Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/TR7Lfe9EIldCywvzm10EkRJwmBg.roa
File:                     TR7Lfe9EIldCywvzm10EkRJwmBg.roa (raw, json)
Hash identifier:          vx+d21f2ENm4TogU8IhlCECITu67YSg5fHdHLXGFAo4=
Subject key identifier:   4D:1E:CB:7D:EF:44:22:57:42:CB:0B:F3:9B:5D:04:91:12:70:98:18
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       018CCA99F7B69CFC2119BBB1F064C4294700
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/TR7Lfe9EIldCywvzm10EkRJwmBg.roa
Signing time:             Tue 02 Jan 2024 14:35:37 +0000
ROA not before:           Tue 02 Jan 2024 14:35:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21334
IP address blocks:        2a01:870::/32 maxlen: 32
                          2a01:8f8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:f7:b6:9c:fc:21:19:bb:b1:f0:64:c4:29:47:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 14:35:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d1ecb7def44225742cb0bf39b5d049112709818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:95:f1:2f:f5:3f:47:73:e4:9b:19:2a:dd:90:
                    c1:a9:d7:66:fb:ec:ee:63:45:02:9b:75:08:c3:6e:
                    c5:c3:f1:6f:44:8e:9a:b4:d9:21:71:a3:5f:e0:61:
                    01:13:90:5a:b9:11:10:4d:4f:8a:6c:64:e2:0e:e2:
                    c1:d5:8d:ae:b3:16:f8:15:d2:e8:ce:36:36:8e:c8:
                    36:bf:76:56:62:38:c3:50:87:60:63:e8:58:3c:cc:
                    90:11:a8:ae:4b:c3:22:ea:cb:f2:1e:aa:e0:6c:88:
                    fc:57:7b:64:9c:0b:92:11:59:15:38:e2:2b:02:95:
                    c3:82:c5:46:fe:ff:9e:84:6f:cc:d0:59:ac:9d:0d:
                    6b:69:1d:49:58:b7:d2:fe:13:63:00:69:01:4c:86:
                    f7:bb:e3:a7:0c:50:99:60:35:ff:75:57:f6:3e:50:
                    1f:dd:c1:65:6b:f7:bc:3d:df:67:33:58:ef:59:ed:
                    ed:d0:6f:e8:87:bd:b5:1b:b0:f2:27:21:e1:bc:b4:
                    39:f8:22:ed:03:d8:a2:7a:d5:00:91:a1:f1:a3:09:
                    d6:2a:43:4f:fc:61:0c:36:59:fd:c3:25:fd:f7:5c:
                    b7:92:73:7f:62:10:f1:9b:87:3d:de:ef:20:cf:03:
                    60:60:87:3e:5b:e5:6c:92:b8:58:1f:49:a0:61:32:
                    8a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1E:CB:7D:EF:44:22:57:42:CB:0B:F3:9B:5D:04:91:12:70:98:18
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/TR7Lfe9EIldCywvzm10EkRJwmBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:870::/32
                  2a01:8f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:b3:9b:2b:b5:29:1d:05:3b:42:68:33:71:b3:62:e6:43:5c:
         14:d9:47:c4:3d:d7:72:6e:40:2a:31:8d:f0:4b:c1:68:2b:13:
         e8:5a:c2:2b:5b:a2:45:ae:df:ea:7e:18:9b:e0:a7:77:66:02:
         14:66:ab:c6:3f:d3:78:52:e2:a1:88:c8:80:b3:ea:fb:48:d5:
         cf:64:d1:39:2b:2d:20:5e:df:7e:97:c1:f0:9f:b3:09:b7:aa:
         59:eb:96:56:92:37:b1:6e:6f:3c:78:83:38:98:81:1e:f4:ab:
         6b:38:4a:55:20:12:12:da:3c:99:9f:aa:3c:68:ed:2b:30:0e:
         88:14:c2:66:89:9b:ea:5d:5a:59:b3:5a:a2:94:4a:bc:98:57:
         28:bb:eb:d3:d2:1f:2f:34:b0:fe:5a:6e:2d:f6:47:45:ae:ae:
         80:89:d1:fa:c4:89:84:d0:c3:f2:d4:90:81:44:ba:2a:a3:bf:
         34:d6:a3:c0:a8:85:42:f5:3a:da:7a:ae:0e:10:46:64:e3:a1:
         ca:88:0a:24:c8:61:35:80:17:b1:75:76:c8:ce:48:8f:96:5d:
         e0:d4:c8:2e:8b:07:03:bb:df:f5:95:4a:06:31:6e:68:96:2d:
         3f:85:8d:60:92:0d:30:f4:cc:df:8c:02:29:dc:4d:7a:49:47:
         4e:7c:a6:12
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKmfe2nPwhGbux8GTEKUcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjQwMTAyMTQzNTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDFlY2I3ZGVmNDQyMjU3NDJjYjBiZjM5YjVkMDQ5MTEyNzA5ODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpXxL/U/R3Pkmxkq3ZDBqddm++zu
Y0UCm3UIw27Fw/FvRI6atNkhcaNf4GEBE5BauREQTU+KbGTiDuLB1Y2usxb4FdLo
zjY2jsg2v3ZWYjjDUIdgY+hYPMyQEaiuS8Mi6svyHqrgbIj8V3tknAuSEVkVOOIr
ApXDgsVG/v+ehG/M0FmsnQ1raR1JWLfS/hNjAGkBTIb3u+OnDFCZYDX/dVf2PlAf
3cFla/e8Pd9nM1jvWe3t0G/oh721G7DyJyHhvLQ5+CLtA9iietUAkaHxownWKkNP
/GEMNln9wyX991y3knN/YhDxm4c93u8gzwNgYIc+W+VskrhYH0mgYTKKTwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE0ey33vRCJXQssL85tdBJEScJgYMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvVFI3TGZlOUVJbGRDeXd2em0xMEVrUkp3bUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgEIcAMF
ACoBCPgwDQYJKoZIhvcNAQELBQADggEBAH2zmyu1KR0FO0JoM3GzYuZDXBTZR8Q9
13JuQCoxjfBLwWgrE+hawitbokWu3+p+GJvgp3dmAhRmq8Y/03hS4qGIyICz6vtI
1c9k0TkrLSBe336XwfCfswm3qlnrllaSN7Fubzx4gziYgR70q2s4SlUgEhLaPJmf
qjxo7SswDogUwmaJm+pdWlmzWqKUSryYVyi769PSHy80sP5abi32R0WuroCJ0frE
iYTQw/LUkIFEuiqjvzTWo8CohUL1Otp6rg4QRmTjocqICiTIYTWAF7F1dsjOSI+W
XeDUyC6LBwO73/WVSgYxbmiWLT+FjWCSDTD0zN+MAincTXpJR058phI=
-----END CERTIFICATE-----