Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/G8THdqRACzOrMmTF8uNax4VwuJY.roa
File:                     G8THdqRACzOrMmTF8uNax4VwuJY.roa (raw, json)
Hash identifier:          vR6mh3IhzxT0DZ9yDVVPifmWbeKIp4EQUVADccsJe9w=
Subject key identifier:   1B:C4:C7:76:A4:40:0B:33:AB:32:64:C5:F2:E3:5A:C7:85:70:B8:96
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       0190AB4B41933A0EBDBC80F3E3ED46F6A948
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/G8THdqRACzOrMmTF8uNax4VwuJY.roa
Signing time:             Sat 13 Jul 2024 08:52:34 +0000
ROA not before:           Sat 13 Jul 2024 08:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64439
IP address blocks:        2a0b:b200::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:4b:41:93:3a:0e:bd:bc:80:f3:e3:ed:46:f6:a9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Jul 13 08:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bc4c776a4400b33ab3264c5f2e35ac78570b896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a5:07:30:75:1d:7e:3d:e2:f8:d9:e6:7d:20:
                    64:a7:9f:a7:66:32:a5:95:1f:07:b1:a3:c6:a4:05:
                    64:0c:b4:82:ed:df:2a:d2:d2:7b:59:28:b4:96:05:
                    59:9e:8a:18:51:d9:84:f5:35:fb:0c:1f:c8:ef:56:
                    4b:e6:9a:85:99:47:ef:1b:4e:0e:85:8a:94:15:d1:
                    2d:e0:c0:b7:de:ac:18:ad:e7:b1:66:de:b9:1a:60:
                    27:08:ab:96:8b:06:8b:f3:c5:27:0a:03:98:18:36:
                    f6:f7:5e:11:1e:e9:3c:dd:55:03:d8:56:05:0a:10:
                    88:fd:e7:e4:a4:a9:b0:14:30:bf:16:d2:ac:4e:61:
                    e4:ad:9f:13:21:37:97:3d:03:e0:8e:21:e6:c1:09:
                    e9:54:e9:6f:a0:43:73:c9:bf:12:67:2c:ae:91:bd:
                    fc:50:0d:2c:ac:b2:bb:39:f0:10:b8:0b:80:59:a2:
                    2b:e1:ba:f2:8e:19:df:91:6d:4a:94:7f:71:f7:53:
                    3f:45:0e:0e:22:9b:af:25:d7:e4:05:7d:50:cd:1b:
                    4b:15:11:da:84:d8:14:37:97:12:3e:b2:f9:cb:d9:
                    b6:67:25:f2:27:fc:19:f9:ae:0a:52:59:37:20:53:
                    ba:d5:28:b2:88:68:5a:ec:ff:55:2b:2b:da:74:4d:
                    4e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C4:C7:76:A4:40:0B:33:AB:32:64:C5:F2:E3:5A:C7:85:70:B8:96
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/G8THdqRACzOrMmTF8uNax4VwuJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b200::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:12:d7:99:42:e4:c7:86:d3:e4:2a:86:ce:8e:77:1e:5e:aa:
         3a:64:b3:a2:8e:de:97:1d:eb:2a:11:c4:43:c4:c7:73:ea:91:
         8c:80:5c:c0:16:03:53:f8:c9:ac:e8:76:2b:b3:75:28:8d:f2:
         47:cc:d2:7b:04:5f:64:9a:0a:4c:25:ec:74:74:3b:65:68:9a:
         0e:09:5d:8c:56:af:6c:ab:c4:a2:54:ca:7b:87:57:0b:c5:7e:
         dd:61:dd:bd:21:a3:cd:2f:67:79:31:08:55:2f:bb:b9:d6:f5:
         fd:b8:a7:16:e5:7d:37:f7:fd:0c:0b:d6:ca:32:49:ec:42:dd:
         a6:82:7e:a5:48:74:47:8f:92:ca:c8:af:32:6d:d4:76:02:e3:
         fd:ef:8b:36:9f:78:f8:2f:d5:d2:05:c4:a2:22:9d:9d:01:dc:
         5b:e0:8d:12:b0:82:0d:6b:33:47:25:a5:2b:b2:1c:00:e8:d5:
         75:df:46:19:43:c8:c2:b9:ff:92:9a:31:c3:91:58:84:35:4b:
         37:e7:38:17:af:21:8c:65:64:9c:fb:60:98:d4:e3:d5:de:cc:
         46:62:54:42:57:dc:07:e8:2f:91:ae:e3:46:e6:5f:2f:69:b7:
         5a:86:2b:8c:c5:d6:55:34:45:fb:93:74:26:47:84:46:47:9f:
         1b:96:11:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCrS0GTOg69vIDz4+1G9qlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjQwNzEzMDg1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmM0Yzc3NmE0NDAwYjMzYWIzMjY0YzVmMmUzNWFjNzg1NzBiODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qUHMHUdfj3i+NnmfSBkp5+nZjKl
lR8HsaPGpAVkDLSC7d8q0tJ7WSi0lgVZnooYUdmE9TX7DB/I71ZL5pqFmUfvG04O
hYqUFdEt4MC33qwYreexZt65GmAnCKuWiwaL88UnCgOYGDb2914RHuk83VUD2FYF
ChCI/efkpKmwFDC/FtKsTmHkrZ8TITeXPQPgjiHmwQnpVOlvoENzyb8SZyyukb38
UA0srLK7OfAQuAuAWaIr4bryjhnfkW1KlH9x91M/RQ4OIpuvJdfkBX1QzRtLFRHa
hNgUN5cSPrL5y9m2ZyXyJ/wZ+a4KUlk3IFO61SiyiGha7P9VKyvadE1O/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBvEx3akQAszqzJkxfLjWseFcLiWMB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvRzhUSGRxUkFDek9yTW1URjh1TmF4NFZ3dUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKguyADAN
BgkqhkiG9w0BAQsFAAOCAQEAShLXmULkx4bT5CqGzo53Hl6qOmSzoo7elx3rKhHE
Q8THc+qRjIBcwBYDU/jJrOh2K7N1KI3yR8zSewRfZJoKTCXsdHQ7ZWiaDgldjFav
bKvEolTKe4dXC8V+3WHdvSGjzS9neTEIVS+7udb1/binFuV9N/f9DAvWyjJJ7ELd
poJ+pUh0R4+SysivMm3UdgLj/e+LNp94+C/V0gXEoiKdnQHcW+CNErCCDWszRyWl
K7IcAOjVdd9GGUPIwrn/kpoxw5FYhDVLN+c4F68hjGVknPtgmNTj1d7MRmJUQlfc
B+gvka7jRuZfL2m3WoYrjMXWVTRF+5N0JkeERkefG5YRWQ==
-----END CERTIFICATE-----