Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/fkrBIhZact9Dl9mHF9VnjKnBUbs.roa
File:                     fkrBIhZact9Dl9mHF9VnjKnBUbs.roa (raw, json)
Hash identifier:          vMLfUbn4P3y9b+dKg0SXPt03I6QsNKqOskeGb13LEjI=
Subject key identifier:   7E:4A:C1:22:16:5A:72:DF:43:97:D9:87:17:D5:67:8C:A9:C1:51:BB
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42577E9C2E7AA7ABE636768354D7BC6
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/fkrBIhZact9Dl9mHF9VnjKnBUbs.roa
Signing time:             Mon 01 Jan 2024 08:30:38 +0000
ROA not before:           Mon 01 Jan 2024 08:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398355
IP address blocks:        2a0b:b87:ffbd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:77:e9:c2:e7:aa:7a:be:63:67:68:35:4d:7b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e4ac122165a72df4397d98717d5678ca9c151bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:11:01:b3:56:74:00:3a:33:55:cc:c8:e2:70:
                    fa:25:d1:44:3b:9d:da:41:3c:a5:fd:af:89:9b:ae:
                    59:fe:ba:3c:fc:90:7f:df:7d:9c:5e:49:6d:56:5b:
                    fd:ac:d0:56:af:98:8e:8b:25:41:7b:30:1b:92:77:
                    5f:39:b4:04:57:08:59:58:e7:3b:e7:a5:ae:3c:48:
                    fb:a7:6c:47:7b:0a:5e:fd:fb:2f:8a:4a:68:d4:41:
                    5e:85:e0:f8:ae:e1:5c:15:6d:51:a8:45:50:a8:fb:
                    14:90:b1:8d:ae:3b:5b:92:9e:d9:8c:e5:c1:11:c1:
                    0f:53:79:d8:1d:ca:ce:6b:7e:10:f4:61:f2:9d:05:
                    f9:d0:5f:cf:71:0b:d4:eb:bc:fc:2c:3c:c8:b5:05:
                    fe:f4:58:fd:0e:88:c9:db:c3:a4:d6:e4:e1:5a:3e:
                    70:27:eb:78:3d:bf:e2:84:53:a5:24:54:6a:f7:41:
                    05:da:7e:bf:fa:6e:d4:24:e3:30:56:1d:60:31:8b:
                    0b:22:f3:68:7d:d1:f0:99:8b:0e:93:63:63:c6:af:
                    d4:d0:40:10:1c:09:25:3c:37:52:f7:1e:40:c9:2f:
                    df:0d:ad:c2:e1:ae:69:ec:f7:15:93:d3:fa:f8:3f:
                    59:6c:51:e6:58:c7:c6:2c:d0:7f:4b:72:5c:1f:81:
                    a9:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4A:C1:22:16:5A:72:DF:43:97:D9:87:17:D5:67:8C:A9:C1:51:BB
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/fkrBIhZact9Dl9mHF9VnjKnBUbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffbd::/48

    Signature Algorithm: sha256WithRSAEncryption
         bb:c5:fd:85:67:17:21:76:d3:c6:c5:da:b6:15:e5:ef:1c:ab:
         c9:04:3a:b9:d7:80:ca:dd:4e:7d:2d:82:d9:84:54:05:c0:cf:
         b5:04:55:ad:9c:96:b4:97:74:0b:7e:17:40:80:b0:ae:09:e8:
         9f:64:9f:dd:59:c7:85:ff:43:c2:ee:8e:84:88:5f:db:a2:d6:
         53:15:c2:a7:39:85:61:62:cf:85:55:75:3b:df:77:43:04:9e:
         a6:e5:ba:fb:b1:f3:a9:e3:df:18:a1:a4:96:8b:e8:f2:ff:81:
         e9:9d:d9:02:c7:a8:f1:d6:e8:01:e6:25:d8:4f:7a:4f:a7:d9:
         d6:c7:53:b9:7c:be:50:c3:d2:55:b6:2f:67:ad:85:4b:e9:52:
         a8:cc:47:93:a8:db:97:51:09:e5:43:db:f8:7f:0c:aa:f2:be:
         b4:f8:74:4d:a3:2b:b9:d8:cc:6e:71:ee:1e:02:a6:19:ce:54:
         66:32:d8:74:41:bd:1c:74:04:84:2e:6e:5e:78:a3:9b:c3:9c:
         2f:da:2d:a7:4f:b4:6e:11:60:e6:51:22:68:f9:70:d8:f4:e6:
         ca:f0:c5:eb:22:65:d6:eb:ab:cc:90:db:53:32:fc:19:16:e8:
         e6:fb:33:f4:b9:86:40:c2:41:1d:ec:71:3f:39:c1:88:81:73:
         ce:e0:62:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJXfpwueqer5jZ2g1TXvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRhYzEyMjE2NWE3MmRmNDM5N2Q5ODcxN2Q1Njc4Y2E5YzE1MWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5REBs1Z0ADozVczI4nD6JdFEO53a
QTyl/a+Jm65Z/ro8/JB/332cXkltVlv9rNBWr5iOiyVBezAbkndfObQEVwhZWOc7
56WuPEj7p2xHewpe/fsvikpo1EFeheD4ruFcFW1RqEVQqPsUkLGNrjtbkp7ZjOXB
EcEPU3nYHcrOa34Q9GHynQX50F/PcQvU67z8LDzItQX+9Fj9DojJ28Ok1uThWj5w
J+t4Pb/ihFOlJFRq90EF2n6/+m7UJOMwVh1gMYsLIvNofdHwmYsOk2Njxq/U0EAQ
HAklPDdS9x5AyS/fDa3C4a5p7PcVk9P6+D9ZbFHmWMfGLNB/S3JcH4GptQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH5KwSIWWnLfQ5fZhxfVZ4ypwVG7MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZmtyQkloWmFjdDlEbDltSEY5Vm5qS25CVWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+9
MA0GCSqGSIb3DQEBCwUAA4IBAQC7xf2FZxchdtPGxdq2FeXvHKvJBDq514DK3U59
LYLZhFQFwM+1BFWtnJa0l3QLfhdAgLCuCeifZJ/dWceF/0PC7o6EiF/botZTFcKn
OYVhYs+FVXU733dDBJ6m5br7sfOp498YoaSWi+jy/4HpndkCx6jx1ugB5iXYT3pP
p9nWx1O5fL5Qw9JVti9nrYVL6VKozEeTqNuXUQnlQ9v4fwyq8r60+HRNoyu52Mxu
ce4eAqYZzlRmMth0Qb0cdASELm5eeKObw5wv2i2nT7RuEWDmUSJo+XDY9ObK8MXr
ImXW66vMkNtTMvwZFujm+zP0uYZAwkEd7HE/OcGIgXPO4GI5
-----END CERTIFICATE-----