Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/do3gPz0LlAN1X6Xy8mHxZSlWynU.roa
File:                     do3gPz0LlAN1X6Xy8mHxZSlWynU.roa (raw, json)
Hash identifier:          W683wwuLTRU5fFhOj1GkPOHmi+O/0E5ne9oBPJq3mxQ=
Subject key identifier:   76:8D:E0:3F:3D:0B:94:03:75:5F:A5:F2:F2:61:F1:65:29:56:CA:75
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       018CC795602E1401B22D9F5878A42776268E
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/do3gPz0LlAN1X6Xy8mHxZSlWynU.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35365
IP address blocks:        2a07:bbc0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:60:2e:14:01:b2:2d:9f:58:78:a4:27:76:26:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=768de03f3d0b9403755fa5f2f261f1652956ca75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e7:75:95:ff:4c:dd:a6:72:18:dc:50:cf:fe:
                    bb:ed:5b:89:c5:fd:a1:d0:3d:71:45:71:4e:a2:e1:
                    a7:54:ab:a7:96:15:76:4c:d5:fa:2a:7b:47:7d:8b:
                    d5:f7:f8:e1:9c:46:6b:fc:49:fd:a7:2b:ec:70:e2:
                    22:22:a9:6e:d0:39:09:13:c2:a8:44:57:88:1b:8a:
                    ff:ab:dc:e4:3a:43:ec:f1:f6:57:8c:11:b7:c2:b9:
                    f5:07:b6:86:a6:17:e2:b9:6c:c4:08:cd:ed:5d:83:
                    f6:f7:a6:e7:57:66:54:44:b8:19:58:d0:4b:8d:78:
                    f0:83:44:fd:b9:9b:43:c6:fa:95:b3:e2:96:19:d3:
                    07:dc:2e:2f:83:75:6b:3f:12:d0:63:b7:49:60:47:
                    97:0f:07:b2:04:9e:c7:39:d0:dc:8e:46:b2:0e:07:
                    7a:a8:65:3c:ba:3f:f8:f0:55:e8:e9:78:b7:af:30:
                    a4:00:62:20:be:ba:9c:f5:27:97:b7:60:97:df:4e:
                    37:59:28:dd:c8:bd:9b:67:1f:26:ca:c9:ae:41:4d:
                    13:0b:d9:24:89:5b:36:33:3e:42:5e:1d:f2:22:e9:
                    25:13:4c:a5:d3:0d:8d:31:1a:1c:d6:82:7a:22:c1:
                    90:aa:82:f3:c6:0a:9c:25:45:3a:76:58:5f:a9:21:
                    34:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:8D:E0:3F:3D:0B:94:03:75:5F:A5:F2:F2:61:F1:65:29:56:CA:75
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/do3gPz0LlAN1X6Xy8mHxZSlWynU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:bbc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         db:b1:62:dd:28:4a:46:0f:aa:45:84:a3:7c:aa:96:19:33:4e:
         29:1b:0e:ca:a3:3a:a1:a8:e4:52:ba:b6:c8:5f:d8:ec:86:27:
         5c:7c:b3:9c:ea:7b:72:95:b4:76:fd:b8:18:49:d1:a6:75:8e:
         7a:ff:85:37:ec:c0:34:0b:eb:d6:eb:f4:f4:09:64:41:8f:84:
         80:37:09:c7:92:4f:bb:01:cc:c7:7f:3e:32:16:d6:fd:fc:06:
         29:e5:bc:62:cf:75:06:71:78:49:93:20:49:9e:d7:88:1c:61:
         20:4c:96:76:cb:6a:0d:78:6a:48:15:8f:6c:c0:e1:ed:98:63:
         4b:54:a7:2c:c1:b2:06:63:6d:48:68:d0:5b:99:cd:c1:6e:2c:
         8a:b1:3a:dd:3b:78:db:c6:17:06:db:51:a1:e8:61:72:82:7a:
         2c:66:fa:85:9e:67:45:40:49:1a:19:5b:59:21:ac:69:c5:53:
         d1:23:6d:e1:0f:e5:b6:a1:12:a6:92:4c:fa:ba:c1:78:28:26:
         90:f7:96:ab:b3:65:76:d0:c9:e6:16:3d:68:7c:49:3f:18:7f:
         15:a6:6e:53:c7:97:fa:74:0d:f0:33:47:bf:11:90:e0:fa:8d:
         f6:ce:28:6a:73:aa:72:e8:ca:78:64:3e:c4:7e:2a:ab:76:a8:
         d3:fe:a6:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlWAuFAGyLZ9YeKQndiaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjhkZTAzZjNkMGI5NDAzNzU1ZmE1ZjJmMjYxZjE2NTI5NTZjYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+d1lf9M3aZyGNxQz/677VuJxf2h
0D1xRXFOouGnVKunlhV2TNX6KntHfYvV9/jhnEZr/En9pyvscOIiIqlu0DkJE8Ko
RFeIG4r/q9zkOkPs8fZXjBG3wrn1B7aGphfiuWzECM3tXYP296bnV2ZURLgZWNBL
jXjwg0T9uZtDxvqVs+KWGdMH3C4vg3VrPxLQY7dJYEeXDweyBJ7HOdDcjkayDgd6
qGU8uj/48FXo6Xi3rzCkAGIgvrqc9SeXt2CX3043WSjdyL2bZx8mysmuQU0TC9kk
iVs2Mz5CXh3yIuklE0yl0w2NMRoc1oJ6IsGQqoLzxgqcJUU6dlhfqSE0GwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHaN4D89C5QDdV+l8vJh8WUpVsp1MB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvZG8zZ1B6MExsQU4xWDZYeThtSHhaU2xXeW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKge7wAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQDbsWLdKEpGD6pFhKN8qpYZM04pGw7KozqhqORS
urbIX9jshidcfLOc6ntylbR2/bgYSdGmdY56/4U37MA0C+vW6/T0CWRBj4SANwnH
kk+7AczHfz4yFtb9/AYp5bxiz3UGcXhJkyBJnteIHGEgTJZ2y2oNeGpIFY9swOHt
mGNLVKcswbIGY21IaNBbmc3BbiyKsTrdO3jbxhcG21Gh6GFygnosZvqFnmdFQEka
GVtZIaxpxVPRI23hD+W2oRKmkkz6usF4KCaQ95ars2V20MnmFj1ofEk/GH8Vpm5T
x5f6dA3wM0e/EZDg+o32zihqc6py6Mp4ZD7EfiqrdqjT/qbs
-----END CERTIFICATE-----