Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_NPgj-1ZbFcOXQM4LwmZQKn07K8.roa
File:                     _NPgj-1ZbFcOXQM4LwmZQKn07K8.roa (raw, json)
Hash identifier:          PYHGQAnTvdTNvzlP4ER42V4IQ3ScPCM9iZIrBvJfYDY=
Subject key identifier:   FC:D3:E0:8F:ED:59:6C:57:0E:5D:03:38:2F:09:99:40:A9:F4:EC:AF
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256590CFC9F13C4E16098337D0BB5F
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_NPgj-1ZbFcOXQM4LwmZQKn07K8.roa
Signing time:             Mon 01 Jan 2024 08:30:34 +0000
ROA not before:           Mon 01 Jan 2024 08:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201331
IP address blocks:        2a0b:b87:ffea::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:65:90:cf:c9:f1:3c:4e:16:09:83:37:d0:bb:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcd3e08fed596c570e5d03382f099940a9f4ecaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e0:24:57:15:72:4c:dc:ef:53:ce:b8:81:e9:
                    ee:9e:92:fd:f3:7a:c9:7e:c3:fb:6e:97:6a:05:09:
                    04:36:52:48:2e:f2:56:d2:c9:5f:08:af:31:ed:b7:
                    9a:a6:a7:db:ad:e6:b4:f1:99:e2:0a:55:ac:7f:e7:
                    75:14:5a:62:bc:ec:fe:e3:f2:88:0a:1b:a5:d5:50:
                    b5:f2:cc:0c:b0:c0:33:5f:fe:69:ac:a8:8b:1a:0d:
                    af:ed:0f:ee:0a:1b:93:37:81:9f:9c:c2:da:96:30:
                    cd:ff:57:81:b6:a7:a1:a9:f2:37:3b:96:97:19:ee:
                    3d:7e:cc:5d:0f:6d:a2:6c:5a:de:7f:70:48:dc:92:
                    de:65:0a:e7:7a:34:76:6c:3e:78:e1:83:58:e4:44:
                    09:dd:81:8d:3e:a1:ff:bb:3c:14:2b:52:eb:3f:7c:
                    be:78:fe:ea:ae:23:28:2b:85:f9:59:b1:1a:6f:17:
                    9c:6f:73:e9:66:bd:1d:68:48:da:d4:78:22:bc:6d:
                    96:cc:03:de:23:c2:2d:18:54:c3:18:48:f7:2e:b7:
                    fd:35:61:94:7c:1f:cd:e5:92:02:53:d9:4f:1c:14:
                    8b:fc:29:55:2d:35:2c:d6:92:75:e4:fb:f1:6a:70:
                    05:e0:5b:be:16:07:5f:39:49:ae:66:75:89:83:93:
                    fa:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D3:E0:8F:ED:59:6C:57:0E:5D:03:38:2F:09:99:40:A9:F4:EC:AF
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_NPgj-1ZbFcOXQM4LwmZQKn07K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffea::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:23:5a:10:39:9d:34:fd:cc:37:5b:64:f2:07:22:e4:00:c3:
         d7:c9:89:ba:46:34:88:a4:8a:07:df:61:83:38:3e:ab:3a:a7:
         23:30:9f:23:40:1a:18:1c:74:c1:05:cd:df:82:47:51:95:9f:
         c2:be:f2:b0:b4:62:a5:9d:fe:73:16:10:1e:62:d8:69:e2:f4:
         eb:df:eb:b7:00:6c:0d:d8:2d:97:4a:ed:d5:8f:24:91:af:62:
         35:c3:fc:0d:7c:bb:5f:20:cf:5a:5c:71:43:81:fb:fa:56:ef:
         09:75:45:ae:68:3f:b1:18:ad:b1:71:39:d8:70:1b:10:de:f6:
         f4:fa:83:ad:58:be:c0:bd:4d:4e:f9:65:7e:0e:e6:d4:e2:3f:
         49:92:27:5e:6b:65:f5:95:b7:9c:f9:b9:d3:9f:4e:09:11:39:
         ea:88:c8:0d:fe:dd:dc:51:a1:95:5c:4d:c5:78:2f:1c:e1:46:
         c8:bc:0b:62:d1:bd:52:26:b1:0a:83:9b:bc:2a:df:dd:71:09:
         52:59:e0:3b:b8:f7:23:e3:bd:06:57:a7:3e:c7:b7:5d:ee:08:
         2f:aa:cc:26:f9:7b:22:ff:82:1e:43:93:90:d5:ca:d5:d0:f6:
         5b:59:13:5f:00:a0:d1:a2:03:a4:4d:3a:fa:2a:39:49:e2:24:
         b9:03:98:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWWQz8nxPE4WCYM30LtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2QzZTA4ZmVkNTk2YzU3MGU1ZDAzMzgyZjA5OTk0MGE5ZjRlY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuAkVxVyTNzvU864genunpL983rJ
fsP7bpdqBQkENlJILvJW0slfCK8x7beapqfbrea08ZniClWsf+d1FFpivOz+4/KI
Chul1VC18swMsMAzX/5prKiLGg2v7Q/uChuTN4GfnMLaljDN/1eBtqehqfI3O5aX
Ge49fsxdD22ibFref3BI3JLeZQrnejR2bD544YNY5EQJ3YGNPqH/uzwUK1LrP3y+
eP7qriMoK4X5WbEabxecb3PpZr0daEja1HgivG2WzAPeI8ItGFTDGEj3Lrf9NWGU
fB/N5ZICU9lPHBSL/ClVLTUs1pJ15PvxanAF4Fu+FgdfOUmuZnWJg5P6fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPzT4I/tWWxXDl0DOC8JmUCp9OyvMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvX05QZ2otMVpiRmNPWFFNNEx3bVpRS24wN0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//q
MA0GCSqGSIb3DQEBCwUAA4IBAQAeI1oQOZ00/cw3W2TyByLkAMPXyYm6RjSIpIoH
32GDOD6rOqcjMJ8jQBoYHHTBBc3fgkdRlZ/CvvKwtGKlnf5zFhAeYthp4vTr3+u3
AGwN2C2XSu3VjySRr2I1w/wNfLtfIM9aXHFDgfv6Vu8JdUWuaD+xGK2xcTnYcBsQ
3vb0+oOtWL7AvU1O+WV+DubU4j9Jkidea2X1lbec+bnTn04JETnqiMgN/t3cUaGV
XE3FeC8c4UbIvAti0b1SJrEKg5u8Kt/dcQlSWeA7uPcj470GV6c+x7dd7ggvqswm
+Xsi/4IeQ5OQ1crV0PZbWRNfAKDRogOkTTr6KjlJ4iS5A5jE
-----END CERTIFICATE-----