Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/0bjkB56bRNZIe1689Hj7PKCcMks.roa
File:                     0bjkB56bRNZIe1689Hj7PKCcMks.roa (raw, json)
Hash identifier:          hFllnar4z94h4KughcisohAGUtegSKMcc44PAdyYD7E=
Subject key identifier:   D1:B8:E4:07:9E:9B:44:D6:48:7B:5E:BC:F4:78:FB:3C:A0:9C:32:4B
Certificate issuer:       /CN=7580d16569bb24a328e27b47f7d751659725defb
Certificate serial:       018CC56DE2E93E688F2C069E9898E6F9777D
Authority key identifier: 75:80:D1:65:69:BB:24:A3:28:E2:7B:47:F7:D7:51:65:97:25:DE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dYDRZWm7JKMo4ntH99dRZZcl3vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/0bjkB56bRNZIe1689Hj7PKCcMks.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        2a03:3a40:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/dYDRZWm7JKMo4ntH99dRZZcl3vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/dYDRZWm7JKMo4ntH99dRZZcl3vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dYDRZWm7JKMo4ntH99dRZZcl3vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e2:e9:3e:68:8f:2c:06:9e:98:98:e6:f9:77:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7580d16569bb24a328e27b47f7d751659725defb
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1b8e4079e9b44d6487b5ebcf478fb3ca09c324b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f2:d6:ce:8c:2d:3c:3c:7f:15:26:1b:f8:7d:
                    f7:be:c3:93:6b:fa:ab:f3:83:e8:08:e6:e2:c9:24:
                    6e:07:09:a9:e0:48:ca:3f:77:cd:79:e1:6e:7c:41:
                    4b:14:e1:95:27:19:81:bc:9d:1f:ba:65:f6:fa:f4:
                    3c:71:9e:d6:a7:a7:a5:ef:c9:cf:14:c9:b3:41:34:
                    c1:0f:4d:e5:69:2c:48:55:91:67:56:d8:11:74:30:
                    44:ee:97:7f:a7:f6:55:78:97:df:67:17:f8:0a:2e:
                    21:66:5e:74:bc:0b:77:62:19:c0:ef:b5:c5:45:c0:
                    57:21:d6:c4:6c:d5:ba:1f:b0:1a:59:6f:3b:d3:e3:
                    df:53:e2:da:c4:87:51:92:c8:de:95:9a:bc:ad:4c:
                    d1:56:5d:08:70:ff:08:61:07:a5:90:e6:29:cc:db:
                    ea:df:52:58:74:46:0d:7e:a5:39:85:52:d5:3e:39:
                    32:f6:4c:0d:8e:de:14:90:8b:09:ea:16:b8:b8:6b:
                    fc:b4:88:31:6c:82:9c:9f:f8:5a:a1:3a:2b:54:da:
                    cd:c0:72:0e:d6:d3:89:42:a6:2b:15:57:a1:17:4e:
                    63:24:42:35:fc:63:40:e1:8c:da:db:4a:68:03:fa:
                    b5:56:a0:b3:ff:b9:a1:31:09:35:3e:09:98:69:70:
                    90:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B8:E4:07:9E:9B:44:D6:48:7B:5E:BC:F4:78:FB:3C:A0:9C:32:4B
            X509v3 Authority Key Identifier:
                keyid:75:80:D1:65:69:BB:24:A3:28:E2:7B:47:F7:D7:51:65:97:25:DE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dYDRZWm7JKMo4ntH99dRZZcl3vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/0bjkB56bRNZIe1689Hj7PKCcMks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/dYDRZWm7JKMo4ntH99dRZZcl3vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:3a40:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:7b:f1:9b:e6:8c:1e:8e:f4:03:ed:d8:02:4a:54:e3:0a:9a:
         61:1c:97:23:1c:14:9a:18:73:98:db:c5:08:bb:0e:f3:6f:cd:
         d3:a3:57:e8:d5:8b:34:f3:16:50:85:91:97:5a:dc:5e:99:33:
         16:29:ef:e8:42:90:c1:2a:ca:db:4a:2b:e3:f7:8d:94:4d:6e:
         00:ea:41:f8:47:19:ba:1a:82:77:94:cb:96:b4:c9:ad:73:2d:
         31:30:be:49:26:47:17:c2:49:a9:bb:3c:56:2a:3d:66:02:b2:
         6d:ac:47:9f:bb:aa:e3:ed:1d:52:95:c3:30:62:55:89:52:49:
         ce:91:61:63:ae:7c:ae:25:5e:0f:c2:2a:13:f7:37:cd:32:74:
         39:d3:0d:57:e4:c8:6b:5a:c1:ba:98:06:0c:6d:c6:43:bf:ae:
         d0:85:76:6c:c6:8f:ea:57:be:bf:d7:b6:fd:a0:b3:30:8a:94:
         3a:f6:7f:da:29:9f:32:cd:e4:ab:66:70:e8:14:90:bc:94:56:
         78:41:f7:01:4f:17:a9:60:bc:b4:17:17:7b:a6:be:09:05:a5:
         e2:e2:61:90:a0:40:6d:e1:29:78:3f:5c:8f:b2:9f:41:ed:fc:
         1c:46:d5:6c:92:90:a0:a9:d9:bf:d0:0f:19:bd:d5:f8:fe:01:
         60:87:d0:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbeLpPmiPLAaemJjm+Xd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ODBkMTY1NjliYjI0YTMyOGUyN2I0N2Y3ZDc1MTY1OTcy
NWRlZmIwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI4ZTQwNzllOWI0NGQ2NDg3YjVlYmNmNDc4ZmIzY2EwOWMzMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovLWzowtPDx/FSYb+H33vsOTa/qr
84PoCObiySRuBwmp4EjKP3fNeeFufEFLFOGVJxmBvJ0fumX2+vQ8cZ7Wp6el78nP
FMmzQTTBD03laSxIVZFnVtgRdDBE7pd/p/ZVeJffZxf4Ci4hZl50vAt3YhnA77XF
RcBXIdbEbNW6H7AaWW870+PfU+LaxIdRksjelZq8rUzRVl0IcP8IYQelkOYpzNvq
31JYdEYNfqU5hVLVPjky9kwNjt4UkIsJ6ha4uGv8tIgxbIKcn/haoTorVNrNwHIO
1tOJQqYrFVehF05jJEI1/GNA4Yza20poA/q1VqCz/7mhMQk1PgmYaXCQ6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNG45Aeem0TWSHtevPR4+zygnDJLMB8GA1UdIwQY
MBaAFHWA0WVpuySjKOJ7R/fXUWWXJd77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFlEUlpXbTdKS01vNG50SDk5ZFJaWmNsM3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xYTE4ZGUtZWZiZC00MWI1LWIzMzYt
NzlmYmQzODVhNTUwLzEvMGJqa0I1NmJSTlpJZTE2ODlIajdQS0NjTWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xYTE4ZGUtZWZiZC00MWI1LWIzMzYtNzlmYmQzODVhNTUw
LzEvZFlEUlpXbTdKS01vNG50SDk5ZFJaWmNsM3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgM6QCAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAWe/Gb5owejvQD7dgCSlTjCpphHJcjHBSaGHOY
28UIuw7zb83To1fo1Ys08xZQhZGXWtxemTMWKe/oQpDBKsrbSivj942UTW4A6kH4
Rxm6GoJ3lMuWtMmtcy0xML5JJkcXwkmpuzxWKj1mArJtrEefu6rj7R1SlcMwYlWJ
UknOkWFjrnyuJV4PwioT9zfNMnQ50w1X5MhrWsG6mAYMbcZDv67QhXZsxo/qV76/
17b9oLMwipQ69n/aKZ8yzeSrZnDoFJC8lFZ4QfcBTxepYLy0Fxd7pr4JBaXi4mGQ
oEBt4Sl4P1yPsp9B7fwcRtVskpCgqdm/0A8ZvdX4/gFgh9CH
-----END CERTIFICATE-----