Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/88175a-12c8-4590-82e0-3c6f88c914b1/1/fcOZrsQdNAZNPjzuV6-pnOKNwEI.roa
File:                     fcOZrsQdNAZNPjzuV6-pnOKNwEI.roa (raw, json)
Hash identifier:          8ViOAIcslnlzDsfhAL3pZAa61EXBUCo2ayW001xkWxw=
Subject key identifier:   7D:C3:99:AE:C4:1D:34:06:4D:3E:3C:EE:57:AF:A9:9C:E2:8D:C0:42
Certificate issuer:       /CN=27d8640c305107766a646fbf8ec81db45ce1f249
Certificate serial:       018CC5DC5AB7AD1142DB1C3C41BB7BD72B9E
Authority key identifier: 27:D8:64:0C:30:51:07:76:6A:64:6F:BF:8E:C8:1D:B4:5C:E1:F2:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9hkDDBRB3ZqZG-_jsgdtFzh8kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/88175a-12c8-4590-82e0-3c6f88c914b1/1/fcOZrsQdNAZNPjzuV6-pnOKNwEI.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8399
IP address blocks:        2a0c:10c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/88175a-12c8-4590-82e0-3c6f88c914b1/1/J9hkDDBRB3ZqZG-_jsgdtFzh8kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/88175a-12c8-4590-82e0-3c6f88c914b1/1/J9hkDDBRB3ZqZG-_jsgdtFzh8kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J9hkDDBRB3ZqZG-_jsgdtFzh8kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5a:b7:ad:11:42:db:1c:3c:41:bb:7b:d7:2b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d8640c305107766a646fbf8ec81db45ce1f249
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dc399aec41d34064d3e3cee57afa99ce28dc042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f2:d9:de:c2:e9:37:49:29:05:51:9e:b2:bd:
                    ef:65:57:ba:f2:29:84:54:b6:e3:e6:87:76:85:b0:
                    26:9c:4d:10:86:53:58:c7:60:b2:c8:d8:58:2e:3d:
                    a5:7b:9b:6c:da:f0:f5:ff:4a:fe:74:00:56:29:5e:
                    78:69:2c:9f:af:a7:87:02:25:bb:f1:5d:86:47:8d:
                    97:3b:26:85:cc:f9:a3:e1:cb:05:7e:dd:1f:c4:66:
                    02:e6:8c:d1:2a:9d:58:f8:4f:43:7c:51:3e:34:05:
                    77:b0:bd:3c:67:65:3e:2b:df:bc:21:51:1a:fb:26:
                    fe:90:81:19:03:e5:5f:e4:43:ac:09:6f:a2:6b:12:
                    dc:92:ac:36:af:1d:9a:45:b8:f2:0b:ea:8a:e0:05:
                    ef:a4:c8:af:cb:0d:ee:be:ae:86:60:1e:e4:f8:51:
                    49:08:35:df:68:f5:5a:b9:8d:df:ed:d0:51:6e:45:
                    4a:08:db:0a:db:56:69:7d:08:57:f6:dc:60:fa:d5:
                    dc:33:49:52:d5:d7:98:6f:f3:50:b7:4c:10:52:07:
                    43:f5:5c:cd:93:f7:66:3e:69:80:3e:b8:39:cb:cc:
                    e8:1c:00:63:75:44:e0:41:8c:88:57:75:25:f4:11:
                    42:f5:4b:23:54:3e:39:f0:c9:d1:91:40:34:c4:8c:
                    e6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C3:99:AE:C4:1D:34:06:4D:3E:3C:EE:57:AF:A9:9C:E2:8D:C0:42
            X509v3 Authority Key Identifier:
                keyid:27:D8:64:0C:30:51:07:76:6A:64:6F:BF:8E:C8:1D:B4:5C:E1:F2:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9hkDDBRB3ZqZG-_jsgdtFzh8kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/88175a-12c8-4590-82e0-3c6f88c914b1/1/fcOZrsQdNAZNPjzuV6-pnOKNwEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/88175a-12c8-4590-82e0-3c6f88c914b1/1/J9hkDDBRB3ZqZG-_jsgdtFzh8kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:56:69:61:17:7f:40:9c:ad:ce:51:97:d5:b5:b0:38:39:81:
         21:56:68:a5:88:be:9e:74:30:31:d8:84:cb:b5:53:ba:60:5e:
         1a:fb:a1:d9:5c:b3:3a:34:50:b5:e2:a3:79:71:d3:65:d7:2f:
         e8:43:d8:c0:db:23:66:88:25:1e:7a:26:90:47:dd:d2:7a:4e:
         76:e2:62:88:fd:d4:09:d8:45:fa:66:68:76:14:d2:e7:77:8d:
         3c:40:71:16:88:d0:d3:f4:a4:a7:5b:ab:ca:c4:10:5a:1e:18:
         bc:60:c7:ef:8b:85:f2:17:d0:a3:55:6b:7d:40:d4:84:c7:03:
         66:c6:d2:55:88:c8:12:84:ab:a4:25:58:ad:df:3b:2d:e4:78:
         a4:ab:20:ed:cf:a0:95:2b:43:bc:1a:2f:8a:0d:83:3d:d5:e5:
         7e:5e:8a:28:f1:54:21:fe:dd:13:15:66:43:d4:5e:13:29:e4:
         df:79:be:4d:5e:3c:80:9a:85:05:a9:19:b0:2d:3f:99:d3:57:
         4b:37:e4:25:13:dc:55:2a:2c:a6:b4:2c:8f:b8:cb:e9:11:fe:
         e9:4c:05:b5:5b:3b:5d:bb:b6:74:f4:63:8c:6e:80:01:95:4d:
         59:e6:de:ef:55:33:ae:c3:bf:b3:92:0b:51:48:69:11:9b:eb:
         3d:09:20:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3Fq3rRFC2xw8Qbt71yueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDg2NDBjMzA1MTA3NzY2YTY0NmZiZjhlYzgxZGI0NWNl
MWYyNDkwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMzOTlhZWM0MWQzNDA2NGQzZTNjZWU1N2FmYTk5Y2UyOGRjMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfLZ3sLpN0kpBVGesr3vZVe68imE
VLbj5od2hbAmnE0QhlNYx2CyyNhYLj2le5ts2vD1/0r+dABWKV54aSyfr6eHAiW7
8V2GR42XOyaFzPmj4csFft0fxGYC5ozRKp1Y+E9DfFE+NAV3sL08Z2U+K9+8IVEa
+yb+kIEZA+Vf5EOsCW+iaxLckqw2rx2aRbjyC+qK4AXvpMivyw3uvq6GYB7k+FFJ
CDXfaPVauY3f7dBRbkVKCNsK21ZpfQhX9txg+tXcM0lS1deYb/NQt0wQUgdD9VzN
k/dmPmmAPrg5y8zoHABjdUTgQYyIV3Ul9BFC9UsjVD458MnRkUA0xIzmlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH3Dma7EHTQGTT487levqZzijcBCMB8GA1UdIwQY
MBaAFCfYZAwwUQd2amRvv47IHbRc4fJJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjloa0REQlJCM1pxWkctX2pzZ2R0RnpoOGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ODE3NWEtMTJjOC00NTkwLTgyZTAt
M2M2Zjg4YzkxNGIxLzEvZmNPWnJzUWROQVpOUGp6dVY2LXBuT0tOd0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ODE3NWEtMTJjOC00NTkwLTgyZTAtM2M2Zjg4YzkxNGIx
LzEvSjloa0REQlJCM1pxWkctX2pzZ2R0RnpoOGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgwQwDAN
BgkqhkiG9w0BAQsFAAOCAQEAolZpYRd/QJytzlGX1bWwODmBIVZopYi+nnQwMdiE
y7VTumBeGvuh2VyzOjRQteKjeXHTZdcv6EPYwNsjZoglHnomkEfd0npOduJiiP3U
CdhF+mZodhTS53eNPEBxFojQ0/Skp1urysQQWh4YvGDH74uF8hfQo1VrfUDUhMcD
ZsbSVYjIEoSrpCVYrd87LeR4pKsg7c+glStDvBovig2DPdXlfl6KKPFUIf7dExVm
Q9ReEynk33m+TV48gJqFBakZsC0/mdNXSzfkJRPcVSosprQsj7jL6RH+6UwFtVs7
Xbu2dPRjjG6AAZVNWebe71UzrsO/s5ILUUhpEZvrPQkgwA==
-----END CERTIFICATE-----