Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tzJMcmcm385SSm-v5CidnZVgSJ4.roa
File:                     tzJMcmcm385SSm-v5CidnZVgSJ4.roa (raw, json)
Hash identifier:          +7iEURfPxxRKqx+pSQXaDPnrsBarf/JOeo8wAQpfEdk=
Subject key identifier:   B7:32:4C:72:67:26:DF:CE:52:4A:6F:AF:E4:28:9D:9D:95:60:48:9E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42570A5B965279B08DD7650245EFEA4
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tzJMcmcm385SSm-v5CidnZVgSJ4.roa
Signing time:             Mon 01 Jan 2024 08:30:37 +0000
ROA not before:           Mon 01 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211571
IP address blocks:        2a0b:b87:ffb5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:70:a5:b9:65:27:9b:08:dd:76:50:24:5e:fe:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7324c726726dfce524a6fafe4289d9d9560489e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a1:f3:12:e4:2d:2f:be:ff:7d:84:cb:58:2a:
                    a8:17:57:ae:7e:29:16:51:38:fb:cb:6c:92:c7:f6:
                    56:d1:a1:bd:25:82:f5:d9:01:1b:10:69:ba:1f:55:
                    8e:ae:78:e0:df:84:81:7d:03:65:95:9b:ce:5f:1e:
                    d1:31:ea:6e:a2:3d:4b:98:8c:0f:d7:99:e6:35:02:
                    4e:1a:0c:60:07:b1:d0:55:62:64:d2:70:1e:ac:5b:
                    f4:76:8e:17:c8:c6:ed:5a:55:54:86:11:bb:ae:11:
                    69:4a:58:00:94:b9:fc:10:0a:30:84:09:d8:e1:6b:
                    5b:a8:60:96:51:ae:f3:46:9e:d0:71:71:89:6c:88:
                    06:fd:ac:fc:24:d6:aa:7f:e4:ff:71:7f:0f:8e:ff:
                    9b:78:21:a3:14:55:16:ab:77:94:7c:29:60:d5:f4:
                    d0:86:3e:88:37:15:37:ad:6b:3c:89:fa:64:1c:9e:
                    49:59:eb:1b:5d:94:24:cc:f4:ee:98:44:f3:71:7b:
                    ea:37:f9:78:74:1a:eb:b5:04:29:5f:63:c8:f6:93:
                    09:7f:7e:60:cd:a5:89:02:b9:72:3b:ec:9d:b4:cc:
                    d9:bf:38:ac:21:46:67:32:9f:c2:9a:b4:d9:5e:c2:
                    d2:08:3f:64:e6:b7:96:ee:54:37:12:d2:b4:1a:a1:
                    5b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:32:4C:72:67:26:DF:CE:52:4A:6F:AF:E4:28:9D:9D:95:60:48:9E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/tzJMcmcm385SSm-v5CidnZVgSJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffb5::/48

    Signature Algorithm: sha256WithRSAEncryption
         e0:15:30:4d:4b:f8:00:29:e8:5e:75:a1:d3:bb:4e:f2:d9:78:
         19:09:a2:2a:f5:e8:2e:bc:fa:e5:49:18:cb:22:a8:ac:0a:1c:
         e2:55:2d:70:c3:90:a3:e1:e0:7a:c2:c1:4d:34:90:b6:7b:b7:
         1c:33:01:11:5a:31:0d:84:61:b9:a0:0e:2d:52:66:28:46:33:
         14:fb:57:d4:4e:b3:ae:16:c3:e3:41:3a:e5:00:57:89:d5:d0:
         87:3b:8e:92:7f:dc:bc:db:f6:02:45:9c:de:33:4d:41:b5:34:
         00:6b:0a:bd:d5:7a:24:c2:88:36:12:59:0c:e0:2e:e9:0a:93:
         54:3a:4a:de:26:50:52:e5:4b:bf:63:d9:37:44:1f:5a:77:31:
         a9:25:29:c3:4a:c9:f9:bf:5d:88:73:2b:c7:ad:8b:f3:af:92:
         ec:48:be:fc:10:ca:87:b7:0a:05:de:45:cf:a2:2c:44:27:b1:
         60:d4:c9:e5:8b:5a:43:10:a0:6b:ed:c1:78:66:d9:9f:37:c6:
         9d:74:56:29:7f:e6:f2:be:0a:35:d7:f5:12:be:f3:a6:bf:e2:
         aa:91:5d:de:d5:7c:3f:f5:c3:90:6d:7c:e0:4f:f6:01:9c:c5:
         80:97:53:bc:80:26:2a:4d:f0:68:75:25:ab:8f:b8:66:16:01:
         4c:11:ec:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJXCluWUnmwjddlAkXv6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzMyNGM3MjY3MjZkZmNlNTI0YTZmYWZlNDI4OWQ5ZDk1NjA0ODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaHzEuQtL77/fYTLWCqoF1eufikW
UTj7y2ySx/ZW0aG9JYL12QEbEGm6H1WOrnjg34SBfQNllZvOXx7RMepuoj1LmIwP
15nmNQJOGgxgB7HQVWJk0nAerFv0do4XyMbtWlVUhhG7rhFpSlgAlLn8EAowhAnY
4WtbqGCWUa7zRp7QcXGJbIgG/az8JNaqf+T/cX8Pjv+beCGjFFUWq3eUfClg1fTQ
hj6INxU3rWs8ifpkHJ5JWesbXZQkzPTumETzcXvqN/l4dBrrtQQpX2PI9pMJf35g
zaWJArlyO+ydtMzZvzisIUZnMp/CmrTZXsLSCD9k5reW7lQ3EtK0GqFbXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLcyTHJnJt/OUkpvr+QonZ2VYEieMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvdHpKTWNtY20zODVTU20tdjVDaWRuWlZnU0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+1
MA0GCSqGSIb3DQEBCwUAA4IBAQDgFTBNS/gAKehedaHTu07y2XgZCaIq9eguvPrl
SRjLIqisChziVS1ww5Cj4eB6wsFNNJC2e7ccMwERWjENhGG5oA4tUmYoRjMU+1fU
TrOuFsPjQTrlAFeJ1dCHO46Sf9y82/YCRZzeM01BtTQAawq91Xokwog2ElkM4C7p
CpNUOkreJlBS5Uu/Y9k3RB9adzGpJSnDSsn5v12IcyvHrYvzr5LsSL78EMqHtwoF
3kXPoixEJ7Fg1Mnli1pDEKBr7cF4ZtmfN8addFYpf+byvgo11/USvvOmv+KqkV3e
1Xw/9cOQbXzgT/YBnMWAl1O8gCYqTfBodSWrj7hmFgFMEexh
-----END CERTIFICATE-----