Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/8zqjLmOnKGx0zOCgKEJ2fM4GAj0.roa
File:                     8zqjLmOnKGx0zOCgKEJ2fM4GAj0.roa (raw, json)
Hash identifier:          tZxStpijPFCIZscVBmiaIm5epNtuI/gs1bkkF/sMjLs=
Subject key identifier:   F3:3A:A3:2E:63:A7:28:6C:74:CC:E0:A0:28:42:76:7C:CE:06:02:3D
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       01922567707D62F1703950425CD4FC8D7137
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/8zqjLmOnKGx0zOCgKEJ2fM4GAj0.roa
Signing time:             Tue 24 Sep 2024 18:59:48 +0000
ROA not before:           Tue 24 Sep 2024 18:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        2a06:1301:4210::/48 maxlen: 48
                          2a06:1301:4570::/48 maxlen: 48
                          2a06:1301:4725::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:25:67:70:7d:62:f1:70:39:50:42:5c:d4:fc:8d:71:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Sep 24 18:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f33aa32e63a7286c74cce0a02842767cce06023d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8a:0f:eb:78:19:66:b0:27:c2:c8:e7:72:41:
                    e5:52:da:58:cd:a4:59:e4:bd:96:b0:79:e8:7f:d6:
                    b6:7b:02:65:0c:b6:de:2b:35:8c:67:17:8d:6a:18:
                    ef:c3:ae:0b:37:49:fb:dd:b7:c3:6e:32:cf:54:b0:
                    eb:32:9d:52:68:fe:07:4e:de:7c:d0:b8:96:51:48:
                    97:ef:e8:0d:ab:40:65:22:49:c4:ce:3e:cf:f8:2a:
                    25:51:11:8e:ca:b0:61:0f:e9:bd:90:91:08:68:28:
                    ba:75:47:07:48:38:af:34:79:2e:69:15:a0:bd:74:
                    94:de:5c:5a:75:4a:1e:1d:a8:a2:78:f7:53:76:6b:
                    f5:4f:a6:36:32:a1:84:8d:f5:7a:84:63:13:36:90:
                    a2:06:1a:af:7f:29:3c:e1:b1:de:f0:05:b4:70:39:
                    77:ff:4a:7f:ee:b0:4a:fd:52:f2:f3:7c:87:6e:c3:
                    e3:86:93:cd:8e:93:85:43:88:eb:09:bc:b9:17:56:
                    8f:46:56:f1:fd:98:0b:12:78:bf:df:62:7a:cf:b4:
                    7b:e3:52:ad:69:87:9a:5e:4e:90:db:3e:5a:56:57:
                    ac:fe:14:cb:2f:a6:2b:fe:02:3c:c5:bf:9e:7a:de:
                    5b:e5:3b:d2:21:0d:e0:95:47:44:94:12:aa:d3:35:
                    5b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:3A:A3:2E:63:A7:28:6C:74:CC:E0:A0:28:42:76:7C:CE:06:02:3D
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/8zqjLmOnKGx0zOCgKEJ2fM4GAj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1301:4210::/48
                  2a06:1301:4570::/48
                  2a06:1301:4725::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:f8:e9:fe:16:e1:b5:85:77:1d:c8:53:b8:ef:33:44:7c:d3:
         d4:a5:2a:76:d3:ab:11:c2:62:db:24:d3:29:1b:eb:a5:82:50:
         a2:94:18:0b:a7:20:f1:9a:3d:e1:6d:26:62:26:8a:c2:33:d1:
         e8:3f:90:7d:1f:00:f3:83:59:c5:3f:b0:ba:08:be:f7:61:d1:
         16:5d:ec:29:e8:56:b6:90:7a:56:04:74:04:e0:ed:15:d7:d3:
         3f:b3:f7:c4:dd:5d:42:31:fa:9e:bd:e8:99:a8:0b:77:b5:1d:
         43:0f:4b:c8:51:75:0a:8d:f0:23:f6:87:da:8c:59:56:1a:d0:
         9e:66:82:8f:c9:55:21:f3:2f:09:52:cd:02:6c:91:95:e4:65:
         ca:f8:36:61:ee:93:7c:68:c9:cf:69:fa:8f:ac:e7:c8:e9:a6:
         24:c0:57:ac:34:bc:48:50:1e:f5:3b:e3:15:5d:4d:7e:38:09:
         98:79:f0:ea:92:9c:be:47:73:c0:71:f1:25:7c:c5:ca:34:68:
         77:9c:21:f9:5b:1c:5f:fc:ce:48:b8:f3:fd:89:1c:7c:70:66:
         f5:32:49:48:13:28:4c:7b:ee:03:cd:c5:25:d6:3e:15:6a:0a:
         e4:87:30:a8:d2:1f:c3:a3:7d:53:6e:4a:bc:3b:80:e4:56:0c:
         32:0e:69:98
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZIlZ3B9YvFwOVBCXNT8jXE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwOTI0MTg1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzNhYTMyZTYzYTcyODZjNzRjY2UwYTAyODQyNzY3Y2NlMDYwMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04oP63gZZrAnwsjnckHlUtpYzaRZ
5L2WsHnof9a2ewJlDLbeKzWMZxeNahjvw64LN0n73bfDbjLPVLDrMp1SaP4HTt58
0LiWUUiX7+gNq0BlIknEzj7P+ColURGOyrBhD+m9kJEIaCi6dUcHSDivNHkuaRWg
vXSU3lxadUoeHaiiePdTdmv1T6Y2MqGEjfV6hGMTNpCiBhqvfyk84bHe8AW0cDl3
/0p/7rBK/VLy83yHbsPjhpPNjpOFQ4jrCby5F1aPRlbx/ZgLEni/32J6z7R741Kt
aYeaXk6Q2z5aVles/hTLL6Yr/gI8xb+eet5b5TvSIQ3glUdElBKq0zVbPwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPM6oy5jpyhsdMzgoChCdnzOBgI9MB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvOHpxakxtT25LR3gwek9DZ0tFSjJmTTRHQWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgYTAUIQ
AwcAKgYTAUVwAwcAKgYTAUclMA0GCSqGSIb3DQEBCwUAA4IBAQBP+On+FuG1hXcd
yFO47zNEfNPUpSp206sRwmLbJNMpG+ulglCilBgLpyDxmj3hbSZiJorCM9HoP5B9
HwDzg1nFP7C6CL73YdEWXewp6Fa2kHpWBHQE4O0V19M/s/fE3V1CMfqeveiZqAt3
tR1DD0vIUXUKjfAj9ofajFlWGtCeZoKPyVUh8y8JUs0CbJGV5GXK+DZh7pN8aMnP
afqPrOfI6aYkwFesNLxIUB71O+MVXU1+OAmYefDqkpy+R3PAcfElfMXKNGh3nCH5
Wxxf/M5IuPP9iRx8cGb1MklIEyhMe+4DzcUl1j4VagrkhzCo0h/Do31Tbkq8O4Dk
VgwyDmmY
-----END CERTIFICATE-----