Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/d-FWpAlhCacZjIC58oRYVWHx-gw.roa
File:                     d-FWpAlhCacZjIC58oRYVWHx-gw.roa (raw, json)
Hash identifier:          tKMITyJ+RBJCrEWtJWDU6APJffZwwB1x59KK7gq6roA=
Subject key identifier:   77:E1:56:A4:09:61:09:A7:19:8C:80:B9:F2:84:58:55:61:F1:FA:0C
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42565C539327CAF05F6FB8816B697F6
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/d-FWpAlhCacZjIC58oRYVWHx-gw.roa
Signing time:             Mon 01 Jan 2024 08:30:34 +0000
ROA not before:           Mon 01 Jan 2024 08:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202307
IP address blocks:        2a0b:b87:ffe9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:65:c5:39:32:7c:af:05:f6:fb:88:16:b6:97:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77e156a4096109a7198c80b9f284585561f1fa0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:41:ac:81:17:12:79:c7:28:46:5a:68:4c:3c:
                    f8:79:00:e6:db:09:16:42:48:db:5c:62:3f:85:8f:
                    17:10:3d:0c:3a:24:f5:1b:c2:2b:cf:7c:b8:5f:f5:
                    ae:f0:ff:39:f1:cc:4a:83:fe:b8:29:d1:ec:be:fc:
                    dd:42:dc:ca:ee:52:67:f4:49:58:4d:b6:b8:6b:b6:
                    50:c6:62:3d:b9:9f:49:20:04:1e:79:91:65:d0:0b:
                    4c:87:83:00:39:a5:73:10:e0:fe:68:de:a2:67:4b:
                    85:20:b7:75:19:b2:71:43:42:c3:3e:c8:05:73:ca:
                    2c:6c:e3:2f:57:ab:53:e5:a6:39:1d:eb:0b:f0:8a:
                    dd:0d:12:0a:a6:e5:3d:78:96:10:78:d7:a0:c8:c7:
                    84:d3:f3:52:dd:3a:62:74:0a:64:1b:8d:7b:8f:20:
                    69:80:a5:98:0c:ac:fc:e2:ae:bd:90:89:85:83:bc:
                    47:bd:34:c8:9e:d6:2c:b7:25:2b:5b:0b:01:05:6e:
                    fc:97:4e:b7:e6:52:29:3a:1f:52:71:09:80:6b:f6:
                    0e:99:43:c8:a7:3d:cf:65:63:37:ce:ee:8a:40:eb:
                    02:c3:b8:ac:09:44:9c:b7:e3:dd:01:66:f1:94:b4:
                    42:42:e4:cf:c5:8f:a4:f3:cc:48:8b:03:41:29:38:
                    a7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E1:56:A4:09:61:09:A7:19:8C:80:B9:F2:84:58:55:61:F1:FA:0C
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/d-FWpAlhCacZjIC58oRYVWHx-gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffe9::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:08:b8:d8:ab:83:9a:45:65:a1:2b:f7:bc:51:2d:09:b1:e8:
         c0:f4:32:3d:e4:ce:67:b0:39:0b:14:8e:ea:cc:7d:69:c2:76:
         3a:4e:6b:f6:1c:59:75:19:cb:71:16:a1:cd:01:63:e1:37:30:
         bc:34:ec:1c:e0:99:57:78:bd:c6:85:94:39:ad:5e:47:fc:3c:
         b5:7c:0f:83:b6:5b:d5:cf:26:23:e5:08:35:45:c8:32:4f:e2:
         f5:da:30:f5:2c:b4:b9:78:34:47:6a:1a:26:33:16:f0:35:5e:
         36:8d:db:88:4f:2d:55:4f:fb:18:c8:16:ea:68:ed:94:be:7b:
         ed:a4:3b:7d:8a:4e:17:f5:01:f6:aa:a7:a1:9b:aa:33:46:dc:
         20:37:bf:ce:6e:8d:4c:a6:f5:23:9a:fb:eb:2d:fa:78:35:62:
         d4:8c:f8:90:51:af:5a:59:30:e2:09:3d:a7:86:f6:aa:38:46:
         63:f9:37:2e:14:fb:a9:13:c7:58:c4:29:c4:bd:a4:8d:d5:47:
         12:18:10:00:16:a1:05:94:86:6c:97:44:74:ad:c6:77:d5:9e:
         2b:cf:d1:a2:be:bc:8e:07:94:f0:3d:c9:02:c9:e0:f0:e0:a5:
         50:22:6a:0b:65:29:98:8c:af:79:4d:61:f0:6d:21:bb:53:82:
         48:a3:c6:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWXFOTJ8rwX2+4gWtpf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2UxNTZhNDA5NjEwOWE3MTk4YzgwYjlmMjg0NTg1NTYxZjFmYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0GsgRcSeccoRlpoTDz4eQDm2wkW
QkjbXGI/hY8XED0MOiT1G8Irz3y4X/Wu8P858cxKg/64KdHsvvzdQtzK7lJn9ElY
Tba4a7ZQxmI9uZ9JIAQeeZFl0AtMh4MAOaVzEOD+aN6iZ0uFILd1GbJxQ0LDPsgF
c8osbOMvV6tT5aY5HesL8IrdDRIKpuU9eJYQeNegyMeE0/NS3TpidApkG417jyBp
gKWYDKz84q69kImFg7xHvTTIntYstyUrWwsBBW78l0635lIpOh9ScQmAa/YOmUPI
pz3PZWM3zu6KQOsCw7isCUSct+PdAWbxlLRCQuTPxY+k88xIiwNBKTinnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHfhVqQJYQmnGYyAufKEWFVh8foMMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZC1GV3BBbGhDYWNaaklDNThvUllWV0h4LWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//p
MA0GCSqGSIb3DQEBCwUAA4IBAQCFCLjYq4OaRWWhK/e8US0JsejA9DI95M5nsDkL
FI7qzH1pwnY6Tmv2HFl1GctxFqHNAWPhNzC8NOwc4JlXeL3GhZQ5rV5H/Dy1fA+D
tlvVzyYj5Qg1RcgyT+L12jD1LLS5eDRHahomMxbwNV42jduITy1VT/sYyBbqaO2U
vnvtpDt9ik4X9QH2qqehm6ozRtwgN7/Obo1MpvUjmvvrLfp4NWLUjPiQUa9aWTDi
CT2nhvaqOEZj+TcuFPupE8dYxCnEvaSN1UcSGBAAFqEFlIZsl0R0rcZ31Z4rz9Gi
vryOB5TwPckCyeDw4KVQImoLZSmYjK95TWHwbSG7U4JIo8ae
-----END CERTIFICATE-----