Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/MQOnROuSgCbt4xL4pavdskBi0Ko.roa
File:                     MQOnROuSgCbt4xL4pavdskBi0Ko.roa (raw, json)
Hash identifier:          s/Fn+EnjSCL6TpcNkBhkG6X0sFZ5KqwNJlWZ21Y6hMg=
Subject key identifier:   31:03:A7:44:EB:92:80:26:ED:E3:12:F8:A5:AB:DD:B2:40:62:D0:AA
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD6D369E7F79D4945BC4FF3EA2A0D
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/MQOnROuSgCbt4xL4pavdskBi0Ko.roa
Signing time:             Tue 02 Jan 2024 04:30:21 +0000
ROA not before:           Tue 02 Jan 2024 04:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198064
IP address blocks:        2a03:5840:f9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d6:d3:69:e7:f7:9d:49:45:bc:4f:f3:ea:2a:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3103a744eb928026ede312f8a5abddb24062d0aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e6:66:45:08:5d:d1:33:38:b8:ba:c8:2e:15:
                    be:49:17:2f:72:51:02:2f:8e:93:ea:3f:1d:52:85:
                    ee:1f:dd:36:bb:d2:f3:45:14:f8:8f:ba:a9:4d:6f:
                    91:4e:bf:06:48:7f:85:01:84:6c:59:0e:71:89:8c:
                    67:b8:fe:29:49:48:01:17:a8:f4:fb:d0:21:c5:ad:
                    f5:94:23:69:e5:22:46:0e:0f:02:3e:8f:ba:46:1a:
                    25:88:eb:77:47:76:d0:48:38:65:87:fe:c1:7c:62:
                    53:b4:9b:5f:03:e5:6a:0c:af:50:cf:49:98:bb:42:
                    f5:84:57:58:d2:26:8e:d0:4e:27:de:89:cd:de:cd:
                    53:8a:47:27:39:71:0d:b1:70:f4:a0:74:15:ac:a7:
                    f1:b4:77:76:1c:07:15:17:75:88:21:6a:56:26:91:
                    f9:f8:61:c8:af:b4:df:1e:bc:9e:90:d1:28:00:c0:
                    6a:58:5d:4d:f2:d4:ae:c0:7a:0c:95:43:dc:fa:1b:
                    1c:3d:e7:75:f8:8a:f9:87:56:28:4b:14:94:70:5e:
                    01:fa:05:54:bf:61:f3:1f:21:b5:78:be:b4:31:46:
                    33:ee:ba:ee:e4:15:90:24:41:13:24:7b:1a:d3:d2:
                    de:a1:52:c5:02:71:93:17:85:e7:7e:fe:0b:cd:f4:
                    17:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:03:A7:44:EB:92:80:26:ED:E3:12:F8:A5:AB:DD:B2:40:62:D0:AA
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/MQOnROuSgCbt4xL4pavdskBi0Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f9::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:ef:1a:5e:86:81:92:d6:1e:eb:56:bb:b5:da:99:1b:d9:8c:
         78:89:88:22:5f:e7:90:85:c4:c8:48:4e:25:60:dd:99:20:45:
         3d:e2:b8:dc:6d:01:94:be:b2:9b:ce:e6:41:15:25:3b:98:35:
         68:c5:6b:15:68:fd:98:d8:db:53:28:c2:37:24:92:ea:92:f5:
         7e:b4:0d:ff:20:0e:e3:8d:59:2a:f6:5c:ce:be:75:04:8c:63:
         02:ba:48:b1:3b:25:c0:06:e9:62:6a:46:b5:f2:1a:31:69:c3:
         51:1b:96:3b:bd:b1:50:b2:0c:06:86:18:c1:7d:69:9a:e8:54:
         b4:7a:46:f0:53:d1:cb:6b:e3:67:2d:a7:3e:e7:00:aa:bc:6d:
         af:52:e1:1d:61:d7:d1:9f:4f:ba:52:ce:2a:85:0a:0b:f0:bf:
         6e:17:b6:60:dd:67:f1:d8:e3:80:bf:22:48:ac:57:a5:3e:06:
         b3:9d:10:7c:32:4c:d7:4c:8f:34:f3:ac:76:7c:14:fe:ae:cb:
         55:e4:40:a7:e9:fd:ee:9d:7c:02:46:96:6e:40:51:74:40:57:
         e5:62:f5:0e:0e:8c:2d:a8:f9:6f:2d:94:f3:63:91:32:a8:fd:
         b2:e9:da:b0:1a:63:a8:38:f2:b9:c1:4c:d9:ad:fe:4e:ed:b6:
         e6:26:84:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9bTaef3nUlFvE/z6ioNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTAzYTc0NGViOTI4MDI2ZWRlMzEyZjhhNWFiZGRiMjQwNjJkMGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOZmRQhd0TM4uLrILhW+SRcvclEC
L46T6j8dUoXuH902u9LzRRT4j7qpTW+RTr8GSH+FAYRsWQ5xiYxnuP4pSUgBF6j0
+9Ahxa31lCNp5SJGDg8CPo+6RholiOt3R3bQSDhlh/7BfGJTtJtfA+VqDK9Qz0mY
u0L1hFdY0iaO0E4n3onN3s1TikcnOXENsXD0oHQVrKfxtHd2HAcVF3WIIWpWJpH5
+GHIr7TfHryekNEoAMBqWF1N8tSuwHoMlUPc+hscPed1+Ir5h1YoSxSUcF4B+gVU
v2HzHyG1eL60MUYz7rru5BWQJEETJHsa09LeoVLFAnGTF4Xnfv4LzfQXZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDEDp0TrkoAm7eMS+KWr3bJAYtCqMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvTVFPblJPdVNnQ2J0NHhMNHBhdmRza0JpMEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD5
MA0GCSqGSIb3DQEBCwUAA4IBAQAb7xpehoGS1h7rVru12pkb2Yx4iYgiX+eQhcTI
SE4lYN2ZIEU94rjcbQGUvrKbzuZBFSU7mDVoxWsVaP2Y2NtTKMI3JJLqkvV+tA3/
IA7jjVkq9lzOvnUEjGMCukixOyXABuliaka18hoxacNRG5Y7vbFQsgwGhhjBfWma
6FS0ekbwU9HLa+NnLac+5wCqvG2vUuEdYdfRn0+6Us4qhQoL8L9uF7Zg3Wfx2OOA
vyJIrFelPgaznRB8MkzXTI8086x2fBT+rstV5ECn6f3unXwCRpZuQFF0QFflYvUO
DowtqPlvLZTzY5EyqP2y6dqwGmOoOPK5wUzZrf5O7bbmJoS6
-----END CERTIFICATE-----