Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/fwk60uLmLHXaLnBeaQF4s8eV79w.roa
File:                     fwk60uLmLHXaLnBeaQF4s8eV79w.roa (raw, json)
Hash identifier:          TCvIJyY3Urr3Pk0lSF8iSjCL/P4zcbte7ky7NcEDZlk=
Subject key identifier:   7F:09:3A:D2:E2:E6:2C:75:DA:2E:70:5E:69:01:78:B3:C7:95:EF:DC
Certificate issuer:       /CN=07d44a52778aa65f736e72436003f6654f268318
Certificate serial:       018CC3B67BFC74668357AB298A33029066D3
Authority key identifier: 07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/fwk60uLmLHXaLnBeaQF4s8eV79w.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12303
IP address blocks:        2001:738:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7b:fc:74:66:83:57:ab:29:8a:33:02:90:66:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d44a52778aa65f736e72436003f6654f268318
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f093ad2e2e62c75da2e705e690178b3c795efdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:82:65:52:ee:84:eb:60:c6:20:be:71:d8:df:
                    a6:5e:96:98:3f:ed:1e:09:24:ca:a2:cc:b3:6b:65:
                    6f:e7:64:5c:f6:7b:b5:66:66:2a:14:d9:74:bf:63:
                    c8:76:c5:11:71:73:f3:91:b8:80:25:70:47:9e:92:
                    c5:0f:e1:ce:fe:77:ae:b6:55:c3:f3:b2:af:75:25:
                    39:8d:99:de:c1:78:df:35:f5:9d:05:30:e0:bf:8b:
                    03:16:7b:bb:eb:42:9c:c6:e3:a6:8b:5e:19:ea:d6:
                    98:38:be:25:ae:88:82:cb:bb:0c:59:62:31:38:b4:
                    ce:f4:dd:13:f6:34:fa:7e:06:fe:07:67:d9:c1:2e:
                    6c:b3:78:00:46:70:ed:4f:01:0e:05:f3:75:ee:4c:
                    f2:2b:30:ff:69:23:20:47:4f:71:1d:3a:e8:f4:e2:
                    01:a4:75:14:79:c9:a9:fd:ee:aa:ea:cb:6a:5b:31:
                    31:37:a8:26:20:5a:7e:1c:9f:8b:07:4e:9b:24:f9:
                    95:36:e0:8d:86:67:86:94:12:5d:24:41:06:d9:44:
                    55:0a:81:0a:b1:2e:d8:a9:64:51:18:8c:78:f9:53:
                    d1:9c:ae:2d:e8:7e:f4:c9:41:df:0a:d9:62:09:2a:
                    ba:03:15:85:00:47:b0:aa:b4:56:c8:3e:29:0f:83:
                    72:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:09:3A:D2:E2:E6:2C:75:DA:2E:70:5E:69:01:78:B3:C7:95:EF:DC
            X509v3 Authority Key Identifier:
                keyid:07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/fwk60uLmLHXaLnBeaQF4s8eV79w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:738:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:b8:37:c9:f0:b5:aa:47:47:45:f4:9c:e2:a6:f6:46:0e:64:
         f7:e1:84:e6:7b:ae:ca:03:0c:10:5a:87:02:41:aa:3d:08:f4:
         47:af:47:d6:ef:13:47:17:0a:7a:91:16:38:8d:31:c4:a8:d8:
         df:b7:fb:c1:0e:5b:83:d7:cc:e7:83:bc:ca:89:e8:40:32:03:
         07:5d:b5:eb:22:ae:58:e9:24:fa:04:09:c5:d5:7a:6d:df:a5:
         7f:77:03:ba:d6:0d:22:22:aa:06:37:68:0d:63:cf:cb:f1:fb:
         31:d2:0e:30:b5:56:11:e4:6b:11:b1:e8:71:81:9f:99:c5:e6:
         15:b3:9b:58:9d:b3:cd:e3:74:83:44:10:dc:b5:0f:78:51:04:
         ec:20:68:63:aa:e4:28:91:31:fd:bb:46:c2:fd:de:81:01:e1:
         c3:89:58:e5:d6:06:88:ae:88:bd:56:89:1c:ad:db:f1:03:33:
         19:78:b5:5f:50:49:4f:91:9a:0d:00:48:7e:90:42:9b:e9:bf:
         b2:2b:a7:89:13:bd:a9:18:16:86:24:e6:3d:8c:9b:42:3d:bd:
         5e:76:a9:bf:39:38:d0:6e:08:f8:29:8a:d7:54:61:11:97:dd:
         94:da:cc:48:6d:91:cc:1e:20:71:a7:f8:05:12:f6:3f:1c:5f:
         3c:3e:d3:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtnv8dGaDV6spijMCkGbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDQ0YTUyNzc4YWE2NWY3MzZlNzI0MzYwMDNmNjY1NGYy
NjgzMTgwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjA5M2FkMmUyZTYyYzc1ZGEyZTcwNWU2OTAxNzhiM2M3OTVlZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34JlUu6E62DGIL5x2N+mXpaYP+0e
CSTKosyza2Vv52Rc9nu1ZmYqFNl0v2PIdsURcXPzkbiAJXBHnpLFD+HO/neutlXD
87KvdSU5jZnewXjfNfWdBTDgv4sDFnu760KcxuOmi14Z6taYOL4lroiCy7sMWWIx
OLTO9N0T9jT6fgb+B2fZwS5ss3gARnDtTwEOBfN17kzyKzD/aSMgR09xHTro9OIB
pHUUecmp/e6q6stqWzExN6gmIFp+HJ+LB06bJPmVNuCNhmeGlBJdJEEG2URVCoEK
sS7YqWRRGIx4+VPRnK4t6H70yUHfCtliCSq6AxWFAEewqrRWyD4pD4NyfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH8JOtLi5ix12i5wXmkBeLPHle/cMB8GA1UdIwQY
MBaAFAfUSlJ3iqZfc25yQ2AD9mVPJoMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGIt
MWQyOGE2MGUwZTMwLzEvZndrNjB1TG1MSFhhTG5CZWFRRjRzOGVWNzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGItMWQyOGE2MGUwZTMw
LzEvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEHOAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQAvuDfJ8LWqR0dF9JzipvZGDmT34YTme67KAwwQ
WocCQao9CPRHr0fW7xNHFwp6kRY4jTHEqNjft/vBDluD18zng7zKiehAMgMHXbXr
Iq5Y6ST6BAnF1Xpt36V/dwO61g0iIqoGN2gNY8/L8fsx0g4wtVYR5GsRsehxgZ+Z
xeYVs5tYnbPN43SDRBDctQ94UQTsIGhjquQokTH9u0bC/d6BAeHDiVjl1gaIroi9
VokcrdvxAzMZeLVfUElPkZoNAEh+kEKb6b+yK6eJE72pGBaGJOY9jJtCPb1edqm/
OTjQbgj4KYrXVGERl92U2sxIbZHMHiBxp/gFEvY/HF88PtMG
-----END CERTIFICATE-----