuN9F3q1iG2M/aKkoetB5PXgKiGXE=
Subject key identifier:   31:37:D6:82:EC:FA:74:0C:B8:D2:A0:C6:37:AD:54:22:A2:DE:0C:23
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256B704A06AB21BB4E69006158C40D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MTfWguz6dAy40qDGN61UIqLeDCM.roa
Signing time:             Mon 01 Jan 2024 08:30:35 +0000
ROA not before:           Mon 01 Jan 2024 08:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207649
IP address blocks:        2a0b:b87:ffb6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 07:50:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6b:70:4a:06:ab:21:bb:4e:69:00:61:58:c4:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3137d682ecfa740cb8d2a0c637ad5422a2de0c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8a:57:39:64:21:6a:76:8d:83:66:c7:b7:31:
                    db:43:cc:ab:6a:98:a0:09:cf:fd:19:b9:eb:47:92:
                    91:1b:5b:4e:10:32:c2:56:38:40:70:ab:ff:b9:16:
                    8a:74:3e:2d:3d:25:8b:88:e5:2f:0a:64:6e:55:29:
                    6a:0a:b5:62:46:97:e9:83:ec:5f:59:f5:de:50:3e:
                    ef:ca:7e:da:aa:5d:18:5e:cd:c0:26:54:23:6b:96:
                    75:18:40:19:27:89:2e:af:e1:b0:35:bb:03:f8:cb:
                    22:5b:cc:22:ca:d1:bb:2b:b8:12:43:66:a3:8e:e9:
                    f0:ac:46:38:ed:ce:5a:ff:06:3a:e8:05:5b:49:b7:
                    b9:8c:e8:55:48:e2:e4:fe:df:a7:ab:7e:92:78:60:
                    7b:f2:8b:5d:98:5e:9d:f5:6c:04:21:69:3d:2a:85:
                    5b:f6:47:e2:86:0f:64:82:35:6c:5c:b7:0e:4c:27:
                    63:ce:72:94:99:a4:8e:75:b6:13:eb:5b:c1:7b:a7:
                    00:b7:c0:d9:9d:21:30:b4:98:dc:f2:fd:05:97:38:
                    e8:4f:37:74:52:60:17:53:09:08:8a:bb:90:4c:8a:
                    65:49:31:e7:0d:4f:b2:0a:bb:0e:11:7a:16:a7:df:
                    3e:96:01:10:a0:4e:2f:bf:ba:47:e6:d4:b8:2e:1d:
                    cc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:37:D6:82:EC:FA:74:0C:B8:D2:A0:C6:37:AD:54:22:A2:DE:0C:23
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MTfWguz6dAy40qDGN61UIqLeDCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffb6::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:67:24:e4:4d:ae:fc:13:7b:bf:70:a3:c5:a1:55:9e:4b:b0:
         1e:fa:1f:aa:d1:35:d4:e4:f0:08:77:3c:84:f8:fa:b5:95:1f:
         16:6a:d8:3a:2b:b6:47:77:29:97:a3:a2:3b:f5:bc:cd:31:ca:
         1d:16:67:21:65:d5:13:ff:40:c6:ab:f0:62:fa:73:41:21:ae:
         ed:57:b4:e7:c1:93:e7:f2:12:14:67:42:0a:9d:5f:de:a6:17:
         65:06:67:de:ef:0b:27:16:fd:1c:67:c8:a6:37:77:7f:fd:44:
         ed:73:a4:8c:a6:8a:34:e1:7c:cd:37:f4:a2:ba:fe:ec:3e:37:
         55:e5:b7:3e:60:cb:1a:96:9b:fd:7e:42:22:10:ac:12:70:b6:
         6d:5f:a5:e9:64:53:03:21:cd:34:54:3e:cf:82:55:72:bf:e8:
         c8:96:0b:94:aa:f1:4e:d8:9c:fd:ff:75:29:73:a7:84:82:0a:
         7f:55:24:75:1a:56:f5:1d:a9:88:1e:f4:b2:07:ab:3f:ba:ec:
         b4:0b:3e:74:18:2c:3a:c0:02:69:f3:a0:a0:c7:10:52:6c:85:
         54:a6:4a:f0:82:72:02:e6:e7:4a:0d:4f:3f:81:1c:d4:a7:90:
         af:de:bd:d7:2d:8f:46:70:86:1f:ff:12:0d:76:dd:31:41:95:
         18:0d:be:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWtwSgarIbtOaQBhWMQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM3ZDY4MmVjZmE3NDBjYjhkMmEwYzYzN2FkNTQyMmEyZGUwYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYpXOWQhanaNg2bHtzHbQ8yrapig
Cc/9GbnrR5KRG1tOEDLCVjhAcKv/uRaKdD4tPSWLiOUvCmRuVSlqCrViRpfpg+xf
WfXeUD7vyn7aql0YXs3AJlQja5Z1GEAZJ4kur+GwNbsD+MsiW8wiytG7K7gSQ2aj
junwrEY47c5a/wY66AVbSbe5jOhVSOLk/t+nq36SeGB78otdmF6d9WwEIWk9KoVb
9kfihg9kgjVsXLcOTCdjznKUmaSOdbYT61vBe6cAt8DZnSEwtJjc8v0FlzjoTzd0
UmAXUwkIiruQTIplSTHnDU+yCrsOEXoWp98+lgEQoE4vv7pH5tS4Lh3MuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDE31oLs+nQMuNKgxjetVCKi3gwjMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTVRmV2d1ejZkQXk0MHFER042MVVJcUxlRENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+2
MA0GCSqGSIb3DQEBCwUAA4IBAQAvZyTkTa78E3u/cKPFoVWeS7Ae+h+q0TXU5PAI
dzyE+Pq1lR8Watg6K7ZHdymXo6I79bzNMcodFmchZdUT/0DGq/Bi+nNBIa7tV7Tn
wZPn8hIUZ0IKnV/ephdlBmfe7wsnFv0cZ8imN3d//UTtc6SMpoo04XzNN/Siuv7s
PjdV5bc+YMsalpv9fkIiEKwScLZtX6XpZFMDIc00VD7PglVyv+jIlguUqvFO2Jz9
/3Upc6eEggp/VSR1Glb1HamIHvSyB6s/uuy0Cz50GCw6wAJp86CgxxBSbIVUpkrw
gnIC5udKDU8/gRzUp5Cv3r3XLY9GcIYf/xINdt0xQZUYDb5L
-----END CERTIFICATE-----