Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/l4O_rpabunOlq4EeXVOCXQSDAQ0.roa
File:                     l4O_rpabunOlq4EeXVOCXQSDAQ0.roa (raw, json)
Hash identifier:          cOfc6kHme4QAjYT4cmzcqpCEw/ci85YmycQZDeTO0S4=
Subject key identifier:   97:83:BF:AE:96:9B:BA:73:A5:AB:81:1E:5D:53:82:5D:04:83:01:0D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255AC35C2F3966EB6FC221462CA062
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/l4O_rpabunOlq4EeXVOCXQSDAQ0.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35029
IP address blocks:        2a0b:b86:ffc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:c3:5c:2f:39:66:eb:6f:c2:21:46:2c:a0:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9783bfae969bba73a5ab811e5d53825d0483010d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a6:a0:57:89:f0:b0:2c:14:f7:1c:9c:5c:af:
                    1d:04:2b:8f:c7:8b:a0:24:fc:6e:1a:9f:3c:04:1f:
                    80:a5:c1:cb:53:60:56:05:bf:e6:36:4f:9e:4b:bb:
                    67:f7:60:85:b7:d3:bc:3c:71:b0:29:e4:7d:fa:4e:
                    67:25:cb:38:b8:35:84:a8:4b:06:17:e7:9b:53:3e:
                    6e:f6:31:8f:ff:17:15:60:34:31:07:da:14:b6:54:
                    8e:b0:98:67:ca:da:08:15:60:23:33:0b:2a:f7:89:
                    4f:3c:6b:48:28:b7:5e:e4:d8:2b:fd:ea:fd:ad:d4:
                    99:f3:57:fc:e9:bb:09:3b:57:b0:47:f2:4c:45:c3:
                    c8:0a:76:3d:f3:23:67:21:db:e2:b2:6d:71:0c:d3:
                    b8:36:91:f1:d9:7c:94:3b:26:1f:f6:93:fd:aa:96:
                    b0:8b:4e:10:35:c8:24:fb:c1:5f:c1:49:7f:f7:1e:
                    26:12:5f:84:ca:38:2d:43:3c:81:e2:b9:b8:d2:ec:
                    ae:15:aa:49:7f:27:bd:60:e6:75:bc:15:39:8e:52:
                    e7:7f:6b:f5:e0:87:a2:11:73:bb:e1:9a:e4:c1:96:
                    2d:4f:74:e3:01:8b:d2:6e:50:06:8f:29:25:5e:44:
                    a9:71:df:6f:de:a1:31:e6:fb:ad:d6:a1:05:f9:05:
                    7e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:83:BF:AE:96:9B:BA:73:A5:AB:81:1E:5D:53:82:5D:04:83:01:0D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/l4O_rpabunOlq4EeXVOCXQSDAQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:ffc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:5d:5d:b2:90:bd:0b:19:21:2e:d9:04:f9:e4:ee:1b:51:12:
         82:f2:ab:2d:e9:e2:fc:f6:32:c7:82:71:e6:42:13:79:99:dc:
         22:8c:1e:94:3e:0d:3b:98:0d:f0:4c:3c:33:05:42:c9:8a:b2:
         d2:10:6d:5b:32:38:53:94:4a:c0:62:05:52:34:08:98:5f:89:
         14:64:b1:93:c5:cd:e0:f3:b5:9c:37:0a:31:e2:14:c5:56:e9:
         98:42:bc:0f:d5:e6:a3:f6:5d:df:3e:aa:6a:5b:f2:bb:57:8a:
         c7:b0:1a:14:db:89:3f:79:ea:ff:3e:d5:d0:e4:c1:71:d5:9e:
         7e:bd:b0:3b:61:39:0c:a8:f2:92:05:df:71:dc:29:30:6d:03:
         79:57:ba:06:0b:06:76:d1:99:91:5f:8c:26:90:6a:42:a0:e0:
         85:b5:a3:7e:46:bc:04:0f:60:f8:a1:d2:bb:6e:c7:8f:cc:33:
         61:10:32:82:9d:82:2a:46:50:d8:3b:8e:03:d2:16:ae:6d:ce:
         2f:7f:27:3b:1e:1d:5e:dd:a7:95:80:68:fb:ee:6b:d5:d5:8b:
         dc:12:0e:7f:e0:f4:60:dd:e6:f6:50:b0:0b:92:f2:3d:2d:62:
         d6:69:f4:0e:f3:55:aa:32:db:fc:b5:07:85:cf:b5:2a:b7:c3:
         24:fd:89:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVrDXC85ZutvwiFGLKBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzgzYmZhZTk2OWJiYTczYTVhYjgxMWU1ZDUzODI1ZDA0ODMwMTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaagV4nwsCwU9xycXK8dBCuPx4ug
JPxuGp88BB+ApcHLU2BWBb/mNk+eS7tn92CFt9O8PHGwKeR9+k5nJcs4uDWEqEsG
F+ebUz5u9jGP/xcVYDQxB9oUtlSOsJhnytoIFWAjMwsq94lPPGtIKLde5Ngr/er9
rdSZ81f86bsJO1ewR/JMRcPICnY98yNnIdvism1xDNO4NpHx2XyUOyYf9pP9qpaw
i04QNcgk+8FfwUl/9x4mEl+EyjgtQzyB4rm40uyuFapJfye9YOZ1vBU5jlLnf2v1
4IeiEXO74ZrkwZYtT3TjAYvSblAGjyklXkSpcd9v3qEx5vut1qEF+QV+OwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJeDv66Wm7pzpauBHl1Tgl0EgwENMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbDRPX3JwYWJ1bk9scTRFZVhWT0NYUVNEQVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLhv/A
MA0GCSqGSIb3DQEBCwUAA4IBAQB3XV2ykL0LGSEu2QT55O4bURKC8qst6eL89jLH
gnHmQhN5mdwijB6UPg07mA3wTDwzBULJirLSEG1bMjhTlErAYgVSNAiYX4kUZLGT
xc3g87WcNwox4hTFVumYQrwP1eaj9l3fPqpqW/K7V4rHsBoU24k/eer/PtXQ5MFx
1Z5+vbA7YTkMqPKSBd9x3CkwbQN5V7oGCwZ20ZmRX4wmkGpCoOCFtaN+RrwED2D4
odK7bsePzDNhEDKCnYIqRlDYO44D0haubc4vfyc7Hh1e3aeVgGj77mvV1YvcEg5/
4PRg3eb2ULALkvI9LWLWafQO81WqMtv8tQeFz7Uqt8Mk/YmH
-----END CERTIFICATE-----