Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/kfPEBc7tUut9cOelykzRmwlWyTk.roa
File:                     kfPEBc7tUut9cOelykzRmwlWyTk.roa (raw, json)
Hash identifier:          o6J62ZzOFLP0/bHr7/FtTQa5VkoXZlWJ8hkPYjRZJBM=
Subject key identifier:   91:F3:C4:05:CE:ED:52:EB:7D:70:E7:A5:CA:4C:D1:9B:09:56:C9:39
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E2D6CE69D2C1B06256A0FF370DCFC
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/kfPEBc7tUut9cOelykzRmwlWyTk.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3305
IP address blocks:        2a00:ec81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2d:6c:e6:9d:2c:1b:06:25:6a:0f:f3:70:dc:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91f3c405ceed52eb7d70e7a5ca4cd19b0956c939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:50:d4:bc:49:ef:b8:08:60:cc:e0:08:6a:ce:
                    6e:b3:42:c9:0b:70:96:ce:1e:cc:20:c8:e8:35:1f:
                    30:35:6d:c1:51:c5:e3:49:0b:a5:f1:74:fe:13:88:
                    3c:01:7e:a2:c2:c7:40:41:e9:72:70:f6:12:13:d2:
                    86:5f:35:50:a6:ba:5b:22:44:4c:32:87:57:26:c6:
                    ea:cf:ac:2e:37:1c:3b:dd:bc:af:b3:03:95:c9:5d:
                    ca:65:b6:3b:77:96:74:f4:43:bc:44:3e:da:d9:28:
                    a3:3e:f1:f0:5d:1c:64:29:fa:32:a2:d7:ca:4a:39:
                    f0:cd:1c:3d:b7:3d:df:c8:86:86:ab:6a:e6:71:a0:
                    b1:7b:26:23:26:4b:9a:21:11:89:4f:91:12:19:a6:
                    1f:96:a3:53:bf:47:9c:50:4a:84:95:0d:5b:38:d2:
                    0c:e5:a1:ad:bd:ec:ab:d9:62:a7:f2:6e:86:25:65:
                    a8:9a:b4:11:25:70:44:70:28:0f:e8:23:e4:d4:ab:
                    7e:fb:a3:fe:52:6e:23:fd:25:19:9d:b9:06:1e:82:
                    62:ff:6b:44:77:b5:48:72:d3:5c:a8:0d:58:1d:92:
                    6e:45:55:34:e0:9f:02:78:e0:19:a7:14:0a:11:1e:
                    4d:f4:92:fa:ea:15:85:35:d8:aa:19:d4:67:2b:4d:
                    38:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F3:C4:05:CE:ED:52:EB:7D:70:E7:A5:CA:4C:D1:9B:09:56:C9:39
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/kfPEBc7tUut9cOelykzRmwlWyTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ec81::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:64:30:d4:37:1b:fa:bd:99:41:74:8c:b0:08:26:f9:22:e1:
         c5:f8:04:a6:b8:0c:6d:aa:82:40:71:7b:c2:95:4d:cb:76:f2:
         5a:b1:5f:99:34:3d:fb:ea:49:a3:e5:a2:96:ee:b5:e0:27:82:
         58:52:f3:ed:3c:3f:e3:84:24:6e:65:d3:4b:93:82:61:7b:27:
         69:cd:58:3f:d4:47:13:83:3c:8d:dd:5e:8d:b1:23:36:68:85:
         4f:51:f5:1e:62:fd:4c:de:27:60:d9:19:be:ac:17:76:3f:b6:
         9c:01:18:92:01:5c:0e:83:99:ac:a3:dc:cc:50:cc:e8:51:44:
         71:1a:85:02:74:22:21:dd:d8:88:92:97:a8:00:a2:69:fd:f0:
         77:95:f1:b6:04:2c:50:08:72:d7:a0:3c:ba:dd:81:37:03:93:
         ec:54:b1:2b:94:be:96:e8:f9:3b:5d:4d:6f:64:e8:8b:97:7b:
         33:eb:e2:d2:4c:c8:df:75:7e:1f:a1:f0:84:e0:50:b9:50:0b:
         f8:7d:3c:6b:27:8b:de:5b:ae:87:ba:23:18:dc:5c:36:ae:c2:
         e7:68:ad:94:e3:98:28:c6:56:4a:ed:ed:df:48:16:16:c7:2f:
         d4:1e:c5:69:09:47:78:a1:51:87:ea:26:57:83:5a:e5:37:a1:
         6e:8f:a9:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTi1s5p0sGwYlag/zcNz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWYzYzQwNWNlZWQ1MmViN2Q3MGU3YTVjYTRjZDE5YjA5NTZjOTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlDUvEnvuAhgzOAIas5us0LJC3CW
zh7MIMjoNR8wNW3BUcXjSQul8XT+E4g8AX6iwsdAQelycPYSE9KGXzVQprpbIkRM
ModXJsbqz6wuNxw73byvswOVyV3KZbY7d5Z09EO8RD7a2SijPvHwXRxkKfoyotfK
SjnwzRw9tz3fyIaGq2rmcaCxeyYjJkuaIRGJT5ESGaYflqNTv0ecUEqElQ1bONIM
5aGtveyr2WKn8m6GJWWomrQRJXBEcCgP6CPk1Kt++6P+Um4j/SUZnbkGHoJi/2tE
d7VIctNcqA1YHZJuRVU04J8CeOAZpxQKER5N9JL66hWFNdiqGdRnK004kwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJHzxAXO7VLrfXDnpcpM0ZsJVsk5MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEva2ZQRUJjN3RVdXQ5Y09lbHlrelJtd2xXeVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgDsgTAN
BgkqhkiG9w0BAQsFAAOCAQEALGQw1Dcb+r2ZQXSMsAgm+SLhxfgEprgMbaqCQHF7
wpVNy3byWrFfmTQ9++pJo+Wilu614CeCWFLz7Tw/44QkbmXTS5OCYXsnac1YP9RH
E4M8jd1ejbEjNmiFT1H1HmL9TN4nYNkZvqwXdj+2nAEYkgFcDoOZrKPczFDM6FFE
cRqFAnQiId3YiJKXqACiaf3wd5XxtgQsUAhy16A8ut2BNwOT7FSxK5S+luj5O11N
b2Toi5d7M+vi0kzI33V+H6HwhOBQuVAL+H08ayeL3luuh7ojGNxcNq7C52itlOOY
KMZWSu3t30gWFscv1B7FaQlHeKFRh+omV4Na5Tehbo+ptA==
-----END CERTIFICATE-----