Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8HtaUXKP3hCLzm3gLGAc_nYZyBE.roa
File:                     8HtaUXKP3hCLzm3gLGAc_nYZyBE.roa (raw, json)
Hash identifier:          v9ax4HR+lub+h5/plzn6i8L9KNp6o+XatvcymKb18Vc=
Subject key identifier:   F0:7B:5A:51:72:8F:DE:10:8B:CE:6D:E0:2C:60:1C:FE:76:19:C8:11
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018F0C43006013A97641634291E27114D582
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8HtaUXKP3hCLzm3gLGAc_nYZyBE.roa
Signing time:             Tue 23 Apr 2024 18:41:08 +0000
ROA not before:           Tue 23 Apr 2024 18:41:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0d:b9c4::/32 maxlen: 32
                          2a12:1242::/32 maxlen: 32
                          2a12:1244::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:43:00:60:13:a9:76:41:63:42:91:e2:71:14:d5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Apr 23 18:41:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f07b5a51728fde108bce6de02c601cfe7619c811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:71:82:ed:71:e9:48:5a:cb:29:6b:8c:bf:3c:
                    1a:36:42:e2:de:1a:97:78:22:48:11:d6:82:b9:62:
                    fb:4c:eb:1d:6d:9e:d8:33:90:88:f9:93:71:cb:47:
                    33:c1:24:59:0d:62:27:33:91:88:c5:6c:43:72:f0:
                    96:6e:2e:8a:e7:89:06:a2:a2:cf:79:5a:70:49:05:
                    25:8d:5d:e1:28:94:e5:6f:84:29:73:3d:3a:ce:dc:
                    9a:8b:e4:79:2e:24:be:9e:93:50:f2:94:cb:a6:a0:
                    19:85:e6:c1:77:10:0c:92:a8:77:ab:d0:6b:53:27:
                    89:b8:93:98:c8:9b:78:b7:c2:5f:47:32:e0:eb:28:
                    82:6d:6e:2f:08:9f:d3:0b:fc:d0:f2:5d:61:90:fb:
                    2f:26:85:83:42:e9:c4:30:7e:7c:a1:8b:d6:4d:59:
                    4a:77:5b:92:64:f2:2f:82:11:5f:d5:1f:a0:0d:41:
                    b6:fb:e3:d0:2c:fb:72:4a:f6:af:61:fa:7f:88:c1:
                    19:e5:a0:40:c4:d7:03:44:cd:b1:d8:4d:70:ba:49:
                    ee:76:85:fd:1b:1e:6c:54:06:16:c4:5a:08:e6:32:
                    2a:af:82:75:a5:1d:92:99:11:bf:df:2c:f3:6a:05:
                    f8:41:f9:be:38:59:04:19:0b:e2:ca:bd:da:69:95:
                    61:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:7B:5A:51:72:8F:DE:10:8B:CE:6D:E0:2C:60:1C:FE:76:19:C8:11
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8HtaUXKP3hCLzm3gLGAc_nYZyBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c4::/32
                  2a12:1242::/32
                  2a12:1244::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:16:bb:78:b3:d0:01:59:da:3f:1b:58:e2:93:0b:98:b0:e0:
         fc:b1:98:fc:d6:8f:56:f7:8e:08:f0:9f:c0:bb:92:6b:6b:56:
         a7:84:ac:ab:cc:67:44:8f:11:3a:12:ec:ad:50:31:3a:99:bb:
         f2:7d:35:82:8e:3c:9c:09:cc:3a:0a:06:fb:3d:ab:42:1b:10:
         e2:80:ec:d4:88:5b:f3:6c:e6:10:15:13:c1:81:e4:a2:97:d8:
         af:fa:17:bb:2a:ba:04:5e:c8:0c:83:1d:f3:b9:b2:56:ca:16:
         25:8f:92:8b:c1:fd:92:6f:45:21:01:f6:6c:a9:18:01:fe:10:
         ac:01:40:ec:e3:f8:24:5a:db:9c:17:7c:18:37:53:37:89:93:
         85:4c:56:88:41:76:63:da:da:5c:1a:08:14:19:a8:e5:1f:11:
         14:1c:d8:18:dd:9f:62:b4:53:d1:51:fc:ea:86:19:74:c1:63:
         95:da:ac:2c:21:96:91:7a:7e:ff:d5:5e:06:78:82:f5:c8:88:
         45:73:99:ea:3f:ae:e5:8b:46:32:55:bc:32:0a:ed:66:91:f6:
         d9:d9:e9:df:54:a1:1d:2d:06:9f:8c:0d:b2:83:44:1b:29:17:
         c3:2e:81:06:1c:74:6f:20:8d:67:10:8b:89:b2:2e:b1:6f:58:
         34:4f:ac:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8MQwBgE6l2QWNCkeJxFNWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNDIzMTg0MTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDdiNWE1MTcyOGZkZTEwOGJjZTZkZTAyYzYwMWNmZTc2MTljODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnGC7XHpSFrLKWuMvzwaNkLi3hqX
eCJIEdaCuWL7TOsdbZ7YM5CI+ZNxy0czwSRZDWInM5GIxWxDcvCWbi6K54kGoqLP
eVpwSQUljV3hKJTlb4Qpcz06ztyai+R5LiS+npNQ8pTLpqAZhebBdxAMkqh3q9Br
UyeJuJOYyJt4t8JfRzLg6yiCbW4vCJ/TC/zQ8l1hkPsvJoWDQunEMH58oYvWTVlK
d1uSZPIvghFf1R+gDUG2++PQLPtySvavYfp/iMEZ5aBAxNcDRM2x2E1wuknudoX9
Gx5sVAYWxFoI5jIqr4J1pR2SmRG/3yzzagX4Qfm+OFkEGQviyr3aaZVh1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPB7WlFyj94Qi85t4CxgHP52GcgRMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvOEh0YVVYS1AzaENMem0zZ0xHQWNfbllaeUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg25xAMF
ACoSEkIDBQAqEhJEMA0GCSqGSIb3DQEBCwUAA4IBAQARFrt4s9ABWdo/G1jikwuY
sOD8sZj81o9W944I8J/Au5Jra1anhKyrzGdEjxE6EuytUDE6mbvyfTWCjjycCcw6
Cgb7PatCGxDigOzUiFvzbOYQFRPBgeSil9iv+he7KroEXsgMgx3zubJWyhYlj5KL
wf2Sb0UhAfZsqRgB/hCsAUDs4/gkWtucF3wYN1M3iZOFTFaIQXZj2tpcGggUGajl
HxEUHNgY3Z9itFPRUfzqhhl0wWOV2qwsIZaRen7/1V4GeIL1yIhFc5nqP67li0Yy
VbwyCu1mkfbZ2enfVKEdLQafjA2yg0QbKRfDLoEGHHRvII1nEIuJsi6xb1g0T6xk
-----END CERTIFICATE-----