Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/vZHFhIaZCEkZwYylPh9pBWCedbM.roa
File:                     vZHFhIaZCEkZwYylPh9pBWCedbM.roa (raw, json)
Hash identifier:          PFlsx86ehYKUMA6fSJe1wqKv3SeOZdsbRcfAmNYLmVA=
Subject key identifier:   BD:91:C5:84:86:99:08:49:19:C1:8C:A5:3E:1F:69:05:60:9E:75:B3
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       018CC795591A48AE464CAA447A24B98BE644
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/vZHFhIaZCEkZwYylPh9pBWCedbM.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210951
IP address blocks:        2a04:ff00:700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:59:1a:48:ae:46:4c:aa:44:7a:24:b9:8b:e6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd91c5848699084919c18ca53e1f6905609e75b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:be:8a:ad:00:ac:3f:f9:cd:ad:87:84:72:41:
                    91:f2:81:3e:ea:df:bd:fc:65:04:aa:f7:6b:1b:44:
                    5f:32:d5:a1:69:19:e3:b6:21:4f:0c:ff:4d:ce:7e:
                    66:c6:91:f4:6f:17:0e:38:ec:bb:1f:25:95:d9:47:
                    b8:ca:7c:17:f1:f6:96:15:15:11:d3:b7:d6:05:ca:
                    15:ae:fd:10:9e:aa:19:f4:8d:9f:b5:20:2c:c0:26:
                    1d:da:58:d0:79:29:05:5a:87:10:95:8d:6d:dc:1b:
                    6f:7e:fa:8e:c0:29:a8:d9:56:b1:96:09:ed:5d:90:
                    b9:e3:23:26:14:f0:64:d9:63:14:73:a9:be:12:86:
                    7b:eb:cb:c6:87:dc:85:2b:73:b9:d6:ec:34:49:aa:
                    05:bb:77:9b:95:0f:44:cf:e6:09:7e:2c:73:0f:5a:
                    c2:78:80:17:c3:11:cf:8f:ba:28:1b:96:2e:d1:4f:
                    a9:be:d4:0e:08:8a:b9:91:04:43:ac:0e:e6:95:a8:
                    b6:32:98:76:70:af:cc:14:55:2f:5f:d2:43:44:80:
                    71:56:00:44:c7:14:5d:53:c4:b3:6c:48:6a:fe:6c:
                    40:6c:96:42:85:77:98:0c:cc:7f:e3:3a:07:ea:d5:
                    c3:b6:87:53:83:72:48:7c:04:79:58:1d:05:20:ca:
                    71:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:91:C5:84:86:99:08:49:19:C1:8C:A5:3E:1F:69:05:60:9E:75:B3
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/vZHFhIaZCEkZwYylPh9pBWCedbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         02:57:79:35:5d:56:db:52:f8:b2:c9:8c:b1:83:d4:61:21:9d:
         9f:2d:89:f9:92:75:5c:9d:74:d8:21:25:66:83:8b:a6:e9:f3:
         e6:9f:4b:25:2b:86:0f:61:52:b7:8b:69:97:94:1e:d8:20:09:
         0a:c4:9b:40:09:76:d5:00:c8:3e:d5:7d:80:a2:cd:05:80:bb:
         83:7a:2f:1f:71:e6:1a:ef:06:b6:b9:3a:80:d4:e4:69:fd:5e:
         bf:90:e8:8b:35:52:8d:7f:93:be:63:60:7f:13:16:dd:d5:d4:
         8e:7e:a1:fd:5e:f3:42:1b:9e:53:ba:1d:dc:24:b6:52:a0:0a:
         f2:8d:30:2b:c3:ad:a4:b4:2b:e6:06:06:93:e0:4f:b9:4a:ee:
         f1:92:01:0e:59:5d:e9:fd:ee:79:fe:00:7f:bb:3b:85:53:ff:
         0f:75:9f:bc:6f:bf:fd:7c:8c:7a:b9:ca:16:98:e3:4c:16:af:
         4c:38:d5:f8:01:f5:d0:1c:30:f4:c0:07:91:29:4c:95:9d:a0:
         0a:9e:1d:5d:f6:ed:ab:3b:54:df:ce:e4:33:9c:5d:be:a1:6e:
         59:79:d8:51:05:dd:17:e7:37:63:5e:0d:cf:58:40:0d:10:4c:
         8b:d0:ed:86:28:d0:c7:75:d6:9d:7f:85:9a:0c:ad:c6:ff:a4:
         b1:b0:f3:29
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVkaSK5GTKpEeiS5i+ZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDkxYzU4NDg2OTkwODQ5MTljMThjYTUzZTFmNjkwNTYwOWU3NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt76KrQCsP/nNrYeEckGR8oE+6t+9
/GUEqvdrG0RfMtWhaRnjtiFPDP9Nzn5mxpH0bxcOOOy7HyWV2Ue4ynwX8faWFRUR
07fWBcoVrv0QnqoZ9I2ftSAswCYd2ljQeSkFWocQlY1t3BtvfvqOwCmo2Vaxlgnt
XZC54yMmFPBk2WMUc6m+EoZ768vGh9yFK3O51uw0SaoFu3eblQ9Ez+YJfixzD1rC
eIAXwxHPj7ooG5Yu0U+pvtQOCIq5kQRDrA7mlai2Mph2cK/MFFUvX9JDRIBxVgBE
xxRdU8SzbEhq/mxAbJZChXeYDMx/4zoH6tXDtodTg3JIfAR5WB0FIMpxkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL2RxYSGmQhJGcGMpT4faQVgnnWzMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvdlpIRmhJYVpDRWtad1l5bFBoOXBCV0NlZGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgT/AAcw
DQYJKoZIhvcNAQELBQADggEBAAJXeTVdVttS+LLJjLGD1GEhnZ8tifmSdVyddNgh
JWaDi6bp8+afSyUrhg9hUreLaZeUHtggCQrEm0AJdtUAyD7VfYCizQWAu4N6Lx9x
5hrvBra5OoDU5Gn9Xr+Q6Is1Uo1/k75jYH8TFt3V1I5+of1e80IbnlO6HdwktlKg
CvKNMCvDraS0K+YGBpPgT7lK7vGSAQ5ZXen97nn+AH+7O4VT/w91n7xvv/18jHq5
yhaY40wWr0w41fgB9dAcMPTAB5EpTJWdoAqeHV327as7VN/O5DOcXb6hbll52FEF
3RfnN2NeDc9YQA0QTIvQ7YYo0Md11p1/hZoMrcb/pLGw8yk=
-----END CERTIFICATE-----