Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/AiSM8CjQZqeCdf7479Nm1yQHRjo.roa
File:                     AiSM8CjQZqeCdf7479Nm1yQHRjo.roa (raw, json)
Hash identifier:          DFxH8vt9O6FF8AdG4j9bRWe3GoaasPISCASJyF3r2Rc=
Subject key identifier:   02:24:8C:F0:28:D0:66:A7:82:75:FE:F8:EF:D3:66:D7:24:07:46:3A
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CF88DA191BBECAEF47CEA5663B778392D
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/AiSM8CjQZqeCdf7479Nm1yQHRjo.roa
Signing time:             Thu 11 Jan 2024 12:44:40 +0000
ROA not before:           Thu 11 Jan 2024 12:44:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205828
IP address blocks:        2a03:5840:fd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:8d:a1:91:bb:ec:ae:f4:7c:ea:56:63:b7:78:39:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan 11 12:44:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02248cf028d066a78275fef8efd366d72407463a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:fb:e3:2d:ca:50:59:93:07:46:9e:16:55:e0:
                    ab:f5:58:3c:12:1f:09:a6:e1:a7:e6:e6:2f:01:5e:
                    b9:5e:27:c8:21:90:b9:cb:0b:3e:92:64:30:4e:be:
                    36:1c:be:94:9c:43:46:fe:d2:32:09:b8:13:7f:f2:
                    b1:04:df:fb:4d:de:ee:66:d7:6e:d8:cf:c6:3d:1f:
                    b9:19:e0:56:82:a0:ad:d6:0d:71:e6:0a:a4:fe:d2:
                    66:81:40:14:f1:c6:2d:3e:be:7e:c0:a6:0d:d7:11:
                    1e:53:a7:55:3b:89:36:53:ff:6d:9b:06:30:b9:a6:
                    d8:d5:a2:c5:a5:13:f7:1c:5f:2c:b9:86:13:95:93:
                    96:54:fa:b3:a4:64:d5:01:1a:ee:06:a2:ee:07:70:
                    f8:41:cd:5e:bc:ac:fe:40:50:83:63:b8:a9:84:d1:
                    f1:70:62:0e:88:af:97:6a:28:57:84:6c:f2:99:04:
                    e0:46:a3:a2:91:06:54:02:ee:80:6f:e9:76:23:7b:
                    4c:b6:4a:c8:2c:db:fc:66:d4:61:02:e4:66:62:a1:
                    08:45:1d:64:ae:5a:cb:6c:05:2d:e5:fd:9e:bd:39:
                    1d:d2:ec:52:ef:d4:fa:90:e5:e8:18:cd:8f:1b:24:
                    41:b7:31:a3:ef:3e:bc:b5:3a:f0:7a:d5:f4:1e:4d:
                    01:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:24:8C:F0:28:D0:66:A7:82:75:FE:F8:EF:D3:66:D7:24:07:46:3A
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/AiSM8CjQZqeCdf7479Nm1yQHRjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:fd::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:d0:69:30:8e:8e:78:2f:21:39:49:c6:69:90:b2:2b:32:83:
         41:34:89:2b:72:75:94:f7:93:b7:0c:b1:49:56:f2:dc:30:ac:
         75:1d:f7:d3:f2:26:c7:3d:a2:d5:00:13:91:e0:54:af:74:bf:
         bb:6b:55:38:ab:3e:35:4d:99:1a:2e:f0:70:0a:a8:31:87:7f:
         45:12:81:05:4a:57:be:68:b7:d6:53:de:44:9d:cb:10:ee:bf:
         bb:76:8f:b0:e7:15:a4:10:7f:05:a3:11:68:a1:0b:6d:f4:b4:
         e7:07:91:c3:14:a1:ea:7a:c0:3a:2d:82:04:88:80:ff:17:c8:
         1d:4f:0e:83:47:69:42:62:67:52:f0:eb:d5:43:14:bf:df:6c:
         ec:a1:81:fc:90:7d:cf:75:f3:a8:57:8b:56:18:dd:84:7d:fa:
         ed:89:4c:f2:2c:71:c3:d4:bb:0c:2a:bc:95:d7:cb:3f:6e:19:
         18:0a:92:54:b7:cb:84:81:bf:9e:11:ec:2c:28:98:1b:1e:37:
         61:51:f7:e6:5c:a1:fb:d2:f9:f7:3a:20:68:eb:c0:2e:a5:ae:
         99:5c:a7:a3:c6:99:e9:ce:d2:f9:41:a5:34:bb:57:10:9b:80:
         7d:7b:fc:e1:f4:de:5e:a0:e0:88:61:da:00:20:d5:52:80:3e:
         b8:7a:eb:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYz4jaGRu+yu9HzqVmO3eDktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTExMTI0NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI0OGNmMDI4ZDA2NmE3ODI3NWZlZjhlZmQzNjZkNzI0MDc0NjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/vjLcpQWZMHRp4WVeCr9Vg8Eh8J
puGn5uYvAV65XifIIZC5yws+kmQwTr42HL6UnENG/tIyCbgTf/KxBN/7Td7uZtdu
2M/GPR+5GeBWgqCt1g1x5gqk/tJmgUAU8cYtPr5+wKYN1xEeU6dVO4k2U/9tmwYw
uabY1aLFpRP3HF8suYYTlZOWVPqzpGTVARruBqLuB3D4Qc1evKz+QFCDY7iphNHx
cGIOiK+XaihXhGzymQTgRqOikQZUAu6Ab+l2I3tMtkrILNv8ZtRhAuRmYqEIRR1k
rlrLbAUt5f2evTkd0uxS79T6kOXoGM2PGyRBtzGj7z68tTrwetX0Hk0BawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAIkjPAo0GangnX++O/TZtckB0Y6MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvQWlTTThDalFacWVDZGY3NDc5Tm0xeVFIUmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD9
MA0GCSqGSIb3DQEBCwUAA4IBAQBc0Gkwjo54LyE5ScZpkLIrMoNBNIkrcnWU95O3
DLFJVvLcMKx1HffT8ibHPaLVABOR4FSvdL+7a1U4qz41TZkaLvBwCqgxh39FEoEF
Sle+aLfWU95EncsQ7r+7do+w5xWkEH8FoxFooQtt9LTnB5HDFKHqesA6LYIEiID/
F8gdTw6DR2lCYmdS8OvVQxS/32zsoYH8kH3PdfOoV4tWGN2EffrtiUzyLHHD1LsM
KryV18s/bhkYCpJUt8uEgb+eEewsKJgbHjdhUffmXKH70vn3OiBo68Aupa6ZXKej
xpnpztL5QaU0u1cQm4B9e/zh9N5eoOCIYdoAINVSgD64eusB
-----END CERTIFICATE-----