Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/dSKGXjWcvdK6af4AMTK8TYN-u0s.roa
File:                     dSKGXjWcvdK6af4AMTK8TYN-u0s.roa (raw, json)
Hash identifier:          Ed3NzIZMSn8FAzIzd3nZvtqBrI2VgQPBnmW7zwC7E0g=
Subject key identifier:   75:22:86:5E:35:9C:BD:D2:BA:69:FE:00:31:32:BC:4D:83:7E:BB:4B
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB614C2881BC197E9448D4D669EAEB
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/dSKGXjWcvdK6af4AMTK8TYN-u0s.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213388
IP address blocks:        2a07:22c1:fff0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:4c:28:81:bc:19:7e:94:48:d4:d6:69:ea:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7522865e359cbdd2ba69fe003132bc4d837ebb4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a4:83:e9:a0:16:36:a9:c5:6e:2f:10:1b:2b:
                    6b:f0:bf:bd:2f:21:05:f5:31:79:ee:17:af:54:d8:
                    7c:b8:9f:81:1d:b2:5b:16:9b:09:82:31:e3:23:b7:
                    c3:93:6f:f4:bf:aa:99:67:a8:f1:cb:bc:93:a0:e0:
                    8a:c0:a9:3a:74:50:4f:99:0c:91:43:ef:b5:87:0b:
                    bb:a5:45:bd:c1:ff:d0:34:23:da:eb:b2:2d:ea:5d:
                    a2:da:b1:65:82:13:f7:73:c2:b8:91:3f:2a:40:78:
                    ce:f4:e2:62:29:4f:cf:73:3d:14:ea:2f:45:19:04:
                    7b:24:f6:b4:86:a3:96:c0:a5:d0:5c:69:1e:41:d8:
                    74:48:3b:64:e4:b8:db:57:61:91:d7:76:75:94:82:
                    7c:3b:a5:2a:17:02:1f:da:08:f9:2f:87:21:5a:04:
                    b2:19:ae:79:fd:10:a6:7e:92:92:b9:3d:9f:ed:b2:
                    3f:af:f9:47:b6:ae:5d:19:cf:1b:3b:a4:65:4e:cc:
                    bf:f8:be:d3:5e:08:fd:55:07:7a:2e:ba:77:db:17:
                    ea:88:54:a3:92:a1:da:a0:74:c7:50:a0:07:ac:e6:
                    6a:09:2b:46:93:1b:19:34:04:14:82:54:2f:9d:44:
                    ce:e9:8c:41:51:b8:d9:24:c4:90:e6:f4:23:a8:f9:
                    a3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:22:86:5E:35:9C:BD:D2:BA:69:FE:00:31:32:BC:4D:83:7E:BB:4B
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/dSKGXjWcvdK6af4AMTK8TYN-u0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:fff0::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:ea:61:5a:8b:8e:77:89:bc:d9:36:54:6c:cf:f6:5b:5b:6f:
         a0:a2:fe:3a:eb:00:0d:0a:a8:7f:83:e8:96:7d:0e:33:60:41:
         38:ba:6a:99:3c:52:8c:ac:d6:45:b8:27:73:03:97:bc:f7:90:
         59:81:0b:16:7f:6b:9b:2f:d9:a2:8c:77:c1:9d:ed:96:bc:33:
         1e:cc:91:2d:84:1f:b0:67:9e:d3:f1:0b:f7:f3:82:a2:9d:8d:
         f7:09:e0:33:44:67:00:03:99:5d:03:5d:85:89:d7:ed:28:86:
         c2:bb:1f:dd:d8:a9:8f:17:bc:8f:71:96:d6:5f:08:86:16:b3:
         6d:6d:92:49:2a:7e:36:45:29:eb:06:11:0b:11:8e:d3:6f:b3:
         42:da:ee:70:ec:8f:a2:51:71:dd:c3:f5:58:0b:c4:cc:55:98:
         95:44:b8:88:5a:06:23:ab:6c:95:b5:75:d6:84:b7:22:be:dd:
         d7:a1:ec:f5:00:6d:c9:cb:66:69:61:62:9a:8a:7a:d1:59:ab:
         a6:02:e9:2a:99:6a:a2:69:e6:ac:a4:89:d7:6e:1f:24:f0:ac:
         15:e3:ee:dc:3b:09:c2:c3:8f:3a:99:e5:5a:2f:c6:5b:d8:4a:
         81:9d:b9:cc:45:32:6f:5a:26:f9:94:47:e3:8e:b4:c9:f7:c1:
         c6:4d:1f:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC22FMKIG8GX6USNTWaerrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTIyODY1ZTM1OWNiZGQyYmE2OWZlMDAzMTMyYmM0ZDgzN2ViYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqSD6aAWNqnFbi8QGytr8L+9LyEF
9TF57hevVNh8uJ+BHbJbFpsJgjHjI7fDk2/0v6qZZ6jxy7yToOCKwKk6dFBPmQyR
Q++1hwu7pUW9wf/QNCPa67It6l2i2rFlghP3c8K4kT8qQHjO9OJiKU/Pcz0U6i9F
GQR7JPa0hqOWwKXQXGkeQdh0SDtk5LjbV2GR13Z1lIJ8O6UqFwIf2gj5L4chWgSy
Ga55/RCmfpKSuT2f7bI/r/lHtq5dGc8bO6RlTsy/+L7TXgj9VQd6Lrp32xfqiFSj
kqHaoHTHUKAHrOZqCStGkxsZNAQUglQvnUTO6YxBUbjZJMSQ5vQjqPmjbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHUihl41nL3Sumn+ADEyvE2DfrtLMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvZFNLR1hqV2N2ZEs2YWY0QU1USzhUWU4tdTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgciwf/w
MA0GCSqGSIb3DQEBCwUAA4IBAQAI6mFai453ibzZNlRsz/ZbW2+gov466wANCqh/
g+iWfQ4zYEE4umqZPFKMrNZFuCdzA5e895BZgQsWf2ubL9mijHfBne2WvDMezJEt
hB+wZ57T8Qv384KinY33CeAzRGcAA5ldA12FidftKIbCux/d2KmPF7yPcZbWXwiG
FrNtbZJJKn42RSnrBhELEY7Tb7NC2u5w7I+iUXHdw/VYC8TMVZiVRLiIWgYjq2yV
tXXWhLcivt3Xoez1AG3Jy2ZpYWKainrRWaumAukqmWqiaeaspInXbh8k8KwV4+7c
OwnCw486meVaL8Zb2EqBnbnMRTJvWib5lEfjjrTJ98HGTR8N
-----END CERTIFICATE-----