Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/9ID8eHI4aLXCiQ0RRq7kIzeDuyM.roa
File:                     9ID8eHI4aLXCiQ0RRq7kIzeDuyM.roa (raw, json)
Hash identifier:          oiazI3X2HPaa2kO29mwCmS25ghWGH6Nc33H9KdkqyDQ=
Subject key identifier:   F4:80:FC:78:72:38:68:B5:C2:89:0D:11:46:AE:E4:23:37:83:BB:23
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       018CC7944F68724B205F97F043ED33E77259
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/9ID8eHI4aLXCiQ0RRq7kIzeDuyM.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        2a07:6d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4f:68:72:4b:20:5f:97:f0:43:ed:33:e7:72:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f480fc78723868b5c2890d1146aee4233783bb23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6d:cc:dc:52:08:9f:c1:7c:20:06:db:0e:9c:
                    cb:17:d5:71:7e:0e:f0:f9:95:13:dd:b0:eb:f8:4c:
                    70:ba:97:fd:e5:63:fe:af:d0:b8:63:0f:37:44:d1:
                    df:5f:98:f7:b1:ff:84:1e:08:cf:a9:a1:20:24:4f:
                    00:2a:53:7c:8f:a3:6c:b6:b6:f0:68:96:1b:52:86:
                    a6:d7:2e:b5:29:aa:3b:75:30:65:5f:82:4e:98:85:
                    65:42:0a:2c:83:d8:fe:93:90:33:54:09:e7:80:ce:
                    1f:74:74:a3:e0:d2:f5:d0:55:81:89:2a:5f:71:01:
                    a0:ec:ae:27:a2:36:a1:48:ab:2e:86:af:9f:00:a0:
                    b2:80:69:53:6b:a5:18:4e:3a:3e:0b:6f:cf:ba:fa:
                    b9:39:87:7a:6a:64:39:7f:67:ad:46:60:0f:06:5a:
                    b7:b1:aa:61:90:b8:d4:0b:c7:cc:8d:27:3e:f2:3f:
                    01:d1:76:68:85:77:ea:43:d2:1b:33:c5:50:1e:61:
                    97:e6:45:e6:19:5c:8d:b3:27:c9:12:2d:a6:2b:43:
                    ae:dc:ea:f3:a8:20:50:15:f3:40:0f:51:0b:e1:32:
                    89:15:27:65:44:8e:57:de:ad:e2:ff:66:5a:f4:04:
                    12:24:0b:34:16:6d:20:1a:dd:b5:21:9a:46:d0:b1:
                    fa:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:80:FC:78:72:38:68:B5:C2:89:0D:11:46:AE:E4:23:37:83:BB:23
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/9ID8eHI4aLXCiQ0RRq7kIzeDuyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:6d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:43:6d:c2:78:9f:4e:6b:7f:88:95:54:1f:55:04:66:98:56:
         29:22:4e:9f:e5:92:65:db:39:3a:c2:b8:76:eb:f3:80:a4:64:
         7d:7f:3f:bb:a0:1c:1f:9b:17:48:4a:59:a8:4a:f9:6c:ac:d9:
         a0:fc:6e:4a:06:da:50:c3:8e:00:87:65:1f:89:af:34:c7:30:
         cb:28:a8:84:9c:b4:59:54:94:4d:24:57:1e:26:e0:21:40:80:
         91:eb:3a:6f:e8:05:1f:dc:9e:45:a1:ed:27:79:8a:17:18:84:
         87:7e:77:fb:7e:5a:29:38:22:6e:b9:6d:40:01:f3:df:de:0c:
         e4:dd:6a:7d:2a:31:2e:a0:d7:bd:78:42:3a:f6:76:91:77:ca:
         75:0b:13:2e:6a:3d:cb:b6:5a:fd:d4:a8:ae:be:30:a9:25:a0:
         23:dc:88:b9:82:bf:e2:3e:a7:b1:1a:65:23:0b:d1:ed:e5:78:
         06:22:26:a5:a9:39:cf:ad:78:05:b3:67:8c:ce:71:76:9a:f1:
         c6:fc:8a:3d:ee:d4:4d:25:de:af:86:c4:25:51:c3:b2:38:2b:
         b7:64:b2:55:ba:f1:b3:52:06:12:67:55:3f:c4:ba:ff:9d:b3:
         cc:09:93:d3:b0:b5:fc:e3:c8:7d:2e:f8:a7:f1:dd:29:9a:73:
         0e:88:60:fa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlE9ocksgX5fwQ+0z53JZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDgwZmM3ODcyMzg2OGI1YzI4OTBkMTE0NmFlZTQyMzM3ODNiYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m3M3FIIn8F8IAbbDpzLF9Vxfg7w
+ZUT3bDr+Exwupf95WP+r9C4Yw83RNHfX5j3sf+EHgjPqaEgJE8AKlN8j6Nstrbw
aJYbUoam1y61Kao7dTBlX4JOmIVlQgosg9j+k5AzVAnngM4fdHSj4NL10FWBiSpf
cQGg7K4nojahSKsuhq+fAKCygGlTa6UYTjo+C2/Puvq5OYd6amQ5f2etRmAPBlq3
saphkLjUC8fMjSc+8j8B0XZohXfqQ9IbM8VQHmGX5kXmGVyNsyfJEi2mK0Ou3Orz
qCBQFfNAD1EL4TKJFSdlRI5X3q3i/2Za9AQSJAs0Fm0gGt21IZpG0LH6XQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPSA/HhyOGi1wokNEUau5CM3g7sjMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvOUlEOGVISTRhTFhDaVEwUlJxN2tJemVEdXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdtADAN
BgkqhkiG9w0BAQsFAAOCAQEAlENtwnifTmt/iJVUH1UEZphWKSJOn+WSZds5OsK4
duvzgKRkfX8/u6AcH5sXSEpZqEr5bKzZoPxuSgbaUMOOAIdlH4mvNMcwyyiohJy0
WVSUTSRXHibgIUCAkes6b+gFH9yeRaHtJ3mKFxiEh353+35aKTgibrltQAHz394M
5N1qfSoxLqDXvXhCOvZ2kXfKdQsTLmo9y7Za/dSorr4wqSWgI9yIuYK/4j6nsRpl
IwvR7eV4BiImpak5z614BbNnjM5xdprxxvyKPe7UTSXer4bEJVHDsjgrt2SyVbrx
s1IGEmdVP8S6/52zzAmT07C1/OPIfS74p/HdKZpzDohg+g==
-----END CERTIFICATE-----