Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/zTrMA_HibrtAOMog3FQnjc7EFeI.roa
File:                     zTrMA_HibrtAOMog3FQnjc7EFeI.roa (raw, json)
Hash identifier:          zYFMKXSotT5QD/FkE89lTH6d2PyqTdpEOMJRR65qN6s=
Subject key identifier:   CD:3A:CC:03:F1:E2:6E:BB:40:38:CA:20:DC:54:27:8D:CE:C4:15:E2
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB6083037B2E36B3EF494CA3752D2B
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/zTrMA_HibrtAOMog3FQnjc7EFeI.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213034
IP address blocks:        2a07:22c0:8003::/48 maxlen: 48
                          2a07:22c0:8002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:60:83:03:7b:2e:36:b3:ef:49:4c:a3:75:2d:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd3acc03f1e26ebb4038ca20dc54278dcec415e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d0:3c:91:a1:bd:78:ee:af:76:50:7f:e1:cd:
                    3e:b2:8e:5c:f3:60:83:0f:ea:92:e8:62:12:5a:98:
                    b0:84:30:75:4e:1c:2a:84:b1:00:c6:66:36:5c:1f:
                    a7:f9:3a:08:ae:8c:93:9f:4c:77:2a:67:b8:60:90:
                    d2:64:bf:97:cd:a9:0f:03:ef:33:3b:fc:ee:44:d7:
                    7b:84:93:da:4a:1d:02:28:03:f0:eb:6f:07:99:4f:
                    99:26:1c:90:38:65:4b:69:16:ed:2a:c3:b9:5f:78:
                    70:13:6c:c5:02:b0:27:1b:4c:98:88:9d:c5:e0:d1:
                    0e:3b:88:06:9a:b2:45:d5:33:07:66:2d:ab:82:ce:
                    e4:45:1f:3d:19:df:84:04:fc:0f:ae:0a:87:3c:1d:
                    7e:0e:a6:8d:79:ea:64:3c:23:01:e7:99:f8:1c:16:
                    9b:de:3d:29:95:fa:ef:39:3f:c0:49:88:78:a2:54:
                    64:6c:18:ae:dd:98:ab:ab:e0:b2:ec:bb:35:4d:32:
                    50:41:93:1d:2c:3d:bd:31:75:ee:e1:89:85:d4:a1:
                    59:93:f4:f6:98:70:c2:62:85:d4:1a:f3:99:6a:6c:
                    20:f6:37:ff:27:01:90:f6:e9:fb:1b:15:96:52:8d:
                    ce:ff:06:9d:8d:dc:51:fd:79:97:41:8e:fd:3e:35:
                    a1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:3A:CC:03:F1:E2:6E:BB:40:38:CA:20:DC:54:27:8D:CE:C4:15:E2
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/zTrMA_HibrtAOMog3FQnjc7EFeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c0:8002::/47

    Signature Algorithm: sha256WithRSAEncryption
         a1:90:7e:90:2c:d8:e2:bd:97:b2:01:9b:bc:75:f1:a4:03:6e:
         07:0d:0d:5c:aa:44:36:2b:f0:ef:63:33:1a:e7:85:69:18:7f:
         6a:79:b6:12:7b:8f:6a:27:81:e1:66:77:4a:22:9c:64:eb:97:
         04:62:73:67:8d:d9:f2:16:52:cb:42:ef:47:44:69:db:65:40:
         ca:aa:24:f0:d8:ef:cc:4b:1c:da:49:d4:16:fc:14:89:e2:41:
         d0:99:f8:fe:87:f4:55:02:64:c2:94:53:d1:67:9d:37:df:e3:
         58:1b:77:dc:2c:11:fa:fe:96:12:77:0d:d8:a1:a0:c8:19:b2:
         a5:36:dd:0f:2a:34:7a:21:f0:05:e5:87:56:0e:8d:f9:fd:a2:
         cc:f4:27:c1:db:17:0a:59:3c:3f:44:41:ba:6f:4a:a6:a5:58:
         17:39:c3:ef:a0:0f:8d:14:f6:a9:af:48:15:2e:0a:5f:0e:3e:
         9e:27:ca:34:06:2e:62:60:1a:aa:59:0e:40:2c:1d:1d:b4:ba:
         ff:b8:e5:f7:d7:60:cc:e2:d9:08:df:b6:56:62:39:26:00:3c:
         09:7a:8c:69:6a:8b:2a:ed:0d:46:94:3c:06:b8:7e:34:62:a8:
         ac:2a:a7:12:ad:8d:a7:d9:2a:14:5a:53:91:1b:d5:19:2e:f8:
         8b:01:4a:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC22CDA3suNrPvSUyjdS0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDNhY2MwM2YxZTI2ZWJiNDAzOGNhMjBkYzU0Mjc4ZGNlYzQxNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNA8kaG9eO6vdlB/4c0+so5c82CD
D+qS6GISWpiwhDB1ThwqhLEAxmY2XB+n+ToIroyTn0x3Kme4YJDSZL+XzakPA+8z
O/zuRNd7hJPaSh0CKAPw628HmU+ZJhyQOGVLaRbtKsO5X3hwE2zFArAnG0yYiJ3F
4NEOO4gGmrJF1TMHZi2rgs7kRR89Gd+EBPwPrgqHPB1+DqaNeepkPCMB55n4HBab
3j0plfrvOT/ASYh4olRkbBiu3Zirq+Cy7Ls1TTJQQZMdLD29MXXu4YmF1KFZk/T2
mHDCYoXUGvOZamwg9jf/JwGQ9un7GxWWUo3O/wadjdxR/XmXQY79PjWh+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM06zAPx4m67QDjKINxUJ43OxBXiMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvelRyTUFfSGlicnRBT01vZzNGUW5qYzdFRmVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgciwIAC
MA0GCSqGSIb3DQEBCwUAA4IBAQChkH6QLNjivZeyAZu8dfGkA24HDQ1cqkQ2K/Dv
YzMa54VpGH9qebYSe49qJ4HhZndKIpxk65cEYnNnjdnyFlLLQu9HRGnbZUDKqiTw
2O/MSxzaSdQW/BSJ4kHQmfj+h/RVAmTClFPRZ5033+NYG3fcLBH6/pYSdw3YoaDI
GbKlNt0PKjR6IfAF5YdWDo35/aLM9CfB2xcKWTw/REG6b0qmpVgXOcPvoA+NFPap
r0gVLgpfDj6eJ8o0Bi5iYBqqWQ5ALB0dtLr/uOX312DM4tkI37ZWYjkmADwJeoxp
aosq7Q1GlDwGuH40YqisKqcSrY2n2SoUWlORG9UZLviLAUqS
-----END CERTIFICATE-----