Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/7L4mMqiYhQU6pLbLhn0KrTdvC74.roa
File:                     7L4mMqiYhQU6pLbLhn0KrTdvC74.roa (raw, json)
Hash identifier:          qwvLUbgBeAIVgbuUuSXd5FWMk9XTHKVex/PpWw7Zktc=
Subject key identifier:   EC:BE:26:32:A8:98:85:05:3A:A4:B6:CB:86:7D:0A:AD:37:6F:0B:BE
Certificate issuer:       /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial:       018CC348CFDD6C404AA02C91DB42A4B66F41
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/7L4mMqiYhQU6pLbLhn0KrTdvC74.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41151
IP address blocks:        2a01:4700::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cf:dd:6c:40:4a:a0:2c:91:db:42:a4:b6:6f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecbe2632a89885053aa4b6cb867d0aad376f0bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8e:9f:f3:c4:18:b8:4a:66:07:2c:18:6c:04:
                    a9:bd:f8:3a:e6:cd:74:bf:d0:df:1d:be:2c:f2:5f:
                    8a:53:2b:c3:32:cb:e6:aa:b2:d6:68:8f:b4:bc:80:
                    d1:71:72:d2:c1:d5:ee:91:f7:f0:21:d2:94:46:e6:
                    ba:25:58:c1:30:5a:d6:71:cb:ab:f5:1f:72:73:d0:
                    47:79:86:33:74:9a:7a:24:00:1b:6a:23:84:a9:31:
                    f0:6f:07:a7:32:d9:04:58:9a:a5:93:6c:1e:b2:eb:
                    0c:c3:26:50:68:63:e8:78:8f:7a:23:b0:2d:94:c1:
                    90:af:06:67:11:bb:fa:da:aa:c8:60:bf:4c:14:4a:
                    23:b9:5d:cd:7d:de:54:66:a0:f4:d2:e0:d2:32:2c:
                    a1:09:1a:f9:bd:49:97:cc:91:97:4e:4c:7b:92:a1:
                    3c:45:66:36:3c:9e:57:88:5f:4c:92:ca:8c:ab:4d:
                    91:21:8d:0d:93:a2:ff:49:ac:40:60:77:8a:e0:9c:
                    c6:22:41:ff:d9:8d:cb:bb:e3:e7:de:74:f0:1a:00:
                    87:9d:9d:57:d8:74:0a:02:d2:44:a7:8d:96:40:60:
                    86:8f:81:37:3e:2a:55:4f:ee:af:27:e9:21:2e:21:
                    5b:ac:63:7b:83:ad:01:61:40:ef:a2:3d:5f:b7:0e:
                    50:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:BE:26:32:A8:98:85:05:3A:A4:B6:CB:86:7D:0A:AD:37:6F:0B:BE
            X509v3 Authority Key Identifier:
                keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/7L4mMqiYhQU6pLbLhn0KrTdvC74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:4700::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:b0:3c:ad:e4:2b:99:c1:91:e4:4f:22:81:99:28:70:f8:2f:
         66:e1:24:87:b5:ed:e9:a6:fe:fa:15:ce:e9:bd:a7:64:20:e2:
         02:a9:2c:df:6b:85:3f:9f:1d:46:25:12:98:90:78:44:93:c3:
         bb:9c:0d:3b:aa:20:d8:89:c4:2b:6d:13:f2:a0:96:e0:0b:d9:
         19:eb:23:54:5c:1c:1d:e7:54:8c:8e:27:16:3f:b3:2f:e1:98:
         14:3c:05:fd:eb:e5:83:53:5a:8b:56:40:e3:de:4f:91:a6:5c:
         3a:e4:fc:6c:2e:ee:e1:5d:2a:b4:7b:f0:e4:ee:e8:3e:18:01:
         02:73:d6:98:c2:f6:3e:33:d2:43:84:85:4d:0f:17:a3:5b:b7:
         a0:7f:66:9e:0b:f5:19:83:0a:e4:9e:9a:3f:cc:23:67:16:f9:
         6f:20:7c:bf:78:b9:9a:5b:fc:88:f7:e1:1f:e7:1f:39:bb:72:
         f8:d1:f7:4b:e5:a8:86:9a:40:37:10:3b:5c:01:49:09:09:ff:
         46:5e:7e:3d:d9:c4:ad:78:de:48:1d:cb:fc:9e:c2:62:7b:59:
         90:56:df:eb:b9:f3:63:a4:09:d9:4a:e5:c1:c6:5b:8c:63:ef:
         e6:1a:c3:d5:9d:2c:ca:5d:2b:39:d8:a5:9c:7f:f6:54:44:e1:
         28:5f:e6:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSM/dbEBKoCyR20Kktm9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2JlMjYzMmE4OTg4NTA1M2FhNGI2Y2I4NjdkMGFhZDM3NmYwYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkY6f88QYuEpmBywYbASpvfg65s10
v9DfHb4s8l+KUyvDMsvmqrLWaI+0vIDRcXLSwdXukffwIdKURua6JVjBMFrWccur
9R9yc9BHeYYzdJp6JAAbaiOEqTHwbwenMtkEWJqlk2wesusMwyZQaGPoeI96I7At
lMGQrwZnEbv62qrIYL9MFEojuV3Nfd5UZqD00uDSMiyhCRr5vUmXzJGXTkx7kqE8
RWY2PJ5XiF9MksqMq02RIY0Nk6L/SaxAYHeK4JzGIkH/2Y3Lu+Pn3nTwGgCHnZ1X
2HQKAtJEp42WQGCGj4E3PipVT+6vJ+khLiFbrGN7g60BYUDvoj1ftw5QTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOy+JjKomIUFOqS2y4Z9Cq03bwu+MB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEvN0w0bU1xaVloUVU2cExiTGhuMEtyVGR2Qzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFHAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBBsDyt5CuZwZHkTyKBmShw+C9m4SSHte3ppv76
Fc7pvadkIOICqSzfa4U/nx1GJRKYkHhEk8O7nA07qiDYicQrbRPyoJbgC9kZ6yNU
XBwd51SMjicWP7Mv4ZgUPAX96+WDU1qLVkDj3k+Rplw65PxsLu7hXSq0e/Dk7ug+
GAECc9aYwvY+M9JDhIVNDxejW7egf2aeC/UZgwrknpo/zCNnFvlvIHy/eLmaW/yI
9+Ef5x85u3L40fdL5aiGmkA3EDtcAUkJCf9GXn492cSteN5IHcv8nsJie1mQVt/r
ufNjpAnZSuXBxluMY+/mGsPVnSzKXSs52KWcf/ZUROEoX+au
-----END CERTIFICATE-----