Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/DhQoCmHaZB-KcIBOcwJUb_Tf4GM.roa
File:                     DhQoCmHaZB-KcIBOcwJUb_Tf4GM.roa (raw, json)
Hash identifier:          vQKsfMWiN0sAvipDPKJDRIPjgfAUBToBlMwvvoe0G1c=
Subject key identifier:   0E:14:28:0A:61:DA:64:1F:8A:70:80:4E:73:02:54:6F:F4:DF:E0:63
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0191C2ACFD3A769AAF89B8C08E7C7990F6F8
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/DhQoCmHaZB-KcIBOcwJUb_Tf4GM.roa
Signing time:             Thu 05 Sep 2024 14:53:22 +0000
ROA not before:           Thu 05 Sep 2024 14:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214387
IP address blocks:        2a03:5840:11f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c2:ac:fd:3a:76:9a:af:89:b8:c0:8e:7c:79:90:f6:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Sep  5 14:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e14280a61da641f8a70804e7302546ff4dfe063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:25:4c:70:75:09:bd:58:87:23:cf:7f:40:eb:
                    12:47:15:4f:f1:bb:11:d8:35:05:60:c1:a5:a4:18:
                    99:80:b8:89:b1:10:4f:e0:44:1d:f6:52:f6:3a:b2:
                    dd:b9:aa:35:80:b9:70:b9:8b:0d:43:fc:e9:87:9a:
                    59:9f:3b:64:2e:fc:0c:e1:e9:fe:89:a2:a3:04:62:
                    78:2f:fe:2f:65:c8:74:24:d6:9a:81:9c:d9:6a:5d:
                    92:9d:c5:49:4d:60:b7:68:b0:0f:3c:91:82:e8:cd:
                    a9:64:2a:96:32:68:2b:09:96:97:9e:96:de:1a:eb:
                    ef:47:51:38:78:94:f7:aa:03:59:ae:30:4b:42:82:
                    e8:90:92:23:8a:ef:99:07:a8:12:1c:94:51:4b:fa:
                    90:57:38:fe:c1:4f:55:7a:98:44:29:2d:6c:0d:9f:
                    30:83:41:ad:3f:3c:c2:3b:8d:3b:47:c3:2a:92:61:
                    7f:d6:a4:b6:77:12:a9:f1:ce:eb:89:c1:1e:7a:6e:
                    c1:63:1e:09:c8:f5:a0:b5:9a:12:83:65:ef:ad:d0:
                    5d:30:b0:8c:ea:7a:d6:86:77:4c:35:65:64:3a:09:
                    6e:03:09:3a:27:fc:0d:5a:cf:7c:54:63:66:dd:f0:
                    78:bc:d5:39:13:30:60:fe:a2:65:05:ba:07:c0:d8:
                    60:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:14:28:0A:61:DA:64:1F:8A:70:80:4E:73:02:54:6F:F4:DF:E0:63
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/DhQoCmHaZB-KcIBOcwJUb_Tf4GM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:11f::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:af:1c:b5:7b:12:3c:30:53:9f:92:fb:be:ba:90:a0:0a:ef:
         fa:ca:f9:d9:b9:19:1a:fa:18:2e:f4:80:3e:d6:29:d1:a9:8f:
         c9:6d:8f:60:7a:08:a0:85:06:58:28:97:44:07:ec:48:c2:af:
         b6:97:83:ea:f8:90:c6:15:38:56:6b:6c:32:d4:46:87:ba:32:
         7d:06:f0:bb:85:bd:66:50:d8:75:ba:88:15:15:3a:32:13:fd:
         4c:66:dd:7e:b5:3d:6c:9b:e4:62:ca:21:34:af:3a:3f:95:7e:
         a7:39:33:00:69:d8:5b:b9:76:a7:c9:68:74:65:73:da:0c:e6:
         ed:f3:09:c6:a0:22:00:9c:5b:da:4b:7f:fd:94:8b:d2:74:78:
         6e:8b:d9:bf:6e:21:62:c8:c7:79:b3:26:0b:f8:81:66:e0:97:
         72:79:7b:5a:cc:de:30:a8:e6:50:27:61:41:32:f9:53:60:e5:
         ff:54:00:e5:d3:f9:98:d8:69:9c:f7:a0:94:c2:35:26:7d:88:
         39:23:76:09:f8:d0:9c:9b:a6:06:70:73:d3:2f:f7:8f:7a:88:
         7a:e9:cf:19:60:9b:02:81:4e:2d:7e:9b:5a:42:bd:cf:a8:43:
         d7:23:0e:1f:e5:14:72:82:9e:98:6e:b4:b1:0c:5f:a8:5b:bc:
         f1:a1:36:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHCrP06dpqvibjAjnx5kPb4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwOTA1MTQ1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE0MjgwYTYxZGE2NDFmOGE3MDgwNGU3MzAyNTQ2ZmY0ZGZlMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCVMcHUJvViHI89/QOsSRxVP8bsR
2DUFYMGlpBiZgLiJsRBP4EQd9lL2OrLduao1gLlwuYsNQ/zph5pZnztkLvwM4en+
iaKjBGJ4L/4vZch0JNaagZzZal2SncVJTWC3aLAPPJGC6M2pZCqWMmgrCZaXnpbe
GuvvR1E4eJT3qgNZrjBLQoLokJIjiu+ZB6gSHJRRS/qQVzj+wU9VephEKS1sDZ8w
g0GtPzzCO407R8MqkmF/1qS2dxKp8c7ricEeem7BYx4JyPWgtZoSg2XvrdBdMLCM
6nrWhndMNWVkOgluAwk6J/wNWs98VGNm3fB4vNU5EzBg/qJlBboHwNhgpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA4UKAph2mQfinCATnMCVG/03+BjMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvRGhRb0NtSGFaQi1LY0lCT2N3SlViX1RmNEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEf
MA0GCSqGSIb3DQEBCwUAA4IBAQBirxy1exI8MFOfkvu+upCgCu/6yvnZuRka+hgu
9IA+1inRqY/JbY9gegighQZYKJdEB+xIwq+2l4Pq+JDGFThWa2wy1EaHujJ9BvC7
hb1mUNh1uogVFToyE/1MZt1+tT1sm+RiyiE0rzo/lX6nOTMAadhbuXanyWh0ZXPa
DObt8wnGoCIAnFvaS3/9lIvSdHhui9m/biFiyMd5syYL+IFm4JdyeXtazN4wqOZQ
J2FBMvlTYOX/VADl0/mY2Gmc96CUwjUmfYg5I3YJ+NCcm6YGcHPTL/ePeoh66c8Z
YJsCgU4tfptaQr3PqEPXIw4f5RRygp6YbrSxDF+oW7zxoTYc
-----END CERTIFICATE-----