Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/fqvQ0DJn25T-CJml0wjmNJI6GM0.roa
File:                     fqvQ0DJn25T-CJml0wjmNJI6GM0.roa (raw, json)
Hash identifier:          bSxHCFpkN/CklLzaYhYBIkRSJIpc71xfY6m0PfpaJC0=
Subject key identifier:   7E:AB:D0:D0:32:67:DB:94:FE:08:99:A5:D3:08:E6:34:92:3A:18:CD
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E3936EC0AC62F98E9D90A6B4457C3
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/fqvQ0DJn25T-CJml0wjmNJI6GM0.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208157
IP address blocks:        2a00:7180:8000::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:39:36:ec:0a:c6:2f:98:e9:d9:0a:6b:44:57:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eabd0d03267db94fe0899a5d308e634923a18cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8f:da:7c:ce:5b:b0:c7:48:b6:57:e6:73:d9:
                    88:2f:a0:dd:fe:34:2a:c7:5e:9f:e2:e6:34:82:10:
                    5f:db:3b:74:99:8b:55:09:12:0b:2e:ce:c3:ce:a2:
                    22:e7:71:77:1a:3b:d4:84:41:e4:e5:d4:95:ac:87:
                    6e:2a:a8:f0:c6:38:d2:f3:9f:1a:91:72:e6:15:b9:
                    02:a7:b3:ff:66:64:a4:fe:30:7a:b9:42:0a:e5:ab:
                    4f:00:7b:83:85:e8:64:82:f5:99:f1:fc:f4:85:96:
                    97:02:24:f5:8d:c1:2c:7d:20:a3:28:b5:2e:ba:14:
                    fb:69:8a:3e:8c:16:3f:c7:37:45:d5:d3:fb:d3:26:
                    2e:06:3d:0a:74:22:4d:3d:a0:a3:c6:85:ef:0b:46:
                    47:d0:11:e9:7d:e8:ed:f4:77:7e:cc:60:b9:e9:aa:
                    a4:3c:36:85:ca:d2:36:28:9b:ba:f0:a1:4b:43:7c:
                    f7:d1:4d:a4:2a:46:33:c9:24:bb:bf:e3:f3:01:b3:
                    f1:ba:2e:d3:0d:71:ad:60:e7:18:b6:99:8c:32:09:
                    2a:3c:67:61:1f:31:23:c0:95:f4:4a:78:e7:60:c2:
                    0b:7b:de:48:ba:86:20:1c:cb:f9:56:ce:0d:6c:ee:
                    c3:53:6f:19:5e:39:9b:c4:06:77:20:e7:b1:65:b7:
                    83:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AB:D0:D0:32:67:DB:94:FE:08:99:A5:D3:08:E6:34:92:3A:18:CD
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/fqvQ0DJn25T-CJml0wjmNJI6GM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7180:8000::/46

    Signature Algorithm: sha256WithRSAEncryption
         49:ef:90:b6:5d:02:34:e5:ca:19:79:36:d1:64:2f:57:a0:26:
         7b:59:39:fe:67:93:93:b1:8f:8a:78:02:2e:61:03:3d:d9:e5:
         b7:ba:b2:76:c2:74:80:39:12:4d:df:36:1d:fb:41:4f:80:37:
         97:29:a0:ab:a1:c5:59:b4:f0:9c:07:02:43:32:68:e3:1e:40:
         fa:52:24:2a:f6:5c:ba:6c:4e:03:57:00:c0:ec:73:1c:17:43:
         b9:86:6f:60:dd:e7:03:c7:7c:6e:bc:40:8d:ee:c9:b8:85:58:
         e3:00:82:93:0d:61:ba:64:2e:79:67:ba:7f:08:f5:e8:18:bb:
         f9:a7:81:f4:15:80:3a:57:7c:47:4e:d1:ff:74:e4:91:18:28:
         22:e9:32:a4:93:a2:05:ed:2d:4d:d1:86:80:49:16:ee:a6:46:
         d6:a1:8b:8d:d5:86:1b:93:aa:14:70:7b:f0:95:43:60:6a:eb:
         9f:56:60:a6:32:c9:2f:12:1f:76:2c:95:7b:ca:e8:06:2d:46:
         5e:2d:18:76:a0:d1:2f:df:3f:f9:59:20:fb:a0:2c:dc:a7:67:
         d3:5a:90:8c:81:b9:cd:23:b8:c4:9f:8b:0f:a9:3f:60:b5:bf:
         be:86:73:84:de:ff:81:c4:3e:f1:b4:26:79:39:2f:46:eb:22:
         fc:37:fe:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTjk27ArGL5jp2QprRFfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWFiZDBkMDMyNjdkYjk0ZmUwODk5YTVkMzA4ZTYzNDkyM2ExOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4/afM5bsMdItlfmc9mIL6Dd/jQq
x16f4uY0ghBf2zt0mYtVCRILLs7DzqIi53F3GjvUhEHk5dSVrIduKqjwxjjS858a
kXLmFbkCp7P/ZmSk/jB6uUIK5atPAHuDhehkgvWZ8fz0hZaXAiT1jcEsfSCjKLUu
uhT7aYo+jBY/xzdF1dP70yYuBj0KdCJNPaCjxoXvC0ZH0BHpfejt9Hd+zGC56aqk
PDaFytI2KJu68KFLQ3z30U2kKkYzySS7v+PzAbPxui7TDXGtYOcYtpmMMgkqPGdh
HzEjwJX0SnjnYMILe95IuoYgHMv5Vs4NbO7DU28ZXjmbxAZ3IOexZbeDBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH6r0NAyZ9uU/giZpdMI5jSSOhjNMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvZnF2UTBESm4yNVQtQ0ptbDB3am1OSkk2R00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgBxgIAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBJ75C2XQI05coZeTbRZC9XoCZ7WTn+Z5OTsY+K
eAIuYQM92eW3urJ2wnSAORJN3zYd+0FPgDeXKaCrocVZtPCcBwJDMmjjHkD6UiQq
9ly6bE4DVwDA7HMcF0O5hm9g3ecDx3xuvECN7sm4hVjjAIKTDWG6ZC55Z7p/CPXo
GLv5p4H0FYA6V3xHTtH/dOSRGCgi6TKkk6IF7S1N0YaASRbupkbWoYuN1YYbk6oU
cHvwlUNgauufVmCmMskvEh92LJV7yugGLUZeLRh2oNEv3z/5WSD7oCzcp2fTWpCM
gbnNI7jEn4sPqT9gtb++hnOE3v+BxD7xtCZ5OS9G6yL8N/64
-----END CERTIFICATE-----