Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/816b8a-eccc-4789-a1f3-3570d9bf5679/1/_PwnL42mvXObBBFL-j3TEgNh_d4.roa
File:                     _PwnL42mvXObBBFL-j3TEgNh_d4.roa (raw, json)
Hash identifier:          IQ+qKwHNsVY/O4YJS4/nsxnbQ7ZsM+7rrx8Mo/mFCTs=
Subject key identifier:   FC:FC:27:2F:8D:A6:BD:73:9B:04:11:4B:FA:3D:D3:12:03:61:FD:DE
Certificate issuer:       /CN=a23b71bfd751c0cf3f7143786fda4432e7ccec2c
Certificate serial:       019363EF30BE8B02B3249771AE7E1FDDB6C1
Authority key identifier: A2:3B:71:BF:D7:51:C0:CF:3F:71:43:78:6F:DA:44:32:E7:CC:EC:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ojtxv9dRwM8_cUN4b9pEMufM7Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/816b8a-eccc-4789-a1f3-3570d9bf5679/1/_PwnL42mvXObBBFL-j3TEgNh_d4.roa
Signing time:             Mon 25 Nov 2024 15:27:20 +0000
ROA not before:           Mon 25 Nov 2024 15:27:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213808
IP address blocks:        2a0a:8f80:4150::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/816b8a-eccc-4789-a1f3-3570d9bf5679/1/ojtxv9dRwM8_cUN4b9pEMufM7Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/816b8a-eccc-4789-a1f3-3570d9bf5679/1/ojtxv9dRwM8_cUN4b9pEMufM7Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ojtxv9dRwM8_cUN4b9pEMufM7Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:ef:30:be:8b:02:b3:24:97:71:ae:7e:1f:dd:b6:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a23b71bfd751c0cf3f7143786fda4432e7ccec2c
        Validity
            Not Before: Nov 25 15:27:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcfc272f8da6bd739b04114bfa3dd3120361fdde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ea:40:08:57:55:55:7c:b9:d2:8c:22:11:35:
                    ed:4e:70:60:40:57:43:09:75:a9:f2:96:a1:f1:43:
                    91:02:70:12:6b:42:79:ee:cd:14:82:2a:64:8b:f7:
                    a0:98:37:17:6e:d5:db:9e:8b:32:1f:d1:6e:9d:e3:
                    96:8f:f7:45:db:d1:02:34:a7:a6:0a:d2:15:b8:05:
                    47:39:f0:7c:3c:0d:bf:5f:23:19:11:9f:e3:32:bd:
                    f0:b6:af:32:b8:e8:ed:e3:bb:f6:44:10:20:48:e3:
                    87:a0:9c:19:fa:f6:5e:99:3b:0d:5d:ae:ca:3d:0a:
                    93:b3:da:af:87:47:6e:dc:05:d9:a4:c4:f6:71:e1:
                    ff:00:11:1a:2d:6f:bb:d2:ef:0b:92:a6:cf:c2:b1:
                    c6:57:02:e9:07:89:3d:8f:b5:97:84:b9:34:3f:af:
                    44:58:b0:99:5d:43:56:9b:4c:55:a3:d7:7d:9e:b8:
                    dd:2b:7e:72:f5:bb:a2:aa:21:5b:32:ac:0a:a6:76:
                    da:95:c3:58:ff:67:8a:16:54:1f:c0:e3:60:be:c4:
                    43:aa:44:ab:3a:7f:5e:0d:86:76:80:85:ab:b7:d3:
                    d6:a5:f6:9f:fd:a0:e1:ba:a3:5d:83:88:91:f0:ad:
                    20:11:c8:3d:4e:ad:ee:8a:91:ab:ed:fe:0c:ff:99:
                    52:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:FC:27:2F:8D:A6:BD:73:9B:04:11:4B:FA:3D:D3:12:03:61:FD:DE
            X509v3 Authority Key Identifier:
                keyid:A2:3B:71:BF:D7:51:C0:CF:3F:71:43:78:6F:DA:44:32:E7:CC:EC:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ojtxv9dRwM8_cUN4b9pEMufM7Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/816b8a-eccc-4789-a1f3-3570d9bf5679/1/_PwnL42mvXObBBFL-j3TEgNh_d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/816b8a-eccc-4789-a1f3-3570d9bf5679/1/ojtxv9dRwM8_cUN4b9pEMufM7Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:8f80:4150::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:69:e8:61:5d:c2:06:53:14:46:75:c5:05:10:67:a7:90:34:
         84:8d:b5:18:6e:66:32:a6:82:6b:72:88:1d:4e:9d:b0:e8:20:
         7c:82:19:1c:bb:64:e0:c4:a7:a7:24:ed:3f:b7:4d:cb:0a:14:
         b3:df:9b:a5:15:8a:5a:5c:e8:14:0a:e2:f3:6f:24:be:6d:be:
         d0:a9:cc:8d:ed:91:73:ec:59:55:69:e4:ec:3c:c4:cc:01:5f:
         5d:ab:40:7c:ad:c1:3d:25:fb:96:b1:86:bf:e5:b3:f3:70:7e:
         da:12:ce:89:65:2a:4a:96:11:4b:94:ee:99:80:01:c7:2d:33:
         3f:c7:7b:48:3e:ba:e7:9a:f5:a1:f7:98:b6:1f:3b:a5:a6:0b:
         a7:fd:22:25:66:45:ad:44:34:60:7e:0f:fe:7b:cd:46:31:a7:
         8c:77:cb:97:27:00:b4:75:6f:8d:86:b0:41:7c:28:e3:39:d9:
         e9:d5:d2:cb:25:1c:3b:9c:22:97:1a:37:5c:0b:e1:e4:9d:60:
         a5:aa:62:c5:49:ff:e9:1a:3d:d3:ec:c0:24:19:ee:ff:ed:c8:
         df:e7:9c:77:30:cf:4b:50:e5:21:ed:9e:74:a9:65:e5:5f:b4:
         95:d0:d5:34:8c:1e:b3:3c:90:34:7e:b9:7a:5c:ff:bf:29:f4:
         ff:df:31:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNj7zC+iwKzJJdxrn4f3bbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyM2I3MWJmZDc1MWMwY2YzZjcxNDM3ODZmZGE0NDMyZTdj
Y2VjMmMwHhcNMjQxMTI1MTUyNzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2ZjMjcyZjhkYTZiZDczOWIwNDExNGJmYTNkZDMxMjAzNjFmZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5epACFdVVXy50owiETXtTnBgQFdD
CXWp8pah8UORAnASa0J57s0Ugipki/egmDcXbtXbnosyH9FuneOWj/dF29ECNKem
CtIVuAVHOfB8PA2/XyMZEZ/jMr3wtq8yuOjt47v2RBAgSOOHoJwZ+vZemTsNXa7K
PQqTs9qvh0du3AXZpMT2ceH/ABEaLW+70u8LkqbPwrHGVwLpB4k9j7WXhLk0P69E
WLCZXUNWm0xVo9d9nrjdK35y9buiqiFbMqwKpnbalcNY/2eKFlQfwONgvsRDqkSr
On9eDYZ2gIWrt9PWpfaf/aDhuqNdg4iR8K0gEcg9Tq3uipGr7f4M/5lSEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPz8Jy+Npr1zmwQRS/o90xIDYf3eMB8GA1UdIwQY
MBaAFKI7cb/XUcDPP3FDeG/aRDLnzOwsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2p0eHY5ZFJ3TThfY1VONGI5cEVNdWZNN0N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84MTZiOGEtZWNjYy00Nzg5LWExZjMt
MzU3MGQ5YmY1Njc5LzEvX1B3bkw0Mm12WE9iQkJGTC1qM1RFZ05oX2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84MTZiOGEtZWNjYy00Nzg5LWExZjMtMzU3MGQ5YmY1Njc5
LzEvb2p0eHY5ZFJ3TThfY1VONGI5cEVNdWZNN0N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgqPgEFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQApaehhXcIGUxRGdcUFEGenkDSEjbUYbmYypoJr
cogdTp2w6CB8ghkcu2TgxKenJO0/t03LChSz35ulFYpaXOgUCuLzbyS+bb7QqcyN
7ZFz7FlVaeTsPMTMAV9dq0B8rcE9JfuWsYa/5bPzcH7aEs6JZSpKlhFLlO6ZgAHH
LTM/x3tIPrrnmvWh95i2Hzulpgun/SIlZkWtRDRgfg/+e81GMaeMd8uXJwC0dW+N
hrBBfCjjOdnp1dLLJRw7nCKXGjdcC+HknWClqmLFSf/pGj3T7MAkGe7/7cjf55x3
MM9LUOUh7Z50qWXlX7SV0NU0jB6zPJA0frl6XP+/KfT/3zGj
-----END CERTIFICATE-----