Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/rhgm7LkNzC4Xd1olvkK7ecf4wNk.roa
File:                     rhgm7LkNzC4Xd1olvkK7ecf4wNk.roa (raw, json)
Hash identifier:          J0PThew32e2XHyG5AsP19iNFHOYkKfx7nYw9sl5d0pU=
Subject key identifier:   AE:18:26:EC:B9:0D:CC:2E:17:77:5A:25:BE:42:BB:79:C7:F8:C0:D9
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42572E7C0C216343004BD95AC0D66CB
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/rhgm7LkNzC4Xd1olvkK7ecf4wNk.roa
Signing time:             Mon 01 Jan 2024 08:30:37 +0000
ROA not before:           Mon 01 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212154
IP address blocks:        2a0b:b87:ffa2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:72:e7:c0:c2:16:34:30:04:bd:95:ac:0d:66:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae1826ecb90dcc2e17775a25be42bb79c7f8c0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f0:5a:fb:b1:32:1a:ee:bd:b5:d5:34:02:c1:
                    11:b0:f8:f3:98:cc:10:d8:20:ac:9e:34:88:93:bf:
                    1c:d5:3c:74:f6:bf:93:eb:af:dd:20:e6:a3:16:4e:
                    66:43:6c:5c:71:a2:7d:e5:17:d7:12:02:86:f8:4c:
                    7e:7b:fa:b7:c6:2a:aa:6c:fc:f4:4b:80:23:a3:48:
                    5b:ae:ff:f9:f8:97:e2:af:d9:73:e4:4e:01:74:e5:
                    ca:7f:2c:23:b1:dd:e1:ac:f2:3d:42:51:8f:75:81:
                    91:d7:17:c2:00:e5:fa:6d:3f:5d:0a:4a:b0:c1:01:
                    2a:ba:be:90:57:0c:0e:35:54:43:bc:9e:02:a9:36:
                    6e:ef:a5:fa:cf:c6:4d:d7:80:56:03:04:a9:81:76:
                    a8:eb:fe:61:db:44:15:33:de:b0:c6:e5:c1:37:0a:
                    65:cc:52:df:87:bb:49:ee:50:54:4e:17:d6:94:11:
                    28:95:2c:17:b5:72:a9:0c:46:1a:31:7e:f0:46:70:
                    8a:f4:ac:78:8d:ae:c5:a2:da:2c:b9:3b:3c:cc:14:
                    5c:67:dc:49:4c:7b:2c:55:38:a9:ce:43:43:86:ba:
                    8e:75:03:cf:ed:c2:a6:bb:37:cd:01:7f:57:81:74:
                    31:d6:1c:a1:ce:ee:ae:20:45:fb:17:94:03:e6:b3:
                    fc:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:18:26:EC:B9:0D:CC:2E:17:77:5A:25:BE:42:BB:79:C7:F8:C0:D9
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/rhgm7LkNzC4Xd1olvkK7ecf4wNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffa2::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:1a:5e:f4:65:cd:3e:2f:85:18:d5:24:0f:97:ff:57:ee:20:
         12:fb:67:b6:97:da:1f:42:13:36:68:fd:a3:af:07:d1:cc:44:
         6d:ae:9a:0f:83:1c:35:5e:55:3b:47:a1:2e:64:5e:35:c7:f0:
         01:36:2b:1b:8e:ba:af:d8:5f:23:b7:a1:cf:c7:20:64:f2:41:
         ec:ff:fb:9a:27:65:4d:38:fe:f8:0a:c1:71:71:18:35:86:c9:
         bf:eb:cd:fd:32:75:fe:8c:e5:5d:9c:86:dc:80:5f:61:24:79:
         2b:0d:06:41:66:ca:1f:4c:f2:5b:da:7e:b6:8e:26:a9:62:95:
         8d:8d:56:56:dd:75:bb:3b:57:9d:93:0f:96:81:7f:75:6b:76:
         92:ca:47:90:8d:b9:08:a5:57:f1:18:9f:a5:2e:e3:51:53:84:
         33:44:3b:ed:d0:aa:b8:54:3e:7b:5c:b5:62:62:14:58:9a:b0:
         80:3e:f5:37:e0:73:f1:ae:77:64:c9:b2:3a:8d:d2:16:e8:d2:
         62:b5:43:ea:11:7b:7f:ec:64:18:67:7e:05:5d:fb:aa:82:68:
         5a:9a:9b:2e:15:89:db:a8:4e:6a:0a:30:50:d2:14:9d:74:e3:
         b6:ea:09:7b:15:1c:57:7f:a2:1e:70:f0:57:55:6f:65:b8:7f:
         32:36:8a:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJXLnwMIWNDAEvZWsDWbLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE4MjZlY2I5MGRjYzJlMTc3NzVhMjViZTQyYmI3OWM3ZjhjMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Ba+7EyGu69tdU0AsERsPjzmMwQ
2CCsnjSIk78c1Tx09r+T66/dIOajFk5mQ2xccaJ95RfXEgKG+Ex+e/q3xiqqbPz0
S4Ajo0hbrv/5+Jfir9lz5E4BdOXKfywjsd3hrPI9QlGPdYGR1xfCAOX6bT9dCkqw
wQEqur6QVwwONVRDvJ4CqTZu76X6z8ZN14BWAwSpgXao6/5h20QVM96wxuXBNwpl
zFLfh7tJ7lBUThfWlBEolSwXtXKpDEYaMX7wRnCK9Kx4ja7FotosuTs8zBRcZ9xJ
THssVTipzkNDhrqOdQPP7cKmuzfNAX9XgXQx1hyhzu6uIEX7F5QD5rP8lwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK4YJuy5DcwuF3daJb5Cu3nH+MDZMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvcmhnbTdMa056QzRYZDFvbHZrSzdlY2Y0d05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+i
MA0GCSqGSIb3DQEBCwUAA4IBAQAGGl70Zc0+L4UY1SQPl/9X7iAS+2e2l9ofQhM2
aP2jrwfRzERtrpoPgxw1XlU7R6EuZF41x/ABNisbjrqv2F8jt6HPxyBk8kHs//ua
J2VNOP74CsFxcRg1hsm/6839MnX+jOVdnIbcgF9hJHkrDQZBZsofTPJb2n62jiap
YpWNjVZW3XW7O1edkw+WgX91a3aSykeQjbkIpVfxGJ+lLuNRU4QzRDvt0Kq4VD57
XLViYhRYmrCAPvU34HPxrndkybI6jdIW6NJitUPqEXt/7GQYZ34FXfuqgmhampsu
FYnbqE5qCjBQ0hSddOO26gl7FRxXf6IecPBXVW9luH8yNorQ
-----END CERTIFICATE-----