Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/8EejhKUC3fVjo5PYf0TH491vvNA.roa
File:                     8EejhKUC3fVjo5PYf0TH491vvNA.roa (raw, json)
Hash identifier:          t9laCzHBbT+ekzbQ76J1OLgBRlk18/i6+78Cbb3LjGk=
Subject key identifier:   F0:47:A3:84:A5:02:DD:F5:63:A3:93:D8:7F:44:C7:E3:DD:6F:BC:D0
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       019160F08BF48FE460889E6CFB97A85505BB
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/8EejhKUC3fVjo5PYf0TH491vvNA.roa
Signing time:             Sat 17 Aug 2024 15:24:22 +0000
ROA not before:           Sat 17 Aug 2024 15:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60234
IP address blocks:        2a05:b0c7:1800::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:60:f0:8b:f4:8f:e4:60:88:9e:6c:fb:97:a8:55:05:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Aug 17 15:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f047a384a502ddf563a393d87f44c7e3dd6fbcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b3:b8:8e:86:ad:6b:a8:b8:6a:90:8a:85:5b:
                    36:05:db:b5:7a:84:53:f5:e2:ec:47:2d:63:4e:6c:
                    d4:08:71:73:62:bb:0f:6c:7e:ca:ea:53:2c:9f:21:
                    b3:8a:da:54:0a:d1:3c:3f:c0:ba:89:80:71:1f:9d:
                    38:51:8c:df:f5:e1:06:46:d3:ca:81:f2:5e:2f:0c:
                    98:78:c1:da:08:4a:cf:94:1f:a6:07:28:ca:c1:e2:
                    15:13:1f:44:0c:96:a1:68:ce:24:fe:76:e5:5d:6d:
                    a5:f0:d4:10:f5:00:f2:bf:fe:1b:8d:86:71:54:32:
                    bd:0c:0c:19:a8:61:86:99:a2:ce:58:ea:64:5a:a7:
                    64:7d:d1:85:d3:13:b2:70:cc:85:53:b2:6d:8b:6c:
                    38:e4:f5:84:7d:c7:fd:fa:c5:f8:aa:22:39:d7:70:
                    61:8c:e0:a6:a2:79:10:98:e0:6e:08:75:b5:66:54:
                    f5:19:d4:d6:ca:ab:13:76:36:fd:49:28:86:af:f6:
                    4e:86:e5:4d:4f:4b:04:7b:85:87:7c:19:d3:b3:32:
                    aa:7c:4a:f3:a8:fe:c4:bf:cf:a6:aa:8b:35:90:43:
                    60:31:3b:48:ca:bd:05:07:35:9c:05:59:33:3e:38:
                    f1:70:50:76:9d:d4:40:0d:e6:47:08:37:28:67:b7:
                    45:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:47:A3:84:A5:02:DD:F5:63:A3:93:D8:7F:44:C7:E3:DD:6F:BC:D0
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/8EejhKUC3fVjo5PYf0TH491vvNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:1800::/39

    Signature Algorithm: sha256WithRSAEncryption
         7f:be:41:bb:70:80:84:28:b3:dd:93:ea:7d:d0:e9:c4:10:22:
         fc:a6:e2:dc:3e:33:3a:83:39:5a:d0:f6:5b:df:1c:20:1f:06:
         04:70:9c:b8:35:a6:1e:7e:db:99:d9:73:e9:3f:75:fc:44:28:
         59:a2:e7:68:90:a3:b0:e4:76:fd:72:8a:ba:75:dd:8c:28:6a:
         d1:fd:04:b3:3b:16:ca:c2:50:3f:97:63:8b:f5:d4:06:45:75:
         94:e7:fe:f5:66:28:47:81:fe:be:27:5b:97:45:3d:50:6a:39:
         19:fb:9c:cf:fa:e3:d8:41:0f:70:0a:9c:ba:1c:61:04:37:0a:
         f0:a0:ce:a5:97:90:c2:53:fb:3f:8b:20:3c:bf:0d:5d:53:91:
         af:23:3e:5c:25:3c:ff:20:54:eb:20:17:96:61:ac:f5:7a:59:
         d8:d0:f5:80:99:fa:ed:6f:fc:fc:8a:41:70:07:7d:d4:69:c7:
         74:86:13:a9:62:29:16:ee:fd:fb:40:21:8e:fa:69:0c:58:c4:
         14:5c:bc:49:cd:72:27:cd:6f:80:6a:eb:5d:28:82:5d:ea:44:
         17:95:c5:c7:fa:2c:7b:a6:19:de:ca:c3:c4:74:9e:ac:52:7b:
         3a:ba:15:d0:4c:a6:b8:18:6c:be:13:c7:69:87:a8:4b:b9:66:
         31:bb:26:c9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZFg8Iv0j+RgiJ5s+5eoVQW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwODE3MTUyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQ3YTM4NGE1MDJkZGY1NjNhMzkzZDg3ZjQ0YzdlM2RkNmZiY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrO4joata6i4apCKhVs2Bdu1eoRT
9eLsRy1jTmzUCHFzYrsPbH7K6lMsnyGzitpUCtE8P8C6iYBxH504UYzf9eEGRtPK
gfJeLwyYeMHaCErPlB+mByjKweIVEx9EDJahaM4k/nblXW2l8NQQ9QDyv/4bjYZx
VDK9DAwZqGGGmaLOWOpkWqdkfdGF0xOycMyFU7Jti2w45PWEfcf9+sX4qiI513Bh
jOCmonkQmOBuCHW1ZlT1GdTWyqsTdjb9SSiGr/ZOhuVNT0sEe4WHfBnTszKqfErz
qP7Ev8+mqos1kENgMTtIyr0FBzWcBVkzPjjxcFB2ndRADeZHCDcoZ7dFGQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPBHo4SlAt31Y6OT2H9Ex+Pdb7zQMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvOEVlamhLVUMzZlZqbzVQWWYwVEg0OTF2dk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgWwxxgw
DQYJKoZIhvcNAQELBQADggEBAH++QbtwgIQos92T6n3Q6cQQIvym4tw+MzqDOVrQ
9lvfHCAfBgRwnLg1ph5+25nZc+k/dfxEKFmi52iQo7Dkdv1yirp13YwoatH9BLM7
FsrCUD+XY4v11AZFdZTn/vVmKEeB/r4nW5dFPVBqORn7nM/649hBD3AKnLocYQQ3
CvCgzqWXkMJT+z+LIDy/DV1Tka8jPlwlPP8gVOsgF5ZhrPV6WdjQ9YCZ+u1v/PyK
QXAHfdRpx3SGE6liKRbu/ftAIY76aQxYxBRcvEnNcifNb4Bq610ogl3qRBeVxcf6
LHumGd7Kw8R0nqxSezq6FdBMprgYbL4Tx2mHqEu5ZjG7Jsk=
-----END CERTIFICATE-----