Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/Zb5iZ2F_spLGo9jyv5ihnbeVoaY.roa
File:                     Zb5iZ2F_spLGo9jyv5ihnbeVoaY.roa (raw, json)
Hash identifier:          E/PGNp4yW/ouBX1KJwxWGwI86SBlEixt4pbPb5rqv0k=
Subject key identifier:   65:BE:62:67:61:7F:B2:92:C6:A3:D8:F2:BF:98:A1:9D:B7:95:A1:A6
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       018CC86F97C3986B4ACFBB64AC3F7D0096BF
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/Zb5iZ2F_spLGo9jyv5ihnbeVoaY.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212025
IP address blocks:        2a0d:2406:11ea::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:97:c3:98:6b:4a:cf:bb:64:ac:3f:7d:00:96:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65be6267617fb292c6a3d8f2bf98a19db795a1a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3d:86:29:04:29:12:bf:36:a4:90:7a:ae:dd:
                    f2:df:3a:f1:42:a0:6c:c6:40:86:11:40:c6:99:f6:
                    bb:6d:97:36:6d:5e:f5:41:4b:b3:db:63:9e:b8:b4:
                    ec:2d:20:0d:32:1b:b1:46:3a:d3:17:cf:d8:a4:26:
                    e7:13:99:6c:0a:a7:3b:d7:22:1a:c5:5d:43:f4:54:
                    54:12:98:2a:a0:35:fc:0b:b3:61:02:d1:08:6e:be:
                    c4:19:97:9e:13:2a:a7:5b:1e:20:3f:7c:15:28:54:
                    6d:1a:2e:24:a6:75:1a:38:36:b0:02:d0:be:05:f5:
                    82:19:5b:03:78:d3:94:24:0e:c3:71:d4:0c:94:79:
                    f8:27:2d:10:b5:74:f2:67:50:24:34:3b:12:5e:77:
                    b0:94:38:7a:13:e4:6f:82:7e:bb:91:92:b6:48:9d:
                    60:64:18:45:1d:cb:33:5f:59:e3:72:39:2a:36:93:
                    6f:66:02:42:2a:f7:a4:84:e1:d9:7b:79:fc:7e:79:
                    64:cb:5b:78:d2:86:16:31:49:4a:60:e2:73:e6:dc:
                    64:b9:df:e5:fb:1e:ea:96:2e:fd:97:b6:08:06:13:
                    fd:f9:65:b2:b1:b1:29:11:24:92:c2:78:86:57:8a:
                    3e:a1:1e:54:81:ba:77:54:36:0f:6a:2b:94:c8:d4:
                    b8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BE:62:67:61:7F:B2:92:C6:A3:D8:F2:BF:98:A1:9D:B7:95:A1:A6
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/Zb5iZ2F_spLGo9jyv5ihnbeVoaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2406:11ea::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:4d:ce:4b:9d:bd:cb:f5:2e:44:f7:0a:72:2a:81:cf:6e:ba:
         37:b1:98:b9:40:5d:b5:88:92:07:58:24:cf:ce:76:0e:48:b8:
         38:5d:d3:55:29:3c:30:68:10:18:80:51:f2:14:df:01:b0:0b:
         6f:d0:98:5f:6b:0a:2c:5a:29:56:63:30:f8:3b:58:7e:20:f1:
         c6:0e:5a:59:63:aa:36:11:01:25:f0:bd:43:3f:ca:2a:41:b4:
         d6:92:20:2a:af:9a:c8:d1:0e:5c:96:83:fa:6d:cd:aa:2b:72:
         f6:be:bc:dd:91:88:72:30:28:fe:b2:79:6e:ae:9b:ca:ee:66:
         fa:25:b8:41:bc:9a:87:df:b5:7f:c8:93:b0:98:a0:3a:e8:3c:
         2b:18:35:b3:f8:ff:22:c8:5d:4a:05:42:51:22:22:48:31:c4:
         b6:62:a3:ef:c3:ec:38:b7:ee:86:9a:49:22:1e:d0:f8:90:fd:
         ef:fe:ce:a7:4e:51:4a:2c:54:b9:08:f0:cb:e9:94:40:d3:00:
         6c:8b:29:b9:38:9e:e5:37:c0:08:71:30:b3:0b:89:f6:53:97:
         eb:dc:a9:25:ef:12:2e:c1:19:19:fe:e1:8d:51:57:54:79:66:
         7c:6b:6d:97:90:57:51:a7:94:cd:aa:23:e7:61:20:26:5e:4f:
         4b:be:44:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb5fDmGtKz7tkrD99AJa/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWJlNjI2NzYxN2ZiMjkyYzZhM2Q4ZjJiZjk4YTE5ZGI3OTVhMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD2GKQQpEr82pJB6rt3y3zrxQqBs
xkCGEUDGmfa7bZc2bV71QUuz22OeuLTsLSANMhuxRjrTF8/YpCbnE5lsCqc71yIa
xV1D9FRUEpgqoDX8C7NhAtEIbr7EGZeeEyqnWx4gP3wVKFRtGi4kpnUaODawAtC+
BfWCGVsDeNOUJA7DcdQMlHn4Jy0QtXTyZ1AkNDsSXnewlDh6E+Rvgn67kZK2SJ1g
ZBhFHcszX1njcjkqNpNvZgJCKvekhOHZe3n8fnlky1t40oYWMUlKYOJz5txkud/l
+x7qli79l7YIBhP9+WWysbEpESSSwniGV4o+oR5Ugbp3VDYPaiuUyNS4bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGW+Ymdhf7KSxqPY8r+YoZ23laGmMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvWmI1aVoyRl9zcExHbzlqeXY1aWhuYmVWb2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0kBhHq
MA0GCSqGSIb3DQEBCwUAA4IBAQAPTc5Lnb3L9S5E9wpyKoHPbro3sZi5QF21iJIH
WCTPznYOSLg4XdNVKTwwaBAYgFHyFN8BsAtv0JhfawosWilWYzD4O1h+IPHGDlpZ
Y6o2EQEl8L1DP8oqQbTWkiAqr5rI0Q5cloP6bc2qK3L2vrzdkYhyMCj+snlurpvK
7mb6JbhBvJqH37V/yJOwmKA66DwrGDWz+P8iyF1KBUJRIiJIMcS2YqPvw+w4t+6G
mkkiHtD4kP3v/s6nTlFKLFS5CPDL6ZRA0wBsiym5OJ7lN8AIcTCzC4n2U5fr3Kkl
7xIuwRkZ/uGNUVdUeWZ8a22XkFdRp5TNqiPnYSAmXk9LvkSR
-----END CERTIFICATE-----