Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/feC68DxsZinnEbmLRkNeKVsi2f0.roa
File:                     feC68DxsZinnEbmLRkNeKVsi2f0.roa (raw, json)
Hash identifier:          l6ILBF8odqdKiyvwxKhnGmOCCtzreR610NCUQHHgcRU=
Subject key identifier:   7D:E0:BA:F0:3C:6C:66:29:E7:11:B9:8B:46:43:5E:29:5B:22:D9:FD
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42571FAE73B23D56CB447ED707130EA
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/feC68DxsZinnEbmLRkNeKVsi2f0.roa
Signing time:             Mon 01 Jan 2024 08:30:37 +0000
ROA not before:           Mon 01 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211849
IP address blocks:        2a0b:b86:ffc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:71:fa:e7:3b:23:d5:6c:b4:47:ed:70:71:30:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7de0baf03c6c6629e711b98b46435e295b22d9fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ad:6f:0a:27:d0:4d:56:89:5d:d7:36:02:36:
                    ac:a6:65:57:5a:09:52:78:8a:dd:97:7c:4d:43:71:
                    e5:fe:69:d4:ff:00:8f:ea:5a:af:55:5a:81:c7:ad:
                    c5:c1:4c:50:fe:a3:13:24:c9:28:33:35:cd:8b:9a:
                    65:ee:48:5c:97:69:0c:9d:5b:65:d4:aa:4a:69:b5:
                    cb:cb:cc:c2:e3:34:f3:8b:15:e4:bb:c2:88:c4:53:
                    1a:eb:96:92:8a:8a:d1:6e:63:ad:62:7f:e2:e3:3d:
                    6c:7b:cb:61:6d:3d:0d:8c:4d:35:bb:63:32:a2:29:
                    45:d0:bf:dd:07:cd:8b:b0:b6:d8:08:d6:88:7c:a9:
                    73:d1:85:ca:35:75:36:70:d4:67:5b:e0:06:3f:02:
                    ce:a4:13:c1:fd:01:ba:51:88:60:da:74:79:66:d7:
                    9c:a2:cb:82:e2:21:5b:86:2f:49:d3:63:18:df:2b:
                    f1:eb:dd:32:1b:4f:b5:74:7d:98:20:cd:ae:de:2a:
                    aa:e1:38:d1:61:88:3c:be:c5:9b:0d:b9:35:c3:ce:
                    ed:b8:80:ce:f1:c0:91:f7:c8:b3:d2:c3:e4:72:3b:
                    bc:23:03:83:50:a0:a7:ba:cb:80:9e:88:f6:0c:0b:
                    01:cb:f8:52:5c:9a:22:73:6b:81:95:b1:e5:1f:c3:
                    93:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E0:BA:F0:3C:6C:66:29:E7:11:B9:8B:46:43:5E:29:5B:22:D9:FD
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/feC68DxsZinnEbmLRkNeKVsi2f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:ffc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:c8:a0:43:92:1f:19:33:5c:73:db:41:00:92:29:57:c8:6d:
         a5:96:2c:24:7f:ca:b0:ae:8c:0e:c3:40:49:12:9c:19:e4:4b:
         07:a4:b0:a6:c1:0b:8c:16:99:aa:3a:93:5f:e9:0b:19:9c:da:
         e5:dd:d4:32:61:ca:df:8d:a0:cc:62:5d:ca:1b:36:78:e2:f4:
         d8:b0:67:d7:23:4e:c4:02:80:9d:2b:df:44:a2:72:14:6e:b7:
         9f:26:ef:c6:3c:1f:18:6f:02:3a:af:58:a5:c8:0b:8b:5e:f6:
         01:07:40:fa:92:3d:d5:c3:bc:05:6a:77:30:e6:d5:39:ae:6c:
         4a:33:98:60:c2:54:3e:11:6e:7b:d0:f3:9c:93:98:67:de:11:
         79:37:4f:a7:22:dc:8b:ae:88:6c:d7:6a:98:7b:59:9e:d7:ad:
         74:78:26:84:0e:3a:3d:9d:e3:80:95:75:b5:d1:25:09:51:7f:
         74:81:5d:86:46:90:81:6c:13:9c:2d:cd:76:59:19:7d:46:63:
         a4:6d:fd:5a:b2:9a:7f:09:cf:7c:9d:63:1d:8b:5e:2d:2c:06:
         3a:a9:57:54:0a:74:bc:56:ce:0f:de:1c:5e:d8:43:51:f2:7e:
         6c:cf:a3:d1:4c:0a:00:7c:dc:d1:06:a0:b4:19:64:64:1b:41:
         23:0c:6f:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJXH65zsj1Wy0R+1wcTDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGUwYmFmMDNjNmM2NjI5ZTcxMWI5OGI0NjQzNWUyOTViMjJkOWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK1vCifQTVaJXdc2AjaspmVXWglS
eIrdl3xNQ3Hl/mnU/wCP6lqvVVqBx63FwUxQ/qMTJMkoMzXNi5pl7khcl2kMnVtl
1KpKabXLy8zC4zTzixXku8KIxFMa65aSiorRbmOtYn/i4z1se8thbT0NjE01u2My
oilF0L/dB82LsLbYCNaIfKlz0YXKNXU2cNRnW+AGPwLOpBPB/QG6UYhg2nR5Ztec
osuC4iFbhi9J02MY3yvx690yG0+1dH2YIM2u3iqq4TjRYYg8vsWbDbk1w87tuIDO
8cCR98iz0sPkcju8IwODUKCnusuAnoj2DAsBy/hSXJoic2uBlbHlH8OTgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH3guvA8bGYp5xG5i0ZDXilbItn9MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZmVDNjhEeHNaaW5uRWJtTFJrTmVLVnNpMmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLhv/A
MA0GCSqGSIb3DQEBCwUAA4IBAQBwyKBDkh8ZM1xz20EAkilXyG2lliwkf8qwrowO
w0BJEpwZ5EsHpLCmwQuMFpmqOpNf6QsZnNrl3dQyYcrfjaDMYl3KGzZ44vTYsGfX
I07EAoCdK99EonIUbrefJu/GPB8YbwI6r1ilyAuLXvYBB0D6kj3Vw7wFancw5tU5
rmxKM5hgwlQ+EW570POck5hn3hF5N0+nItyLrohs12qYe1me1610eCaEDjo9neOA
lXW10SUJUX90gV2GRpCBbBOcLc12WRl9RmOkbf1aspp/Cc98nWMdi14tLAY6qVdU
CnS8Vs4P3hxe2ENR8n5sz6PRTAoAfNzRBqC0GWRkG0EjDG9A
-----END CERTIFICATE-----