Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/3v8t-T_1Z1mJhtaQZINyjyjPSnE.roa
File:                     3v8t-T_1Z1mJhtaQZINyjyjPSnE.roa (raw, json)
Hash identifier:          DGRvhUsu67g0JZlFpKbNd0i1dFvQPP8NpdEVm4vVN78=
Subject key identifier:   DE:FF:2D:F9:3F:F5:67:59:89:86:D6:90:64:83:72:8F:28:CF:4A:71
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018F1039684F1D4978A663DF4B08CC59B1B1
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/3v8t-T_1Z1mJhtaQZINyjyjPSnE.roa
Signing time:             Wed 24 Apr 2024 13:09:08 +0000
ROA not before:           Wed 24 Apr 2024 13:09:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215050
IP address blocks:        2a03:5840:117::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:39:68:4f:1d:49:78:a6:63:df:4b:08:cc:59:b1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Apr 24 13:09:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=deff2df93ff567598986d6906483728f28cf4a71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ac:fd:59:7b:9a:4e:93:b3:0c:dc:e7:81:8f:
                    97:4a:fe:59:68:92:3a:45:5c:65:bd:a8:43:f8:18:
                    b4:1f:a5:a0:9d:b6:76:58:2d:ea:f6:f3:76:88:27:
                    b5:6e:59:32:cf:27:fd:50:16:f4:df:ac:2e:b2:b2:
                    32:c1:67:2f:63:25:cd:c6:02:52:cf:09:1c:1c:00:
                    cb:48:2c:c2:bd:49:ab:33:ba:cc:18:5b:28:0b:71:
                    7c:8d:7c:d6:0a:3b:5a:c9:89:0c:bd:a9:48:35:6e:
                    ce:2d:09:e3:83:e6:30:d0:e7:c6:8b:59:db:7b:cb:
                    27:e5:a4:ba:b2:c1:87:db:30:99:ec:8d:ab:ab:0b:
                    8e:09:9c:55:f0:46:58:8b:0f:46:d9:7e:34:92:87:
                    23:f7:3d:de:02:83:ae:c1:cf:b6:99:af:6b:79:89:
                    18:e8:67:9f:ca:79:ec:ab:b5:55:83:89:6c:6e:7d:
                    6e:29:36:ad:8d:e6:fe:4c:e5:c0:24:17:65:1c:82:
                    c1:bc:18:fa:1c:02:be:56:3e:92:8b:5a:e8:ab:b0:
                    da:9e:66:ab:8d:07:69:bb:8c:5b:6c:53:b9:ff:9a:
                    c8:a1:aa:f2:2a:86:de:65:46:2b:5d:a8:75:be:d9:
                    38:7d:93:06:bf:f0:85:11:dd:5e:b6:d0:8b:5d:70:
                    9f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FF:2D:F9:3F:F5:67:59:89:86:D6:90:64:83:72:8F:28:CF:4A:71
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/3v8t-T_1Z1mJhtaQZINyjyjPSnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:117::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:81:93:60:c4:16:a1:1f:be:cd:49:03:7c:7d:05:11:9f:bf:
         98:99:70:f2:91:d0:3c:d5:12:23:68:60:25:0b:7b:87:51:e5:
         e8:1b:90:02:14:f1:0d:41:48:c0:6c:8d:9d:e1:28:82:2e:e7:
         3b:6c:15:07:26:27:14:38:64:50:23:83:2f:5f:e8:ee:5d:38:
         27:b8:6c:81:fa:32:fb:d4:99:88:b9:c7:f5:6d:68:69:f2:6d:
         39:94:1c:f7:98:a3:f7:23:32:12:b2:7c:27:ab:28:82:90:5f:
         6f:39:a5:b0:8d:dc:b3:52:b4:da:6b:20:fa:4e:34:47:9f:95:
         70:f0:2a:bd:b7:f1:f5:05:4b:cd:28:0a:e9:2a:ca:3e:b4:6b:
         5e:3f:8b:2b:6c:24:40:a3:66:f0:af:f0:69:0b:cf:4f:a7:ac:
         c7:5e:90:6e:13:f1:39:30:a4:2e:17:e9:bd:49:04:38:c2:92:
         3f:74:5c:b7:12:b3:c5:4f:e9:d0:b7:9b:3c:29:29:14:b6:c1:
         b0:87:d2:44:80:5d:45:35:60:11:11:6b:62:2d:17:7d:ef:e6:
         e4:07:ae:dd:32:f3:ec:01:b7:17:52:7f:ca:11:56:40:0d:90:
         ae:c2:51:cf:ca:ca:85:65:de:70:fb:78:69:b7:fb:1d:c2:46:
         af:2a:9e:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8QOWhPHUl4pmPfSwjMWbGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwNDI0MTMwOTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWZmMmRmOTNmZjU2NzU5ODk4NmQ2OTA2NDgzNzI4ZjI4Y2Y0YTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56z9WXuaTpOzDNzngY+XSv5ZaJI6
RVxlvahD+Bi0H6WgnbZ2WC3q9vN2iCe1blkyzyf9UBb036wusrIywWcvYyXNxgJS
zwkcHADLSCzCvUmrM7rMGFsoC3F8jXzWCjtayYkMvalINW7OLQnjg+Yw0OfGi1nb
e8sn5aS6ssGH2zCZ7I2rqwuOCZxV8EZYiw9G2X40kocj9z3eAoOuwc+2ma9reYkY
6Gefynnsq7VVg4lsbn1uKTatjeb+TOXAJBdlHILBvBj6HAK+Vj6Si1roq7Danmar
jQdpu4xbbFO5/5rIoaryKobeZUYrXah1vtk4fZMGv/CFEd1ettCLXXCf6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN7/Lfk/9WdZiYbWkGSDco8oz0pxMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvM3Y4dC1UXzFaMW1KaHRhUVpJTnlqeWpQU25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEX
MA0GCSqGSIb3DQEBCwUAA4IBAQCGgZNgxBahH77NSQN8fQURn7+YmXDykdA81RIj
aGAlC3uHUeXoG5ACFPENQUjAbI2d4SiCLuc7bBUHJicUOGRQI4MvX+juXTgnuGyB
+jL71JmIucf1bWhp8m05lBz3mKP3IzISsnwnqyiCkF9vOaWwjdyzUrTaayD6TjRH
n5Vw8Cq9t/H1BUvNKArpKso+tGteP4srbCRAo2bwr/BpC89Pp6zHXpBuE/E5MKQu
F+m9SQQ4wpI/dFy3ErPFT+nQt5s8KSkUtsGwh9JEgF1FNWAREWtiLRd97+bkB67d
MvPsAbcXUn/KEVZADZCuwlHPysqFZd5w+3hpt/sdwkavKp7u
-----END CERTIFICATE-----