Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/7CNCW46mKGrZ6o76tD5IWWkBGZw.roa
File:                     7CNCW46mKGrZ6o76tD5IWWkBGZw.roa (raw, json)
Hash identifier:          8UYk6m/vjEjbIZtffTOKuj1YWcYYPpp/BVNFuFa0OT0=
Subject key identifier:   EC:23:42:5B:8E:A6:28:6A:D9:EA:8E:FA:B4:3E:48:59:69:01:19:9C
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       018DAC50EDA457A40E9A8161C64D0204AC83
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/7CNCW46mKGrZ6o76tD5IWWkBGZw.roa
Signing time:             Thu 15 Feb 2024 10:30:01 +0000
ROA not before:           Thu 15 Feb 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51395
IP address blocks:        2a0b:7140:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:50:ed:a4:57:a4:0e:9a:81:61:c6:4d:02:04:ac:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Feb 15 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec23425b8ea6286ad9ea8efab43e48596901199c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bb:db:ac:21:29:88:54:96:be:bd:25:45:7b:
                    7b:16:6b:c0:76:8d:7a:b0:f7:08:7a:bb:3b:8e:ff:
                    fc:af:a2:5d:0b:31:33:ba:e8:b0:68:a6:1e:75:ab:
                    33:67:07:fc:79:e3:94:61:34:73:68:4b:c9:71:7b:
                    7e:6d:f9:5f:5a:7a:1b:84:91:52:cb:c8:7d:36:f9:
                    60:0f:bb:a3:2a:a1:b8:3c:a9:78:2f:fb:3a:b0:ce:
                    78:87:47:3a:de:3c:ac:57:20:41:b2:36:94:49:e2:
                    b6:ff:ab:85:7b:f2:30:ae:9d:d9:0c:57:0e:e6:fd:
                    1c:f3:73:c5:19:0f:99:ff:e7:9c:83:b1:10:3e:9a:
                    ed:b7:71:3b:9b:d0:d3:9a:25:16:15:04:21:8c:09:
                    83:06:3d:46:5d:fd:a1:22:c2:51:fe:cf:ca:7a:9d:
                    c3:a2:da:0f:a7:12:98:9a:94:cf:8f:0e:01:eb:eb:
                    30:68:59:5f:c1:46:43:70:11:f7:29:d8:46:89:fd:
                    fd:9b:0e:45:2f:d0:4d:0a:ed:9d:8b:71:94:23:25:
                    f5:9b:76:b3:8f:7e:32:a0:8b:46:b1:d5:f8:c5:63:
                    1d:9c:c0:69:45:87:a9:98:df:ee:d9:db:03:98:25:
                    90:77:26:28:12:3f:f2:dc:48:27:92:88:44:8e:5b:
                    d5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:23:42:5B:8E:A6:28:6A:D9:EA:8E:FA:B4:3E:48:59:69:01:19:9C
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/7CNCW46mKGrZ6o76tD5IWWkBGZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7140:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:e9:ba:cc:82:5e:66:44:58:64:5b:72:6b:36:75:2f:d8:51:
         4b:88:3c:b9:de:1e:a0:c1:98:a4:23:c7:3d:e1:78:55:ce:5e:
         e3:ca:b9:e6:59:be:b0:c9:b1:bc:44:c8:12:4d:f2:33:9d:51:
         14:01:9b:c2:0c:ea:f4:0f:b8:9b:e2:20:07:76:52:1f:80:95:
         20:63:cf:a0:80:20:1e:cc:f7:e6:f5:7e:ee:8e:97:39:f4:05:
         db:d4:3e:f4:a1:e1:d7:cc:23:07:a0:b9:33:02:19:3c:fd:3e:
         83:33:e1:e2:c6:15:0e:a5:11:78:a5:2d:6a:03:80:d4:4e:00:
         95:3d:b0:59:87:71:4c:7e:29:68:2e:66:2c:fe:6f:d5:c8:7a:
         f2:a1:2e:7c:06:3a:6b:63:15:f2:27:59:f3:83:00:fc:06:b5:
         67:c8:4c:2e:80:66:79:66:d9:45:8c:44:9d:f3:7a:86:81:ff:
         29:fd:ef:99:4d:60:76:d1:8e:d5:7d:a2:f1:53:9a:94:49:89:
         1c:b0:ac:51:72:73:75:73:20:56:71:3b:e9:ac:3b:c9:66:99:
         f9:3f:81:2a:f4:28:ff:35:af:34:fe:a3:67:b5:9b:03:fb:ff:
         71:50:8e:78:d2:6a:a3:85:67:7b:5d:f4:74:78:87:03:05:c7:
         44:84:31:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2sUO2kV6QOmoFhxk0CBKyDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjQwMjE1MTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzIzNDI1YjhlYTYyODZhZDllYThlZmFiNDNlNDg1OTY5MDExOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbvbrCEpiFSWvr0lRXt7FmvAdo16
sPcIers7jv/8r6JdCzEzuuiwaKYedaszZwf8eeOUYTRzaEvJcXt+bflfWnobhJFS
y8h9NvlgD7ujKqG4PKl4L/s6sM54h0c63jysVyBBsjaUSeK2/6uFe/Iwrp3ZDFcO
5v0c83PFGQ+Z/+ecg7EQPprtt3E7m9DTmiUWFQQhjAmDBj1GXf2hIsJR/s/Kep3D
otoPpxKYmpTPjw4B6+swaFlfwUZDcBH3KdhGif39mw5FL9BNCu2di3GUIyX1m3az
j34yoItGsdX4xWMdnMBpRYepmN/u2dsDmCWQdyYoEj/y3EgnkohEjlvVxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOwjQluOpihq2eqO+rQ+SFlpARmcMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvN0NOQ1c0Nm1LR3JaNm83NnRENUlXV2tCR1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtxQAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBY6brMgl5mRFhkW3JrNnUv2FFLiDy53h6gwZik
I8c94XhVzl7jyrnmWb6wybG8RMgSTfIznVEUAZvCDOr0D7ib4iAHdlIfgJUgY8+g
gCAezPfm9X7ujpc59AXb1D70oeHXzCMHoLkzAhk8/T6DM+HixhUOpRF4pS1qA4DU
TgCVPbBZh3FMfiloLmYs/m/VyHryoS58BjprYxXyJ1nzgwD8BrVnyEwugGZ5ZtlF
jESd83qGgf8p/e+ZTWB20Y7VfaLxU5qUSYkcsKxRcnN1cyBWcTvprDvJZpn5P4Eq
9Cj/Na80/qNntZsD+/9xUI540mqjhWd7XfR0eIcDBcdEhDFk
-----END CERTIFICATE-----