Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/EnxHUxRIsj5SNQ8NVkRYD9ihPWU.roa
File:                     EnxHUxRIsj5SNQ8NVkRYD9ihPWU.roa (raw, json)
Hash identifier:          9vm1/uzJqIhTIeY70nCD81VFlBqhKcV5DYSzeKOc3BE=
Subject key identifier:   12:7C:47:53:14:48:B2:3E:52:35:0F:0D:56:44:58:0F:D8:A1:3D:65
Certificate issuer:       /CN=b64074aa8449830da9b20b3afb0682d3c032f9fe
Certificate serial:       018CC7957EC182154EB95E3C9C35D907D660
Authority key identifier: B6:40:74:AA:84:49:83:0D:A9:B2:0B:3A:FB:06:82:D3:C0:32:F9:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/EnxHUxRIsj5SNQ8NVkRYD9ihPWU.roa
Signing time:             Tue 02 Jan 2024 00:31:52 +0000
ROA not before:           Tue 02 Jan 2024 00:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209454
IP address blocks:        2a03:4bc0:3150::/48 maxlen: 48
                          2a03:4bc0:3151::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/tkB0qoRJgw2psgs6-waC08Ay-f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/tkB0qoRJgw2psgs6-waC08Ay-f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7e:c1:82:15:4e:b9:5e:3c:9c:35:d9:07:d6:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b64074aa8449830da9b20b3afb0682d3c032f9fe
        Validity
            Not Before: Jan  2 00:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=127c47531448b23e52350f0d5644580fd8a13d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bb:1c:a3:9f:94:73:0e:73:0f:fa:8d:41:b3:
                    3e:ba:fb:78:d8:74:d2:6f:ad:ef:17:54:e9:53:1d:
                    82:8f:57:60:33:77:48:40:7d:33:3c:d8:dc:4f:3e:
                    9c:1d:5f:02:fe:d2:8f:50:c4:a0:c8:21:f5:15:12:
                    e4:72:3d:93:73:c8:29:9a:2c:74:71:6a:1a:a1:6f:
                    cf:c4:13:41:dd:ee:dc:a6:67:62:9d:33:e5:09:57:
                    a7:e0:58:b6:37:e0:65:66:48:39:67:ff:11:c9:6b:
                    ec:75:20:7c:09:f1:ef:99:26:d9:e0:2a:27:7e:d9:
                    b4:c8:55:c1:a4:d1:74:5b:1e:01:d5:44:b6:e0:fd:
                    94:b8:e4:16:71:6a:16:fd:7c:4e:70:27:fc:f8:7d:
                    da:be:70:90:f5:97:0e:8e:6a:ff:28:08:03:00:d8:
                    3c:43:68:72:a9:60:f3:11:e8:ab:e6:6f:74:69:57:
                    5b:2c:b6:40:a6:41:b9:6a:2f:85:0b:9b:d9:75:56:
                    15:e1:c1:7e:6b:71:65:53:ff:c2:9a:9e:53:7d:98:
                    6d:41:00:cb:01:01:7b:6c:29:3c:d7:c8:95:68:7d:
                    5e:6a:a3:af:9a:7e:ee:73:5b:c2:a7:9e:57:1a:0d:
                    bc:0b:3b:3c:31:82:b7:32:1e:a4:7e:1a:41:e2:96:
                    40:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:7C:47:53:14:48:B2:3E:52:35:0F:0D:56:44:58:0F:D8:A1:3D:65
            X509v3 Authority Key Identifier:
                keyid:B6:40:74:AA:84:49:83:0D:A9:B2:0B:3A:FB:06:82:D3:C0:32:F9:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tkB0qoRJgw2psgs6-waC08Ay-f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/EnxHUxRIsj5SNQ8NVkRYD9ihPWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fc7c82-3159-4d54-a0a1-35171aedd313/1/tkB0qoRJgw2psgs6-waC08Ay-f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:4bc0:3150::/47

    Signature Algorithm: sha256WithRSAEncryption
         18:8a:3b:7b:41:77:e7:c3:af:d3:81:fa:fb:4c:a5:69:30:c0:
         23:9a:e7:43:92:95:9a:49:1b:0b:b6:ab:40:ed:2c:48:7c:92:
         14:4e:bd:1a:64:8b:75:c7:37:13:0c:74:d2:98:6c:0d:7f:ce:
         9a:1d:f2:cd:17:ab:46:cf:42:f3:be:9e:a4:35:c4:53:5e:bd:
         89:a7:6b:41:8e:36:f6:ca:dd:c2:44:28:ee:6b:86:ae:d0:3b:
         27:7c:61:42:9d:40:a5:41:ea:39:bb:12:9c:7b:1c:d6:1d:72:
         5d:d7:c6:e6:79:52:0e:c0:d8:26:a8:88:0e:81:e8:5b:82:51:
         c4:5e:7a:40:c9:7a:f9:63:7a:92:df:8d:ec:39:a0:a4:56:34:
         ca:08:98:b4:69:0f:ff:36:cf:12:30:e1:88:05:68:5d:87:4c:
         e2:3d:23:2a:36:64:ed:c3:29:d3:d8:9d:ab:16:af:f5:81:97:
         be:1c:7e:ad:5c:32:2c:ca:c2:7a:f9:fc:e1:1b:fe:70:93:b8:
         d5:9e:6c:14:e4:a3:58:fe:4d:b4:1d:3a:76:04:20:29:50:98:
         6f:be:58:74:53:f2:8c:0f:9c:b6:ef:45:73:9a:4f:29:ab:ce:
         f4:b7:86:ad:b5:64:4e:49:fb:f2:7d:59:37:45:f4:69:a1:5a:
         04:28:fa:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlX7BghVOuV48nDXZB9ZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NDA3NGFhODQ0OTgzMGRhOWIyMGIzYWZiMDY4MmQzYzAz
MmY5ZmUwHhcNMjQwMTAyMDAzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjdjNDc1MzE0NDhiMjNlNTIzNTBmMGQ1NjQ0NTgwZmQ4YTEzZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrsco5+Ucw5zD/qNQbM+uvt42HTS
b63vF1TpUx2Cj1dgM3dIQH0zPNjcTz6cHV8C/tKPUMSgyCH1FRLkcj2Tc8gpmix0
cWoaoW/PxBNB3e7cpmdinTPlCVen4Fi2N+BlZkg5Z/8RyWvsdSB8CfHvmSbZ4Con
ftm0yFXBpNF0Wx4B1US24P2UuOQWcWoW/XxOcCf8+H3avnCQ9ZcOjmr/KAgDANg8
Q2hyqWDzEeir5m90aVdbLLZApkG5ai+FC5vZdVYV4cF+a3FlU//Cmp5TfZhtQQDL
AQF7bCk818iVaH1eaqOvmn7uc1vCp55XGg28Czs8MYK3Mh6kfhpB4pZAtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBJ8R1MUSLI+UjUPDVZEWA/YoT1lMB8GA1UdIwQY
MBaAFLZAdKqESYMNqbILOvsGgtPAMvn+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGtCMHFvUkpndzJwc2dzNi13YUMwOEF5LWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9mYzdjODItMzE1OS00ZDU0LWEwYTEt
MzUxNzFhZWRkMzEzLzEvRW54SFV4UklzajVTTlE4TlZrUllEOWloUFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9mYzdjODItMzE1OS00ZDU0LWEwYTEtMzUxNzFhZWRkMzEz
LzEvdGtCMHFvUkpndzJwc2dzNi13YUMwOEF5LWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgNLwDFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAYijt7QXfnw6/Tgfr7TKVpMMAjmudDkpWaSRsL
tqtA7SxIfJIUTr0aZIt1xzcTDHTSmGwNf86aHfLNF6tGz0Lzvp6kNcRTXr2Jp2tB
jjb2yt3CRCjua4au0DsnfGFCnUClQeo5uxKcexzWHXJd18bmeVIOwNgmqIgOgehb
glHEXnpAyXr5Y3qS343sOaCkVjTKCJi0aQ//Ns8SMOGIBWhdh0ziPSMqNmTtwynT
2J2rFq/1gZe+HH6tXDIsysJ6+fzhG/5wk7jVnmwU5KNY/k20HTp2BCApUJhvvlh0
U/KMD5y270Vzmk8pq870t4attWROSfvyfVk3RfRpoVoEKPrb
-----END CERTIFICATE-----