Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/j64QwuCt5luz6LXLGFyE-K8wu5E.roa
File:                     j64QwuCt5luz6LXLGFyE-K8wu5E.roa (raw, json)
Hash identifier:          Jb2syeDgTdHqr2LWCWhHEv96wK8+UWQ95AdMLa/NqQw=
Subject key identifier:   8F:AE:10:C2:E0:AD:E6:5B:B3:E8:B5:CB:18:5C:84:F8:AF:30:BB:91
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE81A1AEB9278C7C3E511F37E2DE73
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/j64QwuCt5luz6LXLGFyE-K8wu5E.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21449
IP address blocks:        2a07:2911::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:81:a1:ae:b9:27:8c:7c:3e:51:1f:37:e2:de:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fae10c2e0ade65bb3e8b5cb185c84f8af30bb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d7:d5:98:6a:5b:59:80:7f:37:ef:4b:52:b4:
                    d6:3e:23:e2:f0:5e:c2:f2:a4:8b:e6:07:04:ed:f3:
                    f2:25:85:70:e4:68:9d:16:92:38:6c:bf:a2:47:ff:
                    e3:d2:0f:71:5d:e7:dd:15:76:f8:de:26:5a:38:90:
                    4e:89:de:e7:73:0a:58:b3:72:67:61:81:f2:ae:2d:
                    1c:27:79:fa:17:b5:c8:de:97:61:69:71:82:74:e8:
                    b9:c0:09:ff:d6:fa:14:0f:a2:fe:06:a9:f6:23:b5:
                    a1:f3:ad:de:7f:99:11:bb:c1:e8:76:49:78:b8:84:
                    24:82:29:3b:79:43:88:18:08:eb:0d:a3:04:90:f5:
                    3b:d4:11:24:7c:53:d0:f8:78:45:e8:eb:a2:01:ab:
                    c0:eb:dd:c0:72:27:63:14:4b:12:09:72:68:43:c8:
                    7f:ed:3f:c9:c8:73:2a:df:54:7b:7e:5b:f1:b5:dc:
                    21:80:0d:50:6b:dc:72:f0:32:c4:43:79:a9:52:ea:
                    8c:07:9d:4e:06:00:91:5e:f0:06:33:5f:2f:c6:87:
                    10:bc:43:bf:92:8a:fd:79:8f:a9:ae:14:8e:44:03:
                    c3:ee:aa:97:49:8a:da:ec:67:17:37:74:58:ce:15:
                    61:79:36:82:bc:a0:92:52:f8:c4:1f:47:90:6b:2f:
                    dc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AE:10:C2:E0:AD:E6:5B:B3:E8:B5:CB:18:5C:84:F8:AF:30:BB:91
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/j64QwuCt5luz6LXLGFyE-K8wu5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2911::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:12:77:15:04:e9:41:54:fd:1c:ee:77:42:a8:7f:bf:f7:ca:
         f6:6f:5c:1e:d4:4c:46:a5:7b:b6:d1:36:cc:26:67:ec:74:dd:
         94:70:f5:40:7a:28:9f:7b:cf:5f:be:c1:7c:54:60:0a:ec:cd:
         a8:31:05:2f:86:76:f3:0a:d6:22:e3:98:5d:1a:41:82:e4:88:
         47:a8:ba:8e:95:d4:f8:20:c0:99:22:2b:40:ba:05:1c:fd:7d:
         ac:d6:42:3d:4f:24:8b:bf:b9:ff:b1:5d:14:5a:f4:4d:f0:71:
         ca:5f:25:36:66:72:a3:27:b0:51:dc:03:91:cc:ea:34:95:c0:
         af:7d:61:9c:5f:58:0a:85:ba:6a:21:4d:ad:d5:87:cb:fe:4d:
         67:f9:45:0e:fa:91:f9:d4:f2:4e:e2:d5:ce:7c:6b:9e:3f:a6:
         33:56:8c:e6:ad:91:dd:21:c2:bd:f5:d6:0b:8d:a0:53:e8:64:
         e0:b3:54:9f:87:ef:a2:18:d7:22:c4:b2:04:54:61:7b:60:40:
         63:10:63:3d:33:27:4a:59:43:be:3d:af:6a:fa:32:77:0d:84:
         34:ed:30:3a:b1:d5:98:20:3d:ed:c7:cf:17:d3:54:d1:e5:dc:
         f6:57:30:b9:25:99:f8:c2:24:57:c9:48:db:c6:f4:a5:bc:b8:
         77:aa:2a:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3oGhrrknjHw+UR834t5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFlMTBjMmUwYWRlNjViYjNlOGI1Y2IxODVjODRmOGFmMzBiYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNfVmGpbWYB/N+9LUrTWPiPi8F7C
8qSL5gcE7fPyJYVw5GidFpI4bL+iR//j0g9xXefdFXb43iZaOJBOid7ncwpYs3Jn
YYHyri0cJ3n6F7XI3pdhaXGCdOi5wAn/1voUD6L+Bqn2I7Wh863ef5kRu8Hodkl4
uIQkgik7eUOIGAjrDaMEkPU71BEkfFPQ+HhF6OuiAavA693AcidjFEsSCXJoQ8h/
7T/JyHMq31R7flvxtdwhgA1Qa9xy8DLEQ3mpUuqMB51OBgCRXvAGM18vxocQvEO/
kor9eY+prhSORAPD7qqXSYra7GcXN3RYzhVheTaCvKCSUvjEH0eQay/ciwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI+uEMLgreZbs+i1yxhchPivMLuRMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvajY0UXd1Q3Q1bHV6NkxYTEdGeUUtSzh3dTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpETAN
BgkqhkiG9w0BAQsFAAOCAQEAfhJ3FQTpQVT9HO53Qqh/v/fK9m9cHtRMRqV7ttE2
zCZn7HTdlHD1QHoon3vPX77BfFRgCuzNqDEFL4Z28wrWIuOYXRpBguSIR6i6jpXU
+CDAmSIrQLoFHP19rNZCPU8ki7+5/7FdFFr0TfBxyl8lNmZyoyewUdwDkczqNJXA
r31hnF9YCoW6aiFNrdWHy/5NZ/lFDvqR+dTyTuLVznxrnj+mM1aM5q2R3SHCvfXW
C42gU+hk4LNUn4fvohjXIsSyBFRhe2BAYxBjPTMnSllDvj2vavoydw2ENO0wOrHV
mCA97cfPF9NU0eXc9lcwuSWZ+MIkV8lI28b0pby4d6oqaA==
-----END CERTIFICATE-----