Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/D0VY1tnyW1sc1eci763M9M_Qb-w.roa
File:                     D0VY1tnyW1sc1eci763M9M_Qb-w.roa (raw, json)
Hash identifier:          Gx4ftABrrrIUB2Otbma82QUFNE7z8rSGuxi9F+Ny6b4=
Subject key identifier:   0F:45:58:D6:D9:F2:5B:5B:1C:D5:E7:22:EF:AD:CC:F4:CF:D0:6F:EC
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD5F52651D24AC05D28B6EB29B072
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/D0VY1tnyW1sc1eci763M9M_Qb-w.roa
Signing time:             Tue 02 Jan 2024 04:30:21 +0000
ROA not before:           Tue 02 Jan 2024 04:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197432
IP address blocks:        2a03:5840:fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d5:f5:26:51:d2:4a:c0:5d:28:b6:eb:29:b0:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f4558d6d9f25b5b1cd5e722efadccf4cfd06fec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:52:0c:a5:47:82:f5:17:e7:5e:f8:b2:01:1f:
                    b1:b2:a9:b7:83:6b:2e:ab:9a:22:bb:f3:c6:ab:6d:
                    f3:96:4f:07:6f:c6:7d:f6:4f:05:41:2d:31:4a:9e:
                    0e:4e:3b:73:17:ec:e8:6f:f2:c6:2f:76:19:9d:91:
                    a7:71:ce:37:41:f6:25:bd:bb:ec:9b:7f:22:f4:fc:
                    b8:c6:e8:6b:10:a9:5b:b4:ab:23:b9:4a:8c:1c:c2:
                    94:b0:c6:c2:4d:e2:40:a8:f1:b5:16:a3:08:82:5e:
                    16:25:a4:93:38:64:26:2c:ca:63:f6:fa:41:1b:c5:
                    f8:f0:79:85:da:09:12:7c:6e:c6:cd:fe:52:6f:cd:
                    c7:d6:24:33:ae:58:59:82:cb:ee:73:74:a5:e6:5b:
                    16:96:62:ef:e7:e9:f9:ea:4a:6e:36:f2:23:f4:bc:
                    08:d9:59:1d:28:9d:94:f1:0c:43:eb:ad:10:85:32:
                    72:e6:44:fc:2e:6d:1e:cd:ab:c9:1c:dd:c9:e7:71:
                    a2:29:4d:7e:1d:88:29:26:fa:03:d8:d6:d0:cc:f4:
                    c7:ff:59:87:18:50:ce:36:73:51:ec:a5:4d:71:a7:
                    a2:a5:02:f9:44:34:16:50:1f:30:4d:a7:96:47:3f:
                    8d:a0:f7:b7:b9:e2:d2:86:e5:64:1c:ea:a6:0f:6b:
                    16:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:45:58:D6:D9:F2:5B:5B:1C:D5:E7:22:EF:AD:CC:F4:CF:D0:6F:EC
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/D0VY1tnyW1sc1eci763M9M_Qb-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:23:64:9e:4f:bf:12:e4:ef:3a:8f:ec:58:7a:b4:9b:e8:ea:
         2f:a1:9a:32:bc:9e:68:58:13:20:56:0c:1e:36:07:bc:4c:c0:
         0a:df:9d:ab:8a:8a:cb:fb:7f:c0:94:b9:28:a5:d4:d4:ab:2b:
         b6:71:3c:97:be:af:fc:08:21:4d:91:d2:64:a7:c5:71:b3:f7:
         44:06:fb:5d:92:87:81:45:9c:16:9f:38:28:71:3c:ee:1f:2a:
         ba:08:23:a0:e2:cb:7a:01:ad:28:f7:6f:b5:6d:07:2e:c3:96:
         64:ea:cc:88:b0:aa:34:a7:e7:aa:09:fc:ba:07:ac:60:9d:e4:
         29:d7:32:0d:bc:ef:66:b7:7a:c8:d1:a5:0b:a6:8a:19:59:e1:
         21:65:1e:fb:b9:05:a3:b9:46:bc:49:ca:e1:3e:88:0c:7a:03:
         8c:b3:d2:9a:f7:54:48:84:6c:9c:c8:09:55:30:95:e2:30:f3:
         d0:b4:8b:da:14:b1:ce:97:e6:4a:02:34:47:8b:86:84:49:d3:
         b0:a2:7c:34:36:17:03:bb:d3:2e:f5:b6:96:44:a7:dc:d1:cf:
         eb:11:b3:51:48:c8:be:b4:9f:5b:d2:e9:11:dd:71:73:64:88:
         c7:a9:a8:6d:3c:89:8c:3f:67:13:80:fb:f7:d9:e9:89:a6:04:
         64:d2:e6:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9X1JlHSSsBdKLbrKbByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjQ1NThkNmQ5ZjI1YjViMWNkNWU3MjJlZmFkY2NmNGNmZDA2ZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlIMpUeC9RfnXviyAR+xsqm3g2su
q5oiu/PGq23zlk8Hb8Z99k8FQS0xSp4OTjtzF+zob/LGL3YZnZGncc43QfYlvbvs
m38i9Py4xuhrEKlbtKsjuUqMHMKUsMbCTeJAqPG1FqMIgl4WJaSTOGQmLMpj9vpB
G8X48HmF2gkSfG7Gzf5Sb83H1iQzrlhZgsvuc3Sl5lsWlmLv5+n56kpuNvIj9LwI
2VkdKJ2U8QxD660QhTJy5kT8Lm0ezavJHN3J53GiKU1+HYgpJvoD2NbQzPTH/1mH
GFDONnNR7KVNcaeipQL5RDQWUB8wTaeWRz+NoPe3ueLShuVkHOqmD2sWoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA9FWNbZ8ltbHNXnIu+tzPTP0G/sMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvRDBWWTF0bnlXMXNjMWVjaTc2M005TV9RYi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD8
MA0GCSqGSIb3DQEBCwUAA4IBAQCuI2SeT78S5O86j+xYerSb6OovoZoyvJ5oWBMg
VgweNge8TMAK352riorL+3/AlLkopdTUqyu2cTyXvq/8CCFNkdJkp8Vxs/dEBvtd
koeBRZwWnzgocTzuHyq6CCOg4st6Aa0o92+1bQcuw5Zk6syIsKo0p+eqCfy6B6xg
neQp1zINvO9mt3rI0aULpooZWeEhZR77uQWjuUa8ScrhPogMegOMs9Ka91RIhGyc
yAlVMJXiMPPQtIvaFLHOl+ZKAjRHi4aESdOwonw0NhcDu9Mu9baWRKfc0c/rEbNR
SMi+tJ9b0ukR3XFzZIjHqahtPImMP2cTgPv32emJpgRk0uYI
-----END CERTIFICATE-----