Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8bfcc2-5def-44aa-87c1-2bbf46884585/1/T8FAThV2C3aIs21aHUKh-w1NyVM.roa
File:                     T8FAThV2C3aIs21aHUKh-w1NyVM.roa (raw, json)
Hash identifier:          u7jjAWmRVkA7M7FoDiYOrvN8S2LbBdnWy5ryoekR2bs=
Subject key identifier:   4F:C1:40:4E:15:76:0B:76:88:B3:6D:5A:1D:42:A1:FB:0D:4D:C9:53
Certificate issuer:       /CN=88ebaa2f1769a3ddf65f873dc31f351ef078ad25
Certificate serial:       018CC492F777A4FD30E5C78DEE66A176118B
Authority key identifier: 88:EB:AA:2F:17:69:A3:DD:F6:5F:87:3D:C3:1F:35:1E:F0:78:AD:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOuqLxdpo932X4c9wx81HvB4rSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8bfcc2-5def-44aa-87c1-2bbf46884585/1/T8FAThV2C3aIs21aHUKh-w1NyVM.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209431
IP address blocks:        2a06:a7c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8bfcc2-5def-44aa-87c1-2bbf46884585/1/iOuqLxdpo932X4c9wx81HvB4rSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8bfcc2-5def-44aa-87c1-2bbf46884585/1/iOuqLxdpo932X4c9wx81HvB4rSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOuqLxdpo932X4c9wx81HvB4rSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f7:77:a4:fd:30:e5:c7:8d:ee:66:a1:76:11:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ebaa2f1769a3ddf65f873dc31f351ef078ad25
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fc1404e15760b7688b36d5a1d42a1fb0d4dc953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:49:e9:72:79:48:3a:dd:67:b2:25:fc:28:7c:
                    0b:95:b1:5c:dc:40:3a:df:e4:d5:3e:51:5e:25:44:
                    e8:7b:7e:b4:e2:cb:a2:93:2b:c0:5d:86:b6:76:6b:
                    ce:b2:41:21:42:83:aa:42:10:b8:ee:b5:b4:09:7d:
                    e6:1a:f1:82:a4:85:40:24:32:60:cf:86:9a:6b:28:
                    69:b8:db:d3:91:60:10:aa:bc:7c:52:8e:4a:fe:79:
                    08:b8:2a:c8:85:5d:d1:62:ee:6a:a6:88:fc:1b:30:
                    9d:c9:16:c7:d1:11:57:51:72:8b:6d:91:64:94:7b:
                    7b:8b:c2:c7:9d:31:9c:d1:b1:ca:58:f2:47:98:83:
                    f7:39:3a:c3:c1:d2:3f:b7:7c:c5:20:d2:6c:df:bb:
                    01:60:e4:87:cd:4e:d9:1c:38:4b:80:58:5c:64:a7:
                    6a:64:de:da:ba:14:58:7b:64:44:f2:bd:7f:ff:37:
                    ea:7c:16:d2:f3:5b:13:f7:bd:f4:46:6d:26:9c:5b:
                    79:39:50:fe:d5:7d:78:8f:9b:d9:13:ac:9e:a5:75:
                    5d:47:b5:03:d8:fe:a9:45:7a:24:70:4c:ee:6f:98:
                    4f:f3:8a:1b:f5:1a:9d:3c:13:82:9a:99:d6:69:18:
                    c2:11:11:ef:27:f1:60:45:b0:85:d5:d5:47:cb:ee:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C1:40:4E:15:76:0B:76:88:B3:6D:5A:1D:42:A1:FB:0D:4D:C9:53
            X509v3 Authority Key Identifier:
                keyid:88:EB:AA:2F:17:69:A3:DD:F6:5F:87:3D:C3:1F:35:1E:F0:78:AD:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOuqLxdpo932X4c9wx81HvB4rSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8bfcc2-5def-44aa-87c1-2bbf46884585/1/T8FAThV2C3aIs21aHUKh-w1NyVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8bfcc2-5def-44aa-87c1-2bbf46884585/1/iOuqLxdpo932X4c9wx81HvB4rSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:90:38:d6:3e:2c:e1:df:1c:cd:ac:86:57:30:3c:6d:6d:07:
         be:fa:81:3e:88:71:f2:38:8d:2a:3a:3b:44:67:4e:5e:e2:b8:
         5b:f9:b1:ca:76:61:62:b6:c7:a4:d2:fa:15:f7:4d:58:bc:82:
         fd:7e:5e:4b:1c:d5:22:98:d2:c9:c7:d0:1c:88:ca:7d:d6:42:
         64:65:da:91:6b:c3:03:06:df:44:af:bd:aa:51:95:dc:68:b0:
         94:a7:18:e9:11:e9:de:75:e9:77:40:96:84:43:e7:43:2b:16:
         22:32:16:54:6c:0d:5c:93:13:56:8e:e3:5a:7b:84:c2:d3:8b:
         72:17:5a:f0:73:ac:bf:b1:6a:f7:8d:90:1c:f1:71:64:1b:1a:
         d4:67:59:88:16:f9:37:04:6d:f0:2e:1d:2f:40:af:30:ef:97:
         a3:10:cf:d8:87:71:3f:a9:f4:b6:56:aa:c7:0e:5e:9d:a8:e3:
         e3:73:aa:ff:54:e9:5c:8e:af:9b:77:2b:39:aa:e7:e2:62:4e:
         a2:3c:22:96:1c:85:b8:a9:67:72:1f:28:8f:b6:84:ef:f3:77:
         36:30:58:1c:8f:e3:cc:23:4e:1e:3b:ab:30:8c:38:eb:74:96:
         0a:21:43:b5:50:59:ab:ae:ba:68:45:b8:8f:8c:b0:32:2b:2a:
         7d:3c:78:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkvd3pP0w5ceN7mahdhGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZWJhYTJmMTc2OWEzZGRmNjVmODczZGMzMWYzNTFlZjA3
OGFkMjUwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmMxNDA0ZTE1NzYwYjc2ODhiMzZkNWExZDQyYTFmYjBkNGRjOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEnpcnlIOt1nsiX8KHwLlbFc3EA6
3+TVPlFeJUToe3604suikyvAXYa2dmvOskEhQoOqQhC47rW0CX3mGvGCpIVAJDJg
z4aaayhpuNvTkWAQqrx8Uo5K/nkIuCrIhV3RYu5qpoj8GzCdyRbH0RFXUXKLbZFk
lHt7i8LHnTGc0bHKWPJHmIP3OTrDwdI/t3zFINJs37sBYOSHzU7ZHDhLgFhcZKdq
ZN7auhRYe2RE8r1//zfqfBbS81sT9730Rm0mnFt5OVD+1X14j5vZE6yepXVdR7UD
2P6pRXokcEzub5hP84ob9RqdPBOCmpnWaRjCERHvJ/FgRbCF1dVHy+6G9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE/BQE4Vdgt2iLNtWh1CofsNTclTMB8GA1UdIwQY
MBaAFIjrqi8XaaPd9l+HPcMfNR7weK0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU91cUx4ZHBvOTMyWDRjOXd4ODFIdkI0clNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmZjYzItNWRlZi00NGFhLTg3YzEt
MmJiZjQ2ODg0NTg1LzEvVDhGQVRoVjJDM2FJczIxYUhVS2gtdzFOeVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmZjYzItNWRlZi00NGFhLTg3YzEtMmJiZjQ2ODg0NTg1
LzEvaU91cUx4ZHBvOTMyWDRjOXd4ODFIdkI0clNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKganwDAN
BgkqhkiG9w0BAQsFAAOCAQEAdpA41j4s4d8czayGVzA8bW0HvvqBPohx8jiNKjo7
RGdOXuK4W/mxynZhYrbHpNL6FfdNWLyC/X5eSxzVIpjSycfQHIjKfdZCZGXakWvD
AwbfRK+9qlGV3GiwlKcY6RHp3nXpd0CWhEPnQysWIjIWVGwNXJMTVo7jWnuEwtOL
chda8HOsv7Fq942QHPFxZBsa1GdZiBb5NwRt8C4dL0CvMO+XoxDP2IdxP6n0tlaq
xw5enajj43Oq/1TpXI6vm3crOarn4mJOojwilhyFuKlnch8oj7aE7/N3NjBYHI/j
zCNOHjurMIw463SWCiFDtVBZq666aEW4j4ywMisqfTx4TQ==
-----END CERTIFICATE-----