Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/pOQrb0Bwg3Nx7e31xqVAerTaJ4o.roa
File:                     pOQrb0Bwg3Nx7e31xqVAerTaJ4o.roa (raw, json)
Hash identifier:          VlHmphUttuT2Cctk7KJit78buHKlflYVdOaqU/ur6rE=
Subject key identifier:   A4:E4:2B:6F:40:70:83:73:71:ED:ED:F5:C6:A5:40:7A:B4:DA:27:8A
Certificate issuer:       /CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
Certificate serial:       01928B7324C73ECEB15983B256D959CA3A2F
Authority key identifier: 87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/pOQrb0Bwg3Nx7e31xqVAerTaJ4o.roa
Signing time:             Mon 14 Oct 2024 14:33:52 +0000
ROA not before:           Mon 14 Oct 2024 14:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214044
IP address blocks:        2a03:7c03:1ead::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8b:73:24:c7:3e:ce:b1:59:83:b2:56:d9:59:ca:3a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
        Validity
            Not Before: Oct 14 14:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4e42b6f4070837371ededf5c6a5407ab4da278a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7c:12:01:df:84:b9:b1:49:2c:48:c4:61:5d:
                    7c:d2:16:5e:49:75:00:bd:ce:22:6d:69:35:82:21:
                    30:26:f4:f9:d3:bb:72:f3:39:0a:d5:bb:a5:d9:90:
                    2c:65:0d:c5:73:5e:f9:5a:9d:04:61:6d:3b:5b:0b:
                    35:b1:9c:0f:88:04:ef:03:7b:9b:37:75:cb:a2:96:
                    47:d0:6d:52:a1:06:df:53:17:5b:88:72:e3:5e:06:
                    a2:67:d1:fa:aa:58:49:a8:3d:70:e7:94:d7:9d:35:
                    67:f4:b5:0a:b7:cb:1a:15:19:ed:c2:da:8b:f3:ac:
                    bd:7d:65:47:6f:da:bf:e9:82:eb:dd:0e:d8:93:07:
                    eb:bd:2c:4e:8e:18:f8:86:57:4b:78:92:92:c0:a0:
                    51:93:cd:25:fd:97:09:b9:38:aa:74:0c:44:bc:ef:
                    98:b2:8e:35:8c:b2:58:23:f6:59:7e:f3:07:a9:61:
                    e7:6f:1c:f9:bb:2c:ac:ca:65:50:db:b9:ec:72:d2:
                    6c:e5:a4:2a:f9:82:fe:2e:67:34:aa:5b:1e:f5:0b:
                    ec:af:e3:bb:9a:e5:6b:62:ae:c5:fe:d1:cc:8b:19:
                    31:7f:70:dc:47:24:d0:fe:e4:08:4a:6b:1f:0e:42:
                    11:71:f5:17:be:62:30:bb:ee:5c:33:5a:65:62:d3:
                    d2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E4:2B:6F:40:70:83:73:71:ED:ED:F5:C6:A5:40:7A:B4:DA:27:8A
            X509v3 Authority Key Identifier:
                keyid:87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/pOQrb0Bwg3Nx7e31xqVAerTaJ4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:7c03:1ead::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:b9:be:3d:20:e4:c7:d7:d6:bb:64:83:9c:a6:05:3f:07:53:
         b1:8a:c0:33:b6:24:f1:b1:5f:ce:0c:3f:6f:53:bb:8c:b0:6c:
         76:85:13:a2:52:66:f8:7c:ad:2c:17:01:24:fe:b5:a1:4d:73:
         01:41:2a:c1:6e:cc:40:f5:fd:74:d1:82:e5:d1:03:34:4b:d8:
         34:39:d3:4b:78:f7:c7:e9:83:2c:17:63:ef:e9:ac:24:f9:7c:
         f3:4f:8e:6d:6d:19:da:46:dd:69:8a:30:48:37:76:1d:03:bf:
         d7:5a:39:be:17:9f:ec:08:3a:fc:25:a0:79:27:2f:d9:88:e0:
         d7:51:2c:ae:56:e3:a9:b4:14:98:4b:85:53:24:88:1c:fc:cd:
         1b:32:97:8e:52:a6:79:09:30:c6:31:58:d8:fd:40:c2:0b:41:
         75:21:65:ab:4f:e2:95:b5:45:74:36:2c:69:38:a6:9b:a1:78:
         23:61:6d:d5:23:b0:7b:4d:0b:80:35:7f:8a:6a:24:92:80:f1:
         82:cb:ac:28:57:e3:90:8e:ac:77:cb:2c:db:b5:82:a9:15:29:
         15:55:65:34:c7:4f:b1:6e:15:31:8a:5d:47:a3:a8:64:33:13:
         57:2b:e9:7c:3b:0e:85:58:28:2f:ac:0e:eb:a3:b6:c1:a3:b7:
         50:8c:2d:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZKLcyTHPs6xWYOyVtlZyjovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjQxYWUwNzc5ZTM3ZGVmYzY5YjJhNWIwZjdhYjhmZDQw
Y2QzZTcwHhcNMjQxMDE0MTQzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGU0MmI2ZjQwNzA4MzczNzFlZGVkZjVjNmE1NDA3YWI0ZGEyNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXwSAd+EubFJLEjEYV180hZeSXUA
vc4ibWk1giEwJvT507ty8zkK1bul2ZAsZQ3Fc175Wp0EYW07Wws1sZwPiATvA3ub
N3XLopZH0G1SoQbfUxdbiHLjXgaiZ9H6qlhJqD1w55TXnTVn9LUKt8saFRntwtqL
86y9fWVHb9q/6YLr3Q7YkwfrvSxOjhj4hldLeJKSwKBRk80l/ZcJuTiqdAxEvO+Y
so41jLJYI/ZZfvMHqWHnbxz5uyysymVQ27nsctJs5aQq+YL+Lmc0qlse9Qvsr+O7
muVrYq7F/tHMixkxf3DcRyTQ/uQISmsfDkIRcfUXvmIwu+5cM1plYtPSWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKTkK29AcINzce3t9calQHq02ieKMB8GA1UdIwQY
MBaAFIf0GuB3njfe/GmypbD3q4/UDNPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYt
YzQzYWIyYTEyZDU1LzEvcE9RcmIwQndnM054N2UzMXhxVkFlclRhSjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYtYzQzYWIyYTEyZDU1
LzEvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgN8Ax6t
MA0GCSqGSIb3DQEBCwUAA4IBAQChub49IOTH19a7ZIOcpgU/B1OxisAztiTxsV/O
DD9vU7uMsGx2hROiUmb4fK0sFwEk/rWhTXMBQSrBbsxA9f100YLl0QM0S9g0OdNL
ePfH6YMsF2Pv6awk+XzzT45tbRnaRt1pijBIN3YdA7/XWjm+F5/sCDr8JaB5Jy/Z
iODXUSyuVuOptBSYS4VTJIgc/M0bMpeOUqZ5CTDGMVjY/UDCC0F1IWWrT+KVtUV0
NixpOKaboXgjYW3VI7B7TQuANX+KaiSSgPGCy6woV+OQjqx3yyzbtYKpFSkVVWU0
x0+xbhUxil1Ho6hkMxNXK+l8Ow6FWCgvrA7ro7bBo7dQjC0L
-----END CERTIFICATE-----