Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/0FCf-SIwjyhfDHFXQ2CC02ZN9jU.roa
File:                     0FCf-SIwjyhfDHFXQ2CC02ZN9jU.roa (raw, json)
Hash identifier:          oJaiEVA9lbMqA554Uf4vTyDqfJFpHVepd5tKojeryZs=
Subject key identifier:   D0:50:9F:F9:22:30:8F:28:5F:0C:71:57:43:60:82:D3:66:4D:F6:35
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D009279D7312D2D4DC7EC436D37AF
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/0FCf-SIwjyhfDHFXQ2CC02ZN9jU.roa
Signing time:             Tue 02 Jan 2024 08:31:56 +0000
ROA not before:           Tue 02 Jan 2024 08:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150249
IP address blocks:        2a0a:280:2a00::/40 maxlen: 48
                          2a0a:280:2e00::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:00:92:79:d7:31:2d:2d:4d:c7:ec:43:6d:37:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0509ff922308f285f0c7157436082d3664df635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:47:5d:d7:da:90:aa:ab:1d:6a:71:df:c5:12:
                    7e:a2:79:c5:86:b9:8a:16:67:98:50:6a:d3:20:d3:
                    48:0a:81:03:fc:17:aa:1f:54:6c:bd:2d:a1:ff:2a:
                    a6:e8:7c:79:be:84:38:ae:60:9e:26:82:58:93:39:
                    84:56:b2:d0:18:21:9f:ea:78:fc:26:87:7b:21:55:
                    77:3c:eb:fe:a4:df:08:7c:f1:3e:23:97:4b:1d:eb:
                    b6:59:05:bb:b7:6a:6e:68:71:3f:71:16:c1:98:0a:
                    5c:ac:75:2f:33:69:6f:ab:3e:54:71:05:e2:e7:23:
                    e4:27:5e:ab:24:b5:bd:4f:f7:25:a1:33:ff:63:0e:
                    9f:09:bd:61:ad:59:00:0b:9b:46:15:07:80:c2:60:
                    01:87:93:98:8a:41:9e:ee:b0:41:57:a6:d3:00:01:
                    a7:fc:3a:80:39:cc:fb:c5:fd:19:22:6c:ac:20:a8:
                    80:c2:ea:89:20:f3:8c:12:a1:1a:e5:2b:ee:91:7f:
                    d3:61:2e:b5:b7:f6:9c:4b:d9:3d:1e:33:db:57:b5:
                    80:00:9e:38:28:f2:38:4c:ad:fa:b2:2c:02:fe:27:
                    0a:62:4e:68:14:81:7e:f5:4a:f7:68:68:5a:9d:a6:
                    aa:9b:dd:87:77:21:51:25:c8:b5:8f:44:c6:93:d3:
                    14:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:50:9F:F9:22:30:8F:28:5F:0C:71:57:43:60:82:D3:66:4D:F6:35
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/0FCf-SIwjyhfDHFXQ2CC02ZN9jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2a00::/40
                  2a0a:280:2e00::/39

    Signature Algorithm: sha256WithRSAEncryption
         67:2c:a6:4d:50:dd:3a:23:39:6d:40:0d:cb:8a:08:7b:aa:0e:
         3e:33:8b:5a:9f:56:83:5a:d9:b4:62:04:d8:ab:71:1c:d3:33:
         8d:30:02:ca:df:2f:3f:47:ba:dd:30:51:dc:bd:eb:ca:8b:e0:
         05:d9:c2:80:96:e2:22:6e:01:33:ca:3d:43:19:dd:32:67:f9:
         a1:92:9d:3d:fe:69:86:a1:7e:84:ff:7a:8e:c2:b2:07:36:55:
         57:90:e6:67:2b:01:22:89:dc:1c:0a:6f:a1:8f:75:5b:69:0a:
         b8:cc:1e:ba:2e:69:a6:bd:2e:12:cc:b1:09:57:12:9d:e9:f3:
         0e:5b:3e:7f:33:72:b6:a5:c7:1d:3d:a1:94:b1:5d:98:59:51:
         f6:1b:7f:2c:b1:8e:8c:43:71:01:2d:b8:76:1d:b4:41:40:11:
         51:61:3b:7c:c7:a9:d2:2b:31:ae:1b:80:c4:f0:7a:65:6e:b0:
         3c:63:cf:58:a2:c0:8b:ec:84:a5:78:13:48:30:fb:a3:5d:1e:
         7f:1e:ee:9e:11:f3:0b:73:7e:fe:3a:14:fb:aa:25:bf:d2:d8:
         5f:ac:80:4f:ad:b0:e3:1c:8d:dc:53:16:11:9f:a3:d4:c3:03:
         fe:da:4b:f9:14:cb:72:6b:f5:a1:2d:78:c1:36:94:94:1f:bf:
         9d:13:0a:e7
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzJTQCSedcxLS1Nx+xDbTevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDUwOWZmOTIyMzA4ZjI4NWYwYzcxNTc0MzYwODJkMzY2NGRmNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUdd19qQqqsdanHfxRJ+onnFhrmK
FmeYUGrTINNICoED/BeqH1RsvS2h/yqm6Hx5voQ4rmCeJoJYkzmEVrLQGCGf6nj8
Jod7IVV3POv+pN8IfPE+I5dLHeu2WQW7t2puaHE/cRbBmApcrHUvM2lvqz5UcQXi
5yPkJ16rJLW9T/cloTP/Yw6fCb1hrVkAC5tGFQeAwmABh5OYikGe7rBBV6bTAAGn
/DqAOcz7xf0ZImysIKiAwuqJIPOMEqEa5SvukX/TYS61t/acS9k9HjPbV7WAAJ44
KPI4TK36siwC/icKYk5oFIF+9Ur3aGhanaaqm92HdyFRJci1j0TGk9MU8QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFNBQn/kiMI8oXwxxV0NggtNmTfY1MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvMEZDZi1TSXdqeWhmREhGWFEyQ0MwMlpOOWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgoCgCoD
BgEqCgKALjANBgkqhkiG9w0BAQsFAAOCAQEAZyymTVDdOiM5bUANy4oIe6oOPjOL
Wp9Wg1rZtGIE2KtxHNMzjTACyt8vP0e63TBR3L3ryovgBdnCgJbiIm4BM8o9Qxnd
Mmf5oZKdPf5phqF+hP96jsKyBzZVV5DmZysBIoncHApvoY91W2kKuMweui5ppr0u
EsyxCVcSnenzDls+fzNytqXHHT2hlLFdmFlR9ht/LLGOjENxAS24dh20QUARUWE7
fMep0isxrhuAxPB6ZW6wPGPPWKLAi+yEpXgTSDD7o10efx7unhHzC3N+/joU+6ol
v9LYX6yAT62w4xyN3FMWEZ+j1MMD/tpL+RTLcmv1oS14wTaUlB+/nRMK5w==
-----END CERTIFICATE-----