Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/8PsAneVUe82pOd8D2fld_AoexkI.roa
File:                     8PsAneVUe82pOd8D2fld_AoexkI.roa (raw, json)
Hash identifier:          K13rj9ZwdFNGs8147cwU6UMFSy3hvs23ujkLqGWqeUg=
Subject key identifier:   F0:FB:00:9D:E5:54:7B:CD:A9:39:DF:03:D9:F9:5D:FC:0A:1E:C6:42
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       01918DF9C890DF317B71187D235CB4BE5040
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/8PsAneVUe82pOd8D2fld_AoexkI.roa
Signing time:             Mon 26 Aug 2024 09:17:22 +0000
ROA not before:           Mon 26 Aug 2024 09:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214337
IP address blocks:        2a0d:2406:3c00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8d:f9:c8:90:df:31:7b:71:18:7d:23:5c:b4:be:50:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Aug 26 09:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0fb009de5547bcda939df03d9f95dfc0a1ec642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:af:36:fb:b0:7a:3f:2f:0c:6c:a0:a4:30:dc:
                    e5:d1:31:4f:95:b2:2f:cb:de:ae:74:0f:16:4f:5c:
                    a7:a1:b7:23:0b:58:eb:68:18:52:c8:b2:2c:60:31:
                    27:9f:7c:95:e9:cb:13:88:55:9e:ed:ab:f2:27:29:
                    fe:01:77:24:53:9a:12:2a:91:57:b9:e4:ce:0a:2d:
                    99:b1:7a:77:e7:97:a1:f5:6d:b5:12:98:ca:11:e6:
                    35:13:01:f3:28:99:fe:63:b4:90:f2:26:61:21:00:
                    9f:55:d0:9b:88:bb:ef:c7:a7:ba:84:2e:f4:a9:22:
                    24:9a:ec:32:4c:e1:6f:26:5b:6b:e2:c8:5e:54:09:
                    dc:ba:4e:06:12:d9:ef:72:86:d8:9f:e4:2d:f8:3f:
                    f2:23:4d:30:f4:67:3e:24:33:1f:33:24:c5:1f:36:
                    95:8d:52:93:f1:8f:a2:b7:9e:e7:24:fa:f8:8a:56:
                    6b:65:8b:8b:3b:61:7c:d1:89:f2:ac:bd:38:e2:2d:
                    de:e4:50:47:66:81:3a:8d:72:b4:c6:68:95:79:16:
                    92:a6:dd:19:bb:08:08:de:26:ac:82:88:55:48:a3:
                    f3:8a:11:c1:b3:c3:41:63:52:bb:b1:d0:0e:f2:85:
                    29:33:92:5e:26:85:f6:34:92:01:90:9f:0e:c1:27:
                    6c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:FB:00:9D:E5:54:7B:CD:A9:39:DF:03:D9:F9:5D:FC:0A:1E:C6:42
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/8PsAneVUe82pOd8D2fld_AoexkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2406:3c00::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:7f:9e:49:7a:c4:0d:23:3b:d4:55:16:bd:4c:74:41:40:85:
         e9:4b:d0:52:dd:93:b2:cf:ed:ed:0e:87:94:a8:fb:67:fc:ad:
         88:71:d2:10:9b:b6:55:68:ee:bd:2c:00:81:8a:6a:5f:6b:08:
         60:ce:8a:87:c3:c1:51:b5:6c:33:d6:ee:2e:55:1a:48:ce:81:
         8d:db:12:c7:f5:6d:5a:12:0d:6e:b3:ed:1e:ee:ef:6c:44:d3:
         28:8b:e8:c0:4e:b7:87:5b:73:c4:06:3c:93:d8:ed:be:4c:4c:
         18:16:1a:79:4f:56:ce:23:e3:47:46:fb:d1:3f:d3:41:63:ed:
         6e:9e:00:00:17:87:25:93:8c:e2:08:2b:fc:92:94:4d:30:3f:
         17:5e:82:ae:0a:0a:a6:b6:8f:6b:4f:1e:7b:c1:69:a0:ee:7f:
         4b:d3:30:40:b1:fe:ca:d1:25:1b:3b:26:b7:ad:2f:94:68:8d:
         86:f0:53:78:57:4f:10:5e:4a:34:03:be:4d:b0:55:c3:75:d2:
         b8:16:e2:15:5d:d7:68:5a:c6:49:ba:3e:b7:9e:98:7d:4b:b5:
         9f:fe:96:36:e2:d1:73:ff:2c:40:84:a4:54:20:84:3c:bd:64:
         b1:8a:0a:e0:0c:0b:4e:ef:65:eb:32:e8:f3:6a:1d:e1:0f:28:
         dd:04:1d:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGN+ciQ3zF7cRh9I1y0vlBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjQwODI2MDkxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGZiMDA5ZGU1NTQ3YmNkYTkzOWRmMDNkOWY5NWRmYzBhMWVjNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa82+7B6Py8MbKCkMNzl0TFPlbIv
y96udA8WT1ynobcjC1jraBhSyLIsYDEnn3yV6csTiFWe7avyJyn+AXckU5oSKpFX
ueTOCi2ZsXp355eh9W21EpjKEeY1EwHzKJn+Y7SQ8iZhIQCfVdCbiLvvx6e6hC70
qSIkmuwyTOFvJltr4sheVAncuk4GEtnvcobYn+Qt+D/yI00w9Gc+JDMfMyTFHzaV
jVKT8Y+it57nJPr4ilZrZYuLO2F80YnyrL044i3e5FBHZoE6jXK0xmiVeRaSpt0Z
uwgI3iasgohVSKPzihHBs8NBY1K7sdAO8oUpM5JeJoX2NJIBkJ8OwSdsjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPD7AJ3lVHvNqTnfA9n5XfwKHsZCMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvOFBzQW5lVlVlODJwT2Q4RDJmbGRfQW9leGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0kBjwA
MA0GCSqGSIb3DQEBCwUAA4IBAQAcf55JesQNIzvUVRa9THRBQIXpS9BS3ZOyz+3t
DoeUqPtn/K2IcdIQm7ZVaO69LACBimpfawhgzoqHw8FRtWwz1u4uVRpIzoGN2xLH
9W1aEg1us+0e7u9sRNMoi+jATreHW3PEBjyT2O2+TEwYFhp5T1bOI+NHRvvRP9NB
Y+1ungAAF4clk4ziCCv8kpRNMD8XXoKuCgqmto9rTx57wWmg7n9L0zBAsf7K0SUb
Oya3rS+UaI2G8FN4V08QXko0A75NsFXDddK4FuIVXddoWsZJuj63nph9S7Wf/pY2
4tFz/yxAhKRUIIQ8vWSxigrgDAtO72XrMujzah3hDyjdBB0S
-----END CERTIFICATE-----