Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/bnboJeV6hquO4vlPQIfjPbVPBtk.roa
File:                     bnboJeV6hquO4vlPQIfjPbVPBtk.roa (raw, json)
Hash identifier:          S6auoKpR0m5fisai/RHp5ib/WbJ3ogfkODVs1Tn/3sc=
Subject key identifier:   6E:76:E8:25:E5:7A:86:AB:8E:E2:F9:4F:40:87:E3:3D:B5:4F:06:D9
Certificate issuer:       /CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
Certificate serial:       018CC4939FA931CCF48CE3434F57261FC0BC
Authority key identifier: 3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/bnboJeV6hquO4vlPQIfjPbVPBtk.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:144::/35 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9f:a9:31:cc:f4:8c:e3:43:4f:57:26:1f:c0:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e76e825e57a86ab8ee2f94f4087e33db54f06d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ad:5d:e0:f3:cc:4e:37:e4:d4:5b:51:73:31:
                    d2:cf:1f:3d:cf:2c:c9:d6:e6:16:78:86:b3:df:0f:
                    65:fb:4b:14:4a:67:54:5b:dd:fd:70:c3:00:4b:55:
                    1d:e4:2b:01:3f:65:2f:34:fc:42:0c:42:65:48:be:
                    24:28:79:34:7b:66:ed:42:bc:dc:5c:3c:8c:d3:12:
                    c9:63:24:0f:21:ff:7b:07:d3:38:73:40:b6:f3:27:
                    2c:05:82:86:9d:a1:7c:b7:41:e0:13:42:b2:50:e2:
                    01:0b:e2:13:32:92:79:f6:3a:70:a9:2e:41:bb:18:
                    8c:3d:ac:96:1c:f7:56:8a:80:37:72:bf:d1:80:8a:
                    bb:d5:cf:2c:1d:eb:9a:23:20:44:80:60:ab:0f:8b:
                    ff:50:f5:40:f5:fe:7b:e2:5d:33:01:67:ea:3c:c4:
                    b7:40:c9:e7:bd:fb:58:e7:1c:9c:71:7d:53:b3:8a:
                    08:a1:91:3a:26:f4:68:4e:eb:09:80:d5:ed:42:3a:
                    6d:96:b1:f8:e7:c8:fe:0c:c8:21:3a:2a:c4:e2:c3:
                    bf:6c:db:d7:3a:e2:f8:7a:06:83:9b:19:e0:22:05:
                    c5:8d:f0:b0:80:00:dc:30:ca:28:a4:bd:88:84:80:
                    03:3f:9f:e4:a6:ac:7c:2c:9c:64:c6:82:48:aa:fe:
                    62:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:76:E8:25:E5:7A:86:AB:8E:E2:F9:4F:40:87:E3:3D:B5:4F:06:D9
            X509v3 Authority Key Identifier:
                keyid:3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/bnboJeV6hquO4vlPQIfjPbVPBtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:144::/35

    Signature Algorithm: sha256WithRSAEncryption
         96:64:5f:e9:20:e3:70:c1:94:f2:7a:26:5c:76:e5:ac:4b:da:
         58:b1:1b:c2:c8:ee:db:17:e5:99:38:09:15:11:b5:78:89:2e:
         1e:d1:87:7e:e4:e0:27:61:b1:5c:27:0c:53:2a:9e:53:1b:0a:
         73:17:f9:9f:5b:21:fe:e4:11:23:27:5b:28:ce:20:7c:92:28:
         33:0f:4f:4f:a2:ed:d5:67:10:13:21:59:cc:0c:9b:fa:f3:97:
         e2:1d:8b:57:18:d0:c1:6f:7c:a6:97:56:45:2a:b8:a1:d9:7d:
         04:98:df:19:0b:4f:a5:1b:2e:5a:41:e4:fd:a8:60:f3:49:38:
         07:6d:aa:52:49:28:a1:d4:f9:54:99:db:98:bf:12:65:40:20:
         cb:3f:e5:e4:79:fc:a9:99:40:4f:35:26:22:ab:e6:3a:f1:18:
         27:8d:3a:6a:ed:56:09:b0:77:63:55:5a:2d:26:7c:89:bb:ad:
         5d:c8:d7:fd:5c:04:4a:5d:5d:40:65:6c:6f:44:bd:9f:2e:00:
         1d:8f:b0:fa:54:ea:94:1b:16:32:79:1a:f4:8d:92:13:c7:b7:
         8b:f8:74:47:1f:9e:4b:88:52:cf:5f:38:0b:e8:71:2e:69:0c:
         17:06:bc:73:f1:11:93:6f:e5:59:77:3f:7b:e1:f6:6d:4b:be:
         47:b4:05:81
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk5+pMcz0jONDT1cmH8C8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2JmNTExNzc0YjZlMWQ3MDZiYjI3MjdiM2QzMTI1Nzc1
YTkxMmYwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc2ZTgyNWU1N2E4NmFiOGVlMmY5NGY0MDg3ZTMzZGI1NGYwNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa1d4PPMTjfk1FtRczHSzx89zyzJ
1uYWeIaz3w9l+0sUSmdUW939cMMAS1Ud5CsBP2UvNPxCDEJlSL4kKHk0e2btQrzc
XDyM0xLJYyQPIf97B9M4c0C28ycsBYKGnaF8t0HgE0KyUOIBC+ITMpJ59jpwqS5B
uxiMPayWHPdWioA3cr/RgIq71c8sHeuaIyBEgGCrD4v/UPVA9f574l0zAWfqPMS3
QMnnvftY5xyccX1Ts4oIoZE6JvRoTusJgNXtQjptlrH458j+DMghOirE4sO/bNvX
OuL4egaDmxngIgXFjfCwgADcMMoopL2IhIADP5/kpqx8LJxkxoJIqv5iBQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG526CXleoarjuL5T0CH4z21TwbZMB8GA1UdIwQY
MBaAFD879RF3S24dcGuycns9MSV3WpEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWIt
YTBkNmRiZmFjNmViLzEvYm5ib0plVjZocXVPNHZsUFFJZmpQYlZQQnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWItYTBkNmRiZmFjNmVi
LzEvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgoBRAAw
DQYJKoZIhvcNAQELBQADggEBAJZkX+kg43DBlPJ6Jlx25axL2lixG8LI7tsX5Zk4
CRURtXiJLh7Rh37k4CdhsVwnDFMqnlMbCnMX+Z9bIf7kESMnWyjOIHySKDMPT0+i
7dVnEBMhWcwMm/rzl+Idi1cY0MFvfKaXVkUquKHZfQSY3xkLT6UbLlpB5P2oYPNJ
OAdtqlJJKKHU+VSZ25i/EmVAIMs/5eR5/KmZQE81JiKr5jrxGCeNOmrtVgmwd2NV
Wi0mfIm7rV3I1/1cBEpdXUBlbG9EvZ8uAB2PsPpU6pQbFjJ5GvSNkhPHt4v4dEcf
nkuIUs9fOAvocS5pDBcGvHPxEZNv5Vl3P3vh9m1Lvke0BYE=
-----END CERTIFICATE-----