Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/miCQAl5mY-fFlmbbKjqGjGDs9jg.roa
File:                     miCQAl5mY-fFlmbbKjqGjGDs9jg.roa (raw, json)
Hash identifier:          PrG8fQseQT2riWXeRn//V9lvNd/EvogXtxRPs1MZBX8=
Subject key identifier:   9A:20:90:02:5E:66:63:E7:C5:96:66:DB:2A:3A:86:8C:60:EC:F6:38
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256BA83B7212DA4BACA459D5C5F9E9
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/miCQAl5mY-fFlmbbKjqGjGDs9jg.roa
Signing time:             Mon 01 Jan 2024 08:30:35 +0000
ROA not before:           Mon 01 Jan 2024 08:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207892
IP address blocks:        2a0b:b87:ffdb::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6b:a8:3b:72:12:da:4b:ac:a4:59:d5:c5:f9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a2090025e6663e7c59666db2a3a868c60ecf638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:11:b5:b1:3b:47:40:21:f6:1b:d4:1c:bf:ec:
                    d7:67:da:d8:d5:c4:38:e9:1d:d3:1a:2d:f3:b8:00:
                    0b:26:87:21:1f:97:cd:dc:ce:f5:13:67:b5:60:9c:
                    52:ea:05:42:00:e7:99:b0:57:17:d8:1d:ee:6f:64:
                    7d:cd:7e:5b:23:50:6e:fa:9c:c3:e9:ab:36:f6:99:
                    6a:a8:6f:96:d5:db:59:6c:cc:8d:d3:65:7d:d1:dc:
                    d5:63:9f:05:c7:73:8e:9b:5e:4c:bd:0d:cb:d1:19:
                    bf:b7:10:d8:2b:c0:58:fe:84:b5:39:99:06:13:d3:
                    ef:b2:63:81:d8:a8:58:28:59:b8:ca:5d:80:b1:7a:
                    43:08:fb:b7:61:b6:60:16:9b:4d:ca:31:14:01:1f:
                    7b:78:8f:7f:08:b4:f6:78:7b:87:f0:29:9b:09:17:
                    15:ba:6d:64:81:4f:00:3b:ff:d3:a9:11:55:d5:7b:
                    cd:15:35:bf:fa:d2:c3:43:69:14:9d:9a:79:e7:b4:
                    5d:38:f9:86:bd:5c:25:c9:b9:f1:68:a7:d4:90:d4:
                    30:ad:ed:2c:36:a4:34:ce:fa:be:07:e1:cd:d3:b2:
                    74:9b:91:ac:1e:b5:7c:7a:d0:75:22:d9:3b:79:c1:
                    27:b5:78:4e:8c:d1:4d:2b:b4:9a:2b:d7:5d:cc:43:
                    83:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:20:90:02:5E:66:63:E7:C5:96:66:DB:2A:3A:86:8C:60:EC:F6:38
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/miCQAl5mY-fFlmbbKjqGjGDs9jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffdb::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:d4:89:8c:92:ab:b2:4e:ad:b9:4e:35:5d:e9:89:60:68:1a:
         e0:1d:aa:34:5b:4b:fd:71:a1:14:67:ab:59:b8:4b:e4:68:7d:
         34:3a:00:8d:5e:d1:22:4c:52:fd:28:67:7a:0c:98:19:57:90:
         4e:2a:1f:c8:89:86:58:23:36:18:76:95:25:0b:a1:86:d5:1a:
         eb:3f:c4:48:d8:bb:5b:23:e9:a6:7b:44:12:83:c8:d0:f9:e0:
         fd:53:f1:ee:23:9a:c0:df:37:b1:40:e2:e0:9d:48:c2:ae:6a:
         d3:ee:4a:f8:45:76:19:ea:b8:d4:55:d7:be:18:12:7c:7e:9d:
         51:b1:d1:fd:bc:44:f7:dd:1a:de:d2:0e:f0:be:4e:dd:d3:b5:
         72:c5:21:8f:d3:60:14:be:33:8d:a7:05:d9:fb:38:cf:34:6c:
         fc:2b:82:1b:c6:68:e2:93:c9:87:56:cb:44:f2:d0:66:7a:52:
         12:4a:a9:27:a9:14:36:3b:31:e1:3a:d5:d8:0f:51:cd:6c:5c:
         51:c9:50:b3:f5:0e:8c:19:49:ee:1d:8b:cd:c5:20:2e:01:fb:
         ad:cb:95:1c:3e:16:1a:c8:ab:d3:53:c4:eb:4d:71:8f:55:80:
         97:ab:55:d5:5d:88:29:98:43:97:e4:9c:85:c1:4d:e0:4b:f2:
         13:0d:56:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWuoO3IS2kuspFnVxfnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTIwOTAwMjVlNjY2M2U3YzU5NjY2ZGIyYTNhODY4YzYwZWNmNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBG1sTtHQCH2G9Qcv+zXZ9rY1cQ4
6R3TGi3zuAALJochH5fN3M71E2e1YJxS6gVCAOeZsFcX2B3ub2R9zX5bI1Bu+pzD
6as29plqqG+W1dtZbMyN02V90dzVY58Fx3OOm15MvQ3L0Rm/txDYK8BY/oS1OZkG
E9PvsmOB2KhYKFm4yl2AsXpDCPu3YbZgFptNyjEUAR97eI9/CLT2eHuH8CmbCRcV
um1kgU8AO//TqRFV1XvNFTW/+tLDQ2kUnZp557RdOPmGvVwlybnxaKfUkNQwre0s
NqQ0zvq+B+HN07J0m5GsHrV8etB1Itk7ecEntXhOjNFNK7SaK9ddzEOD3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJogkAJeZmPnxZZm2yo6hoxg7PY4MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbWlDUUFsNW1ZLWZGbG1iYktqcUdqR0RzOWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh//b
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ1ImMkquyTq25TjVd6YlgaBrgHao0W0v9caEU
Z6tZuEvkaH00OgCNXtEiTFL9KGd6DJgZV5BOKh/IiYZYIzYYdpUlC6GG1RrrP8RI
2LtbI+mme0QSg8jQ+eD9U/HuI5rA3zexQOLgnUjCrmrT7kr4RXYZ6rjUVde+GBJ8
fp1RsdH9vET33Rre0g7wvk7d07VyxSGP02AUvjONpwXZ+zjPNGz8K4Ibxmjik8mH
VstE8tBmelISSqknqRQ2OzHhOtXYD1HNbFxRyVCz9Q6MGUnuHYvNxSAuAfuty5Uc
PhYayKvTU8TrTXGPVYCXq1XVXYgpmEOX5JyFwU3gS/ITDVbp
-----END CERTIFICATE-----