Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/_XkhiMZJyk0DR_XTK8B2JDtWjcs.roa
File:                     _XkhiMZJyk0DR_XTK8B2JDtWjcs.roa (raw, json)
Hash identifier:          Owp7dOiZ1WljEXhbdQC7ZZOzszoyZi+5K1U22LJmSrE=
Subject key identifier:   FD:79:21:88:C6:49:CA:4D:03:47:F5:D3:2B:C0:76:24:3B:56:8D:CB
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5D65A641536782A586B5B9973357
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/_XkhiMZJyk0DR_XTK8B2JDtWjcs.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207649
IP address blocks:        2a07:22c1:c002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5d:65:a6:41:53:67:82:a5:86:b5:b9:97:33:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd792188c649ca4d0347f5d32bc076243b568dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d2:ad:80:16:dd:f7:81:0e:88:52:17:dd:e8:
                    77:9f:e2:8b:c5:e3:f0:0d:22:02:30:c9:72:a5:61:
                    34:74:51:e6:52:26:a3:58:cc:f7:37:92:36:b0:cc:
                    36:ee:ac:65:0e:71:17:d6:7f:79:3c:d9:15:e0:6a:
                    b8:a7:ba:8b:00:71:28:46:c0:c9:2a:19:61:10:c9:
                    05:45:b2:c4:3d:e1:c8:d4:99:2d:57:a7:3a:fc:b3:
                    ce:68:09:7f:26:1a:d7:43:dc:d3:73:30:3b:13:21:
                    b6:91:6e:f9:da:b4:75:d9:19:d6:f0:bd:f1:92:66:
                    11:0f:43:0a:14:72:91:6c:1b:06:e6:3e:a9:4a:c8:
                    44:68:56:c7:38:29:05:0c:28:b3:41:1f:af:00:10:
                    7b:f4:52:87:8a:bf:68:be:e3:7d:5a:bd:96:09:66:
                    d8:ba:04:2a:07:01:b3:2c:d2:16:89:c7:4f:31:9b:
                    51:40:de:e7:7f:04:68:e1:d0:b4:e4:57:60:43:77:
                    02:b5:46:4b:bf:5f:3f:76:2f:6e:8f:6f:09:95:8e:
                    a8:59:4f:c2:0c:97:a6:dd:3d:48:2f:9d:5d:ac:55:
                    9a:1c:fc:5c:fb:d4:2d:ea:67:14:58:72:b5:dd:2d:
                    37:3c:00:b6:f8:ac:63:81:ed:c1:c1:45:00:0b:50:
                    54:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:79:21:88:C6:49:CA:4D:03:47:F5:D3:2B:C0:76:24:3B:56:8D:CB
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/_XkhiMZJyk0DR_XTK8B2JDtWjcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:c002::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:c7:c7:5f:11:a7:64:73:e1:27:6e:1b:32:bb:c1:5e:d5:00:
         6b:5f:c5:2e:ba:ae:e0:98:80:da:81:65:e6:49:61:5d:36:9f:
         3c:bd:18:3c:6a:36:2f:b6:9b:8c:88:e9:eb:6a:65:6a:9e:40:
         94:29:ef:51:2e:19:59:d7:d2:99:4d:f1:0a:20:ef:e7:86:80:
         50:51:b5:44:c7:19:bc:43:ea:af:bd:9f:9f:a3:fb:9d:7a:11:
         b0:1a:9b:7a:b5:ae:cb:e0:21:1c:66:c3:c1:f2:65:d7:aa:6b:
         97:68:06:04:da:71:01:4e:05:ce:f6:80:d3:ab:02:14:8b:c3:
         71:12:81:76:39:01:c3:2d:be:f1:80:a2:5c:e9:ab:68:c6:f2:
         40:1e:2e:bc:bd:cd:7d:bb:f5:3b:a9:05:9e:a2:25:07:49:4d:
         5e:ca:1a:50:f6:c2:46:86:ee:80:49:ec:5a:f1:97:47:ea:18:
         f2:2c:55:4c:b7:db:56:e4:fa:72:a1:0d:94:3c:91:dd:67:59:
         8c:28:98:2a:18:b6:39:d8:1f:37:1d:02:6e:9f:05:62:2e:e6:
         c7:21:b3:8f:26:bd:9d:01:a4:cb:7e:f2:a6:3d:c4:dc:15:df:
         e6:d7:8c:bd:d1:dd:66:dc:ea:8e:d1:cb:fa:28:16:c5:74:c7:
         20:d1:a0:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC211lpkFTZ4KlhrW5lzNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDc5MjE4OGM2NDljYTRkMDM0N2Y1ZDMyYmMwNzYyNDNiNTY4ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNKtgBbd94EOiFIX3eh3n+KLxePw
DSICMMlypWE0dFHmUiajWMz3N5I2sMw27qxlDnEX1n95PNkV4Gq4p7qLAHEoRsDJ
KhlhEMkFRbLEPeHI1JktV6c6/LPOaAl/JhrXQ9zTczA7EyG2kW752rR12RnW8L3x
kmYRD0MKFHKRbBsG5j6pSshEaFbHOCkFDCizQR+vABB79FKHir9ovuN9Wr2WCWbY
ugQqBwGzLNIWicdPMZtRQN7nfwRo4dC05FdgQ3cCtUZLv18/di9uj28JlY6oWU/C
DJem3T1IL51drFWaHPxc+9Qt6mcUWHK13S03PAC2+Kxjge3BwUUAC1BUnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP15IYjGScpNA0f10yvAdiQ7Vo3LMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvX1hraGlNWkp5azBEUl9YVEs4QjJKRHRXamNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwcAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCOx8dfEadkc+Enbhsyu8Fe1QBrX8Uuuq7gmIDa
gWXmSWFdNp88vRg8ajYvtpuMiOnramVqnkCUKe9RLhlZ19KZTfEKIO/nhoBQUbVE
xxm8Q+qvvZ+fo/udehGwGpt6ta7L4CEcZsPB8mXXqmuXaAYE2nEBTgXO9oDTqwIU
i8NxEoF2OQHDLb7xgKJc6atoxvJAHi68vc19u/U7qQWeoiUHSU1eyhpQ9sJGhu6A
Sexa8ZdH6hjyLFVMt9tW5PpyoQ2UPJHdZ1mMKJgqGLY52B83HQJunwViLubHIbOP
Jr2dAaTLfvKmPcTcFd/m14y90d1m3OqO0cv6KBbFdMcg0aB/
-----END CERTIFICATE-----