Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/zTk3UsGg35RYHjXI1XByzzNhW9E.roa
File:                     zTk3UsGg35RYHjXI1XByzzNhW9E.roa (raw, json)
Hash identifier:          lqS610xzipTgTKz4OG7hJzuZiHTQYZe6lWWy3XGnMAA=
Subject key identifier:   CD:39:37:52:C1:A0:DF:94:58:1E:35:C8:D5:70:72:CF:33:61:5B:D1
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255AA0BB0265708287177646A2CB2D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/zTk3UsGg35RYHjXI1XByzzNhW9E.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34692
IP address blocks:        2a0b:b86:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:a0:bb:02:65:70:82:87:17:76:46:a2:cb:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd393752c1a0df94581e35c8d57072cf33615bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d4:9e:1f:d1:6c:5a:d5:7a:d6:fd:08:72:11:
                    d7:27:20:d1:55:3c:70:88:e1:ed:71:1e:2b:3b:6b:
                    bd:f4:74:5c:08:b4:55:e1:57:c2:db:e2:91:3e:10:
                    40:12:f2:bc:5b:60:4b:00:6e:81:ab:bb:f5:81:bc:
                    10:cf:2b:cd:c0:0f:ae:af:5c:2e:63:df:4c:d8:0d:
                    cb:85:6f:85:9c:4b:3a:82:7d:b7:b0:a0:65:15:a9:
                    9d:47:35:a2:6c:9c:98:5a:3f:59:b1:32:66:3c:87:
                    91:b4:6a:10:e3:ed:f5:76:9e:c0:4f:4b:bb:3f:34:
                    a7:3f:eb:8e:24:08:1c:9e:67:9b:5d:a1:3b:e4:7e:
                    76:c0:cf:c1:c7:e4:2a:41:b8:51:c3:ac:29:ea:46:
                    e4:46:98:79:7a:eb:a7:1a:63:f1:10:9c:e7:da:2f:
                    88:cd:9a:7d:b4:0f:fb:db:92:74:3c:5c:2c:53:32:
                    bd:e2:ca:ec:a3:d6:76:89:e8:84:09:96:a9:5d:b3:
                    9a:fa:78:71:1b:0d:5d:7c:98:dc:f6:82:9e:6f:0e:
                    7d:e2:cd:76:bf:b9:00:94:97:04:98:b3:16:e5:82:
                    fd:db:8e:d6:1e:d8:d5:7f:e3:35:61:22:31:59:59:
                    97:c1:ca:46:2c:eb:59:7d:03:77:e6:f7:2d:53:da:
                    02:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:39:37:52:C1:A0:DF:94:58:1E:35:C8:D5:70:72:CF:33:61:5B:D1
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/zTk3UsGg35RYHjXI1XByzzNhW9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:e5:2c:1b:42:d7:a4:5f:71:f6:d0:1a:09:85:ac:76:60:1c:
         12:d2:22:43:10:25:fe:0c:35:16:8a:d7:f1:3f:db:d8:e9:e9:
         8a:98:e7:7c:fe:0c:b9:fc:82:61:08:f3:5e:04:68:f2:df:ae:
         2c:0b:da:a7:15:62:62:fd:48:93:8a:1d:5e:f6:de:e8:08:93:
         05:ad:f5:19:81:11:21:29:6d:a9:b4:fe:df:06:bc:50:97:71:
         5c:d8:eb:ef:77:26:79:cc:33:bc:85:00:85:f2:fe:46:94:28:
         3c:2d:29:ce:55:ce:2e:4c:b2:39:cd:3e:c9:22:4e:58:3a:ac:
         1e:c4:f1:48:9b:23:56:36:d8:bd:72:73:93:8c:e4:c9:dc:77:
         a8:44:42:bd:3b:4d:07:3d:ed:0e:dd:9a:c0:93:2d:5a:79:7c:
         71:74:cc:ff:db:52:2d:76:1c:4c:51:8a:c3:d6:08:d9:65:57:
         6c:5b:84:28:f7:72:6b:93:54:7a:f1:0b:e5:e7:3c:7b:10:60:
         0d:b0:8c:fe:b8:f3:b5:80:a3:af:d9:08:d0:5e:25:98:b1:5f:
         ef:60:71:47:b2:4e:84:92:d6:d8:2f:a4:47:6e:b1:ee:da:61:
         76:88:2c:95:a8:9a:16:a6:d5:35:e6:5a:28:73:fa:50:4d:3e:
         84:07:67:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVqguwJlcIKHF3ZGosstMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDM5Mzc1MmMxYTBkZjk0NTgxZTM1YzhkNTcwNzJjZjMzNjE1YmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNSeH9FsWtV61v0IchHXJyDRVTxw
iOHtcR4rO2u99HRcCLRV4VfC2+KRPhBAEvK8W2BLAG6Bq7v1gbwQzyvNwA+ur1wu
Y99M2A3LhW+FnEs6gn23sKBlFamdRzWibJyYWj9ZsTJmPIeRtGoQ4+31dp7AT0u7
PzSnP+uOJAgcnmebXaE75H52wM/Bx+QqQbhRw6wp6kbkRph5euunGmPxEJzn2i+I
zZp9tA/725J0PFwsUzK94srso9Z2ieiECZapXbOa+nhxGw1dfJjc9oKebw594s12
v7kAlJcEmLMW5YL9247WHtjVf+M1YSIxWVmXwcpGLOtZfQN35vctU9oCnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM05N1LBoN+UWB41yNVwcs8zYVvRMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvelRrM1VzR2czNVJZSGpYSTFYQnl6ek5oVzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLhgAS
MA0GCSqGSIb3DQEBCwUAA4IBAQC35SwbQtekX3H20BoJhax2YBwS0iJDECX+DDUW
itfxP9vY6emKmOd8/gy5/IJhCPNeBGjy364sC9qnFWJi/UiTih1e9t7oCJMFrfUZ
gREhKW2ptP7fBrxQl3Fc2OvvdyZ5zDO8hQCF8v5GlCg8LSnOVc4uTLI5zT7JIk5Y
OqwexPFImyNWNti9cnOTjOTJ3HeoREK9O00HPe0O3ZrAky1aeXxxdMz/21ItdhxM
UYrD1gjZZVdsW4Qo93Jrk1R68Qvl5zx7EGANsIz+uPO1gKOv2QjQXiWYsV/vYHFH
sk6EktbYL6RHbrHu2mF2iCyVqJoWptU15looc/pQTT6EB2dv
-----END CERTIFICATE-----