Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/8hsZ0-LYEi9cyGoLQQv8xgxf0co.roa
File:                     8hsZ0-LYEi9cyGoLQQv8xgxf0co.roa (raw, json)
Hash identifier:          JSrgc8NaKlOuEcPlS6W321wvoJvTbdTh0hfWEJB9sPc=
Subject key identifier:   F2:1B:19:D3:E2:D8:12:2F:5C:C8:6A:0B:41:0B:FC:C6:0C:5F:D1:CA
Certificate issuer:       /CN=101287927ad7b1db479ae5ab92ab87c4a4faf496
Certificate serial:       018CC493153A712D1402A1366EABEE85D0EE
Authority key identifier: 10:12:87:92:7A:D7:B1:DB:47:9A:E5:AB:92:AB:87:C4:A4:FA:F4:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EBKHknrXsdtHmuWrkquHxKT69JY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/8hsZ0-LYEi9cyGoLQQv8xgxf0co.roa
Signing time:             Mon 01 Jan 2024 10:30:22 +0000
ROA not before:           Mon 01 Jan 2024 10:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15557
IP address blocks:        2a00:be80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/EBKHknrXsdtHmuWrkquHxKT69JY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/EBKHknrXsdtHmuWrkquHxKT69JY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EBKHknrXsdtHmuWrkquHxKT69JY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:15:3a:71:2d:14:02:a1:36:6e:ab:ee:85:d0:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=101287927ad7b1db479ae5ab92ab87c4a4faf496
        Validity
            Not Before: Jan  1 10:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f21b19d3e2d8122f5cc86a0b410bfcc60c5fd1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0e:d6:2b:71:da:80:bf:ea:63:05:22:8f:0f:
                    9a:2f:13:39:5a:24:da:60:0c:ad:17:91:87:0d:48:
                    41:8e:e0:16:5b:9f:ac:57:b6:26:8a:b7:a5:59:67:
                    56:32:3e:c9:c8:ac:58:3f:b6:f3:bd:d6:b1:40:d7:
                    d5:12:dc:b8:13:88:e5:a7:7d:9c:1c:96:f6:f6:68:
                    67:7b:b8:70:55:a7:ce:6b:c2:61:90:c8:8a:af:46:
                    31:16:72:f5:4b:1c:26:f3:b8:17:87:5a:7f:b2:f6:
                    a1:73:89:93:6d:cc:a4:7c:f5:d6:ff:ab:da:f1:55:
                    a6:aa:1a:3a:01:77:65:83:60:17:62:5d:d6:11:36:
                    12:a1:33:a0:a5:aa:b8:f3:bc:e0:c0:56:50:02:bb:
                    25:db:f8:d6:8c:7b:68:0e:07:18:11:5b:75:66:22:
                    80:e5:c8:a7:d0:20:d6:3b:21:61:4c:13:e9:9f:6d:
                    6c:d7:b0:8a:e2:15:7d:c2:86:2b:a8:5a:a3:6d:fc:
                    50:72:b2:6f:64:d6:1c:55:d4:7e:48:b2:fe:4b:17:
                    8a:33:94:e0:90:c5:fd:d5:08:f5:10:13:22:b7:de:
                    57:ea:2b:95:eb:0a:69:4e:b3:aa:bc:65:58:0a:28:
                    c5:e6:71:97:15:5b:2e:e1:fb:89:0a:1c:71:a3:5c:
                    00:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:1B:19:D3:E2:D8:12:2F:5C:C8:6A:0B:41:0B:FC:C6:0C:5F:D1:CA
            X509v3 Authority Key Identifier:
                keyid:10:12:87:92:7A:D7:B1:DB:47:9A:E5:AB:92:AB:87:C4:A4:FA:F4:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EBKHknrXsdtHmuWrkquHxKT69JY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/8hsZ0-LYEi9cyGoLQQv8xgxf0co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/EBKHknrXsdtHmuWrkquHxKT69JY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:69:81:f8:a2:4c:e1:04:e5:76:11:34:7f:89:36:ee:9f:ee:
         89:a3:9d:49:49:02:0d:d8:bf:ef:28:8c:97:20:81:c3:56:fe:
         55:09:78:fb:ac:e3:f6:c5:08:8b:3a:9c:f0:76:f4:ca:fc:8c:
         80:7b:7c:e3:60:12:8d:e2:31:b6:c6:62:d1:fa:10:b6:38:b3:
         90:51:20:d6:d1:0a:a5:69:7c:08:ad:13:cd:4f:07:46:e4:e1:
         27:5e:50:ac:b2:7e:7d:5c:46:01:6e:fc:fc:52:52:dc:c7:51:
         3e:63:a4:53:27:0c:33:27:84:3a:07:db:1c:65:06:a0:ab:1d:
         f5:c0:8c:ff:8f:b4:ac:50:99:f3:3c:54:21:10:f1:12:35:6d:
         30:f8:65:4f:c2:7e:e7:f8:d6:84:d3:46:c0:d0:d0:99:4f:e5:
         00:83:1d:d0:6d:dd:6e:96:33:9a:63:78:87:46:0d:90:0d:f6:
         e7:e0:dc:14:5e:43:98:21:53:04:10:29:3a:47:4c:d9:c3:6f:
         7e:59:0f:13:df:b5:cf:8d:1d:d3:3c:85:b7:4a:8c:94:58:07:
         ea:0a:00:95:9e:5b:4f:0b:b8:18:48:55:7a:4e:5d:02:21:41:
         b0:42:e8:23:72:ff:c8:b7:9b:9a:1b:44:3d:bd:ec:a6:c3:48:
         de:ca:28:c1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkxU6cS0UAqE2bqvuhdDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMTI4NzkyN2FkN2IxZGI0NzlhZTVhYjkyYWI4N2M0YTRm
YWY0OTYwHhcNMjQwMTAxMTAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjFiMTlkM2UyZDgxMjJmNWNjODZhMGI0MTBiZmNjNjBjNWZkMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw7WK3HagL/qYwUijw+aLxM5WiTa
YAytF5GHDUhBjuAWW5+sV7YmirelWWdWMj7JyKxYP7bzvdaxQNfVEty4E4jlp32c
HJb29mhne7hwVafOa8JhkMiKr0YxFnL1Sxwm87gXh1p/svahc4mTbcykfPXW/6va
8VWmqho6AXdlg2AXYl3WETYSoTOgpaq487zgwFZQArsl2/jWjHtoDgcYEVt1ZiKA
5cin0CDWOyFhTBPpn21s17CK4hV9woYrqFqjbfxQcrJvZNYcVdR+SLL+SxeKM5Tg
kMX91Qj1EBMit95X6iuV6wppTrOqvGVYCijF5nGXFVsu4fuJChxxo1wApQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPIbGdPi2BIvXMhqC0EL/MYMX9HKMB8GA1UdIwQY
MBaAFBASh5J617HbR5rlq5Krh8Sk+vSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUJLSGtuclhzZHRIbXVXcmtxdUh4S1Q2OUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xMjM5MWQtNWZiNi00ZGVhLWE3MTMt
NzNhNDUyYmFmYjQ2LzEvOGhzWjAtTFlFaTljeUdvTFFRdjh4Z3hmMGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xMjM5MWQtNWZiNi00ZGVhLWE3MTMtNzNhNDUyYmFmYjQ2
LzEvRUJLSGtuclhzZHRIbXVXcmtxdUh4S1Q2OUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgC+gDAN
BgkqhkiG9w0BAQsFAAOCAQEAn2mB+KJM4QTldhE0f4k27p/uiaOdSUkCDdi/7yiM
lyCBw1b+VQl4+6zj9sUIizqc8Hb0yvyMgHt842ASjeIxtsZi0foQtjizkFEg1tEK
pWl8CK0TzU8HRuThJ15QrLJ+fVxGAW78/FJS3MdRPmOkUycMMyeEOgfbHGUGoKsd
9cCM/4+0rFCZ8zxUIRDxEjVtMPhlT8J+5/jWhNNGwNDQmU/lAIMd0G3dbpYzmmN4
h0YNkA325+DcFF5DmCFTBBApOkdM2cNvflkPE9+1z40d0zyFt0qMlFgH6goAlZ5b
Twu4GEhVek5dAiFBsELoI3L/yLebmhtEPb3spsNI3soowQ==
-----END CERTIFICATE-----