Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/396wbCbJOwEnfSfLqqVDtk8gOJE.roa
File:                     396wbCbJOwEnfSfLqqVDtk8gOJE.roa (raw, json)
Hash identifier:          gwwb8tAThnxd9IR1xXtDWCSHDNLQJ5IPnXypl8r2o1c=
Subject key identifier:   DF:DE:B0:6C:26:C9:3B:01:27:7D:27:CB:AA:A5:43:B6:4F:20:38:91
Certificate issuer:       /CN=a4767bc5fbcbcefb1c1c747bb0eb5337dab691c0
Certificate serial:       018CC6B91FE9FD91D6AD5E96F65458B8D47B
Authority key identifier: A4:76:7B:C5:FB:CB:CE:FB:1C:1C:74:7B:B0:EB:53:37:DA:B6:91:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/396wbCbJOwEnfSfLqqVDtk8gOJE.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33886
IP address blocks:        2a01:298:d34d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1f:e9:fd:91:d6:ad:5e:96:f6:54:58:b8:d4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4767bc5fbcbcefb1c1c747bb0eb5337dab691c0
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfdeb06c26c93b01277d27cbaaa543b64f203891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:50:5f:ea:12:35:f8:1d:3e:c8:e0:3f:d2:7a:
                    a9:54:87:23:73:f5:b3:89:9c:d1:a1:68:f9:fc:0c:
                    8b:6c:57:9f:a8:c9:83:2b:b9:ec:64:0e:76:20:a4:
                    35:90:ba:b2:22:d9:f4:b9:84:2f:3d:38:86:65:48:
                    fa:99:5a:fb:0d:49:31:29:e8:74:f6:a7:52:8f:a4:
                    34:60:2e:3a:d0:87:7c:cf:13:65:52:8d:73:26:a7:
                    96:09:7b:f4:69:44:3d:db:c1:94:2f:7c:ce:19:75:
                    f5:6a:86:cd:e6:91:a1:22:60:30:32:22:e6:b4:77:
                    10:cc:9b:0c:31:89:ba:89:71:4e:7e:f3:cc:d0:4a:
                    f2:5a:56:d7:cf:fc:49:8f:47:9c:99:53:80:b0:a7:
                    44:30:00:a3:2a:7c:5d:78:3e:55:06:57:9f:74:2a:
                    8a:30:15:31:ab:a9:c6:3d:e0:bd:a4:64:73:25:b4:
                    02:1d:7f:b5:ab:25:6d:66:3b:6c:2c:07:7d:0d:2c:
                    0e:4e:d9:0a:d8:7d:15:8b:af:eb:a3:ab:b9:22:7c:
                    25:5b:60:5b:35:f1:a8:3f:e3:08:a2:99:6e:8f:12:
                    40:52:f0:5b:2d:46:c7:5c:03:c6:67:e1:f5:06:a4:
                    7a:f3:49:be:af:91:83:6d:29:99:70:48:47:7f:0b:
                    71:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DE:B0:6C:26:C9:3B:01:27:7D:27:CB:AA:A5:43:B6:4F:20:38:91
            X509v3 Authority Key Identifier:
                keyid:A4:76:7B:C5:FB:CB:CE:FB:1C:1C:74:7B:B0:EB:53:37:DA:B6:91:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/396wbCbJOwEnfSfLqqVDtk8gOJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:298:d34d::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:c1:dc:5f:09:da:56:99:c6:a6:e7:17:61:b4:c3:1b:ab:b5:
         66:d3:ce:bf:9d:3b:13:a6:ed:32:f4:d1:22:ae:ac:41:57:d5:
         f2:d0:66:bf:ad:b2:82:ba:bf:23:93:89:3c:19:4e:bf:1c:41:
         04:ef:f1:6b:5c:c2:f2:6e:a3:60:0d:bc:91:9b:9a:64:92:2f:
         f0:23:4c:59:f3:28:fa:71:5a:0b:4c:3f:39:00:d4:97:a7:ba:
         b2:3e:66:b1:db:fb:00:b5:06:7a:fd:18:8c:ed:76:fc:22:85:
         d7:92:5e:b0:9b:e4:b0:31:8d:3c:81:f1:be:7b:fd:f2:9e:43:
         63:81:da:b5:5d:ae:d6:f3:c1:de:78:1a:71:30:9d:6e:f1:06:
         28:38:0e:95:8d:0d:44:7e:d4:15:78:f2:2d:a3:0f:d3:7c:42:
         af:e9:de:b5:39:12:1a:88:e4:b6:c2:01:72:ec:14:7f:b4:d9:
         04:28:dc:b9:95:66:30:65:f5:1c:8a:46:79:b2:90:9c:f9:55:
         49:5c:9e:71:19:4d:97:ba:3c:19:3e:bf:aa:cb:72:be:9b:f2:
         98:e8:c7:15:d5:b5:b8:4a:6e:3d:8c:1b:52:7c:44:b0:c9:04:
         11:8f:5d:c7:d0:b9:8d:f2:59:5c:db:42:7a:96:3f:9e:77:12:
         e2:fd:0f:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuR/p/ZHWrV6W9lRYuNR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NzY3YmM1ZmJjYmNlZmIxYzFjNzQ3YmIwZWI1MzM3ZGFi
NjkxYzAwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRlYjA2YzI2YzkzYjAxMjc3ZDI3Y2JhYWE1NDNiNjRmMjAzODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlBf6hI1+B0+yOA/0nqpVIcjc/Wz
iZzRoWj5/AyLbFefqMmDK7nsZA52IKQ1kLqyItn0uYQvPTiGZUj6mVr7DUkxKeh0
9qdSj6Q0YC460Id8zxNlUo1zJqeWCXv0aUQ928GUL3zOGXX1aobN5pGhImAwMiLm
tHcQzJsMMYm6iXFOfvPM0EryWlbXz/xJj0ecmVOAsKdEMACjKnxdeD5VBlefdCqK
MBUxq6nGPeC9pGRzJbQCHX+1qyVtZjtsLAd9DSwOTtkK2H0Vi6/ro6u5InwlW2Bb
NfGoP+MIoplujxJAUvBbLUbHXAPGZ+H1BqR680m+r5GDbSmZcEhHfwtxFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN/esGwmyTsBJ30ny6qlQ7ZPIDiRMB8GA1UdIwQY
MBaAFKR2e8X7y877HBx0e7DrUzfatpHAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEhaN3hmdkx6dnNjSEhSN3NPdFROOXEya2NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS84MDY1ZDUtMDRkMC00M2U1LWEyZjQt
MDQxYTQ4ZDIxMjNmLzEvMzk2d2JDYkpPd0VuZlNmTHFxVkR0azhnT0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS84MDY1ZDUtMDRkMC00M2U1LWEyZjQtMDQxYTQ4ZDIxMjNm
LzEvcEhaN3hmdkx6dnNjSEhSN3NPdFROOXEya2NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgECmNNN
MA0GCSqGSIb3DQEBCwUAA4IBAQAowdxfCdpWmcam5xdhtMMbq7Vm086/nTsTpu0y
9NEirqxBV9Xy0Ga/rbKCur8jk4k8GU6/HEEE7/FrXMLybqNgDbyRm5pkki/wI0xZ
8yj6cVoLTD85ANSXp7qyPmax2/sAtQZ6/RiM7Xb8IoXXkl6wm+SwMY08gfG+e/3y
nkNjgdq1Xa7W88HeeBpxMJ1u8QYoOA6VjQ1EftQVePItow/TfEKv6d61ORIaiOS2
wgFy7BR/tNkEKNy5lWYwZfUcikZ5spCc+VVJXJ5xGU2XujwZPr+qy3K+m/KY6McV
1bW4Sm49jBtSfESwyQQRj13H0LmN8llc20J6lj+edxLi/Q/T
-----END CERTIFICATE-----