Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/JyWoCErPEtytYKQKVDcHhyGHRqs.roa
File:                     JyWoCErPEtytYKQKVDcHhyGHRqs.roa (raw, json)
Hash identifier:          R8DkJHHGsU/MyWxdxFTVICWKMNabID/UaJ0EJGl3qao=
Subject key identifier:   27:25:A8:08:4A:CF:12:DC:AD:60:A4:0A:54:37:07:87:21:87:46:AB
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDEAF1097D82ACA3ADC0F20C03771
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/JyWoCErPEtytYKQKVDcHhyGHRqs.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        2a03:5840:110::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:de:af:10:97:d8:2a:ca:3a:dc:0f:20:c0:37:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2725a8084acf12dcad60a40a54370787218746ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b2:68:a7:b7:27:7b:ca:31:4a:d2:0c:be:21:
                    f7:94:57:16:4c:49:08:ef:32:45:75:e6:73:c3:cf:
                    96:92:37:2b:e0:34:e6:d0:9b:8d:94:ee:77:13:ee:
                    01:79:37:0e:ee:a0:d2:7d:f2:3b:dd:ee:db:34:5e:
                    df:e0:4c:1a:5a:c8:db:c2:f5:f2:5f:d0:71:5d:0d:
                    49:42:9e:52:90:4d:8d:eb:5d:7c:1b:d2:f5:89:64:
                    95:a0:7b:37:ed:bd:6f:b6:3b:a8:ab:d9:10:4c:41:
                    4b:ad:ca:01:34:ee:ee:ad:50:17:1b:1a:c0:11:dc:
                    b6:b9:7a:28:78:26:3d:06:21:9d:01:56:6f:d1:46:
                    29:bd:4d:75:67:c6:d9:3b:bb:25:b0:ad:fa:68:ec:
                    7c:ec:b7:6c:65:27:33:9a:38:dd:3c:cd:6b:ac:3e:
                    0a:05:20:94:dc:dd:a0:e6:f7:70:69:7e:d5:50:45:
                    44:d3:76:2e:8f:24:04:a2:0e:00:fc:6d:00:2f:34:
                    39:45:2d:00:21:45:b5:7b:79:f5:3a:9e:a7:bb:7a:
                    03:62:4d:78:9d:23:73:19:bf:78:1f:12:91:a5:0f:
                    ee:bb:2d:c0:40:10:54:3d:ec:10:c7:d8:70:9f:91:
                    e1:66:e0:da:25:fc:44:3c:c1:c4:d1:c9:2f:bd:0a:
                    8a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:25:A8:08:4A:CF:12:DC:AD:60:A4:0A:54:37:07:87:21:87:46:AB
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/JyWoCErPEtytYKQKVDcHhyGHRqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:110::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:87:fd:bc:8a:ae:60:f5:e4:96:c6:4d:ea:37:c5:ac:ca:79:
         1c:50:c0:28:39:63:cf:47:af:db:92:dd:d8:70:2d:b9:cf:51:
         d4:b1:47:2d:84:c3:d4:00:ba:cf:16:85:d9:f2:ae:6c:83:bd:
         bf:c4:cc:0d:da:38:77:05:f1:da:f5:e8:d6:1a:08:68:e9:c7:
         d0:77:d5:64:4b:66:e3:30:62:b8:11:81:1e:5b:61:40:c5:03:
         cc:95:f2:c5:05:ac:37:f6:54:0a:c4:d2:78:cb:a8:90:59:d9:
         7a:fc:27:ae:52:51:0e:65:d2:48:7e:8c:83:29:47:59:4c:9d:
         bb:d0:5c:f8:82:45:33:ac:ff:cb:7c:6d:a7:e5:7b:01:ad:7c:
         59:2f:7c:4e:f5:36:0e:4d:93:57:5c:89:bf:4e:b2:50:ff:12:
         50:d9:40:8b:c1:94:bb:8b:d2:0e:d8:0f:ee:01:06:bb:54:f8:
         e1:24:7d:7c:b2:d7:87:20:8d:4e:7f:ea:bf:7e:8b:75:b9:50:
         b6:64:17:0c:ff:7f:c8:82:3f:b4:64:e4:72:83:90:6f:ae:87:
         0e:aa:82:97:ec:c4:09:62:c3:06:66:bc:3d:b8:71:84:a6:0f:
         f0:e5:b0:53:cb:7d:8e:49:f6:a8:ca:32:ba:73:01:28:dd:01:
         a5:85:63:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb96vEJfYKso63A8gwDdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI1YTgwODRhY2YxMmRjYWQ2MGE0MGE1NDM3MDc4NzIxODc0NmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLJop7cne8oxStIMviH3lFcWTEkI
7zJFdeZzw8+Wkjcr4DTm0JuNlO53E+4BeTcO7qDSffI73e7bNF7f4EwaWsjbwvXy
X9BxXQ1JQp5SkE2N6118G9L1iWSVoHs37b1vtjuoq9kQTEFLrcoBNO7urVAXGxrA
Edy2uXooeCY9BiGdAVZv0UYpvU11Z8bZO7slsK36aOx87LdsZSczmjjdPM1rrD4K
BSCU3N2g5vdwaX7VUEVE03YujyQEog4A/G0ALzQ5RS0AIUW1e3n1Op6nu3oDYk14
nSNzGb94HxKRpQ/uuy3AQBBUPewQx9hwn5HhZuDaJfxEPMHE0ckvvQqK1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCclqAhKzxLcrWCkClQ3B4chh0arMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvSnlXb0NFclBFdHl0WUtRS1ZEY0hoeUdIUnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBgh/28iq5g9eSWxk3qN8WsynkcUMAoOWPPR6/b
kt3YcC25z1HUsUcthMPUALrPFoXZ8q5sg72/xMwN2jh3BfHa9ejWGgho6cfQd9Vk
S2bjMGK4EYEeW2FAxQPMlfLFBaw39lQKxNJ4y6iQWdl6/CeuUlEOZdJIfoyDKUdZ
TJ270Fz4gkUzrP/LfG2n5XsBrXxZL3xO9TYOTZNXXIm/TrJQ/xJQ2UCLwZS7i9IO
2A/uAQa7VPjhJH18steHII1Of+q/fot1uVC2ZBcM/3/Igj+0ZORyg5BvrocOqoKX
7MQJYsMGZrw9uHGEpg/w5bBTy32OSfaoyjK6cwEo3QGlhWNH
-----END CERTIFICATE-----