Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/r2g7Y0vtwZhcFvtN8k7CspvIbUc.roa
File:                     r2g7Y0vtwZhcFvtN8k7CspvIbUc.roa (raw, json)
Hash identifier:          OfeeXKQnXOWZMeH3IdJv3ORxqvsPMPNF33dzPOaOH+Q=
Subject key identifier:   AF:68:3B:63:4B:ED:C1:98:5C:16:FB:4D:F2:4E:C2:B2:9B:C8:6D:47
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE812D9B2FF2E8732E2F6339D588F4
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/r2g7Y0vtwZhcFvtN8k7CspvIbUc.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        2a07:2902:400::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:81:2d:9b:2f:f2:e8:73:2e:2f:63:39:d5:88:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af683b634bedc1985c16fb4df24ec2b29bc86d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ee:49:52:b7:4d:05:d4:6e:bf:c6:63:87:92:
                    0d:79:43:21:c7:b8:98:c5:17:2b:4d:b0:fb:f8:b9:
                    2c:a1:9a:ed:0b:ec:6e:78:0a:bd:2f:58:28:c1:df:
                    f9:a8:5b:8c:60:a5:d7:1a:b0:45:75:27:27:f5:40:
                    8e:69:1b:52:89:48:fb:55:36:4c:e5:e7:22:01:ff:
                    e8:fc:87:c9:40:f5:50:37:a9:4c:6b:5c:d8:e0:0b:
                    90:8e:40:bd:d7:81:23:62:26:2d:e5:a2:01:d3:15:
                    92:fc:0c:28:59:eb:4e:27:5e:3a:b4:98:a3:d5:18:
                    e6:cf:15:05:5e:06:37:5d:62:df:54:7c:02:8b:23:
                    a1:96:a1:79:84:6b:67:e1:78:63:ce:69:86:c2:09:
                    9f:c1:fc:e2:79:1a:e3:ef:15:7c:36:cf:aa:4e:e6:
                    d3:1d:cb:94:e8:72:7b:a8:24:4a:3c:45:e1:32:70:
                    7e:48:be:d8:fb:f3:77:c9:f2:f4:6d:2a:ab:bc:a3:
                    3b:de:40:7e:42:14:1e:21:0c:83:db:d6:0e:c0:ca:
                    74:28:26:35:6e:d4:43:8a:0c:19:81:08:51:22:f3:
                    1e:18:c4:68:5b:57:a1:28:17:55:60:48:15:07:e3:
                    e0:cb:49:30:11:0b:9f:ed:b8:03:07:39:2f:0a:bb:
                    15:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:68:3B:63:4B:ED:C1:98:5C:16:FB:4D:F2:4E:C2:B2:9B:C8:6D:47
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/r2g7Y0vtwZhcFvtN8k7CspvIbUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2902:400::/38

    Signature Algorithm: sha256WithRSAEncryption
         64:01:82:63:ce:f6:51:64:ee:25:4a:96:43:9f:c9:16:f8:67:
         aa:87:50:05:52:da:cc:f7:82:b3:a4:a3:07:25:42:fe:b2:23:
         15:66:c2:40:5a:8a:7a:88:f6:c9:e2:9b:66:02:e6:10:16:9e:
         7f:d3:8f:f7:ad:52:75:c9:db:b4:41:71:11:54:d6:30:32:b5:
         79:f4:7b:d7:2a:aa:9b:e0:9b:94:20:5d:7b:5d:88:20:60:03:
         b6:06:d1:95:bc:75:4a:3e:6c:66:bf:62:e8:81:e5:54:aa:c9:
         3e:35:f8:67:19:56:f2:b0:b8:a5:5f:3d:1b:ca:b7:45:b9:56:
         bd:96:e1:62:a6:a9:e9:37:98:97:2c:2f:37:24:63:ef:56:c7:
         8c:7d:a9:bf:cf:57:4a:08:24:ad:c1:3e:bb:1e:1d:40:e6:6c:
         68:d0:2d:cf:cf:d9:ac:64:17:24:c9:14:58:b6:bd:ff:d5:63:
         4a:a2:25:a2:f2:dd:bb:96:7b:22:ce:a6:9f:1a:0d:0f:b5:14:
         79:62:8c:ac:93:2f:48:92:f6:9c:cb:46:28:e8:63:4b:91:f7:
         4e:ec:e9:71:b7:00:34:38:68:c9:e0:3a:28:b1:07:82:8d:9d:
         00:88:a5:bf:cf:7d:b9:2b:da:0c:47:db:80:8b:4a:14:ee:e0:
         11:23:30:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3oEtmy/y6HMuL2M51Yj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY4M2I2MzRiZWRjMTk4NWMxNmZiNGRmMjRlYzJiMjliYzg2ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+5JUrdNBdRuv8Zjh5INeUMhx7iY
xRcrTbD7+LksoZrtC+xueAq9L1gowd/5qFuMYKXXGrBFdScn9UCOaRtSiUj7VTZM
5eciAf/o/IfJQPVQN6lMa1zY4AuQjkC914EjYiYt5aIB0xWS/AwoWetOJ146tJij
1RjmzxUFXgY3XWLfVHwCiyOhlqF5hGtn4XhjzmmGwgmfwfzieRrj7xV8Ns+qTubT
HcuU6HJ7qCRKPEXhMnB+SL7Y+/N3yfL0bSqrvKM73kB+QhQeIQyD29YOwMp0KCY1
btRDigwZgQhRIvMeGMRoW1ehKBdVYEgVB+Pgy0kwEQuf7bgDBzkvCrsVfwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK9oO2NL7cGYXBb7TfJOwrKbyG1HMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvcjJnN1kwdnR3WmhjRnZ0TjhrN0NzcHZJYlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgcpAgQw
DQYJKoZIhvcNAQELBQADggEBAGQBgmPO9lFk7iVKlkOfyRb4Z6qHUAVS2sz3grOk
owclQv6yIxVmwkBainqI9snim2YC5hAWnn/Tj/etUnXJ27RBcRFU1jAytXn0e9cq
qpvgm5QgXXtdiCBgA7YG0ZW8dUo+bGa/YuiB5VSqyT41+GcZVvKwuKVfPRvKt0W5
Vr2W4WKmqek3mJcsLzckY+9Wx4x9qb/PV0oIJK3BPrseHUDmbGjQLc/P2axkFyTJ
FFi2vf/VY0qiJaLy3buWeyLOpp8aDQ+1FHlijKyTL0iS9pzLRijoY0uR907s6XG3
ADQ4aMngOiixB4KNnQCIpb/Pfbkr2gxH24CLShTu4BEjMAs=
-----END CERTIFICATE-----