Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/VBvrP_8pGTVwE0p15o-RtI5bJHA.roa
File:                     VBvrP_8pGTVwE0p15o-RtI5bJHA.roa (raw, json)
Hash identifier:          jgoYtBF7XKAKJ21+av6N94S12aHIAd8+jwF4jFrqWzg=
Subject key identifier:   54:1B:EB:3F:FF:29:19:35:70:13:4A:75:E6:8F:91:B4:8E:5B:24:70
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDB08A5A432877433BCF9E3A5E5FA
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/VBvrP_8pGTVwE0p15o-RtI5bJHA.roa
Signing time:             Tue 02 Jan 2024 04:30:22 +0000
ROA not before:           Tue 02 Jan 2024 04:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204826
IP address blocks:        2a03:5840:fb::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:db:08:a5:a4:32:87:74:33:bc:f9:e3:a5:e5:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=541beb3fff29193570134a75e68f91b48e5b2470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3f:6b:f9:75:ec:9e:9e:ee:eb:8e:ab:a0:55:
                    5d:20:65:74:92:2f:44:f6:1d:48:e8:1d:c5:6d:3b:
                    77:ac:25:5b:4d:11:9b:ab:92:ae:3e:35:81:38:8c:
                    bd:3b:06:66:e8:d5:41:b7:ef:55:80:44:10:5a:ad:
                    ca:c6:05:44:8b:55:11:b6:11:45:c9:b2:19:cd:ba:
                    82:68:df:4d:48:dd:91:9d:57:91:3f:0e:50:18:78:
                    19:aa:56:6c:00:c7:3a:14:c2:bd:18:b5:52:d2:1d:
                    7b:b6:43:12:97:b1:c1:a1:64:74:ee:9d:2b:47:8c:
                    1b:c9:e9:a4:39:e9:b1:ce:3b:02:62:be:6f:03:58:
                    97:71:12:dc:57:35:9c:8c:d7:2e:47:bb:0d:40:fc:
                    66:16:f4:d1:09:fd:d1:62:2a:cf:0d:a9:6d:a1:19:
                    45:46:bd:6c:1b:e9:67:6f:51:60:b4:02:4d:74:14:
                    cf:cd:1e:ae:a1:ca:da:b7:35:50:20:dc:ce:26:88:
                    77:ab:54:e0:8a:8a:d4:7d:b4:8b:05:b9:72:3c:a7:
                    0e:8c:ef:df:8c:90:ee:73:bb:27:2a:45:94:8f:02:
                    09:62:69:43:7a:12:cf:01:f3:7b:29:a1:87:0e:b0:
                    a8:ad:6c:b7:6a:ed:9f:e9:a8:70:c0:ff:b5:15:ec:
                    c6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:1B:EB:3F:FF:29:19:35:70:13:4A:75:E6:8F:91:B4:8E:5B:24:70
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/VBvrP_8pGTVwE0p15o-RtI5bJHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:fb::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:a8:5f:38:5e:75:91:4a:1f:48:27:15:93:f6:eb:e4:30:a7:
         ac:ce:dd:7e:e7:d4:24:76:7b:34:d2:a9:d2:97:34:16:90:5f:
         72:52:46:ce:21:32:4e:be:c4:05:d8:e4:b8:d2:46:4c:bb:2a:
         30:ac:e3:78:56:ac:32:67:4f:dd:a7:d5:6e:fb:cd:aa:11:a3:
         d8:92:34:d3:4a:e7:ef:07:f3:55:c8:c2:e8:81:e1:d5:69:c8:
         a5:b7:e8:22:10:4a:3c:20:92:26:8a:a0:d1:63:d7:5d:00:c9:
         5d:65:e6:5a:4c:f6:fe:1c:f1:cd:b2:0f:f3:2b:f3:3e:39:cd:
         dc:bc:79:da:87:31:8a:03:6e:c8:63:3b:51:42:f3:ff:53:a4:
         3b:d9:de:8b:cd:85:47:b2:91:56:7d:4f:81:d0:16:c1:9f:8b:
         e3:07:9a:a5:20:0d:a6:89:17:24:3e:e8:3b:ae:fe:59:64:d1:
         be:f0:4a:c1:6d:8f:d8:98:e3:a6:28:56:e0:f8:13:82:58:6c:
         d7:9d:1c:b5:b8:f2:8a:ce:d8:0b:44:f3:55:54:20:ce:cc:c9:
         db:3c:f2:24:15:f6:8f:c7:9c:87:53:f3:03:63:86:f5:45:41:
         0d:fd:ac:d2:52:ba:5d:e3:70:00:40:26:9c:da:65:ea:0d:36:
         ca:8d:93:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9sIpaQyh3QzvPnjpeX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDFiZWIzZmZmMjkxOTM1NzAxMzRhNzVlNjhmOTFiNDhlNWIyNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj9r+XXsnp7u646roFVdIGV0ki9E
9h1I6B3FbTt3rCVbTRGbq5KuPjWBOIy9OwZm6NVBt+9VgEQQWq3KxgVEi1URthFF
ybIZzbqCaN9NSN2RnVeRPw5QGHgZqlZsAMc6FMK9GLVS0h17tkMSl7HBoWR07p0r
R4wbyemkOemxzjsCYr5vA1iXcRLcVzWcjNcuR7sNQPxmFvTRCf3RYirPDaltoRlF
Rr1sG+lnb1FgtAJNdBTPzR6uocratzVQINzOJoh3q1TgiorUfbSLBblyPKcOjO/f
jJDuc7snKkWUjwIJYmlDehLPAfN7KaGHDrCorWy3au2f6ahwwP+1FezG/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFQb6z//KRk1cBNKdeaPkbSOWyRwMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvVkJ2clBfOHBHVFZ3RTBwMTVvLVJ0STViSkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD7
MA0GCSqGSIb3DQEBCwUAA4IBAQAXqF84XnWRSh9IJxWT9uvkMKeszt1+59Qkdns0
0qnSlzQWkF9yUkbOITJOvsQF2OS40kZMuyowrON4VqwyZ0/dp9Vu+82qEaPYkjTT
SufvB/NVyMLogeHVacilt+giEEo8IJImiqDRY9ddAMldZeZaTPb+HPHNsg/zK/M+
Oc3cvHnahzGKA27IYztRQvP/U6Q72d6LzYVHspFWfU+B0BbBn4vjB5qlIA2miRck
Pug7rv5ZZNG+8ErBbY/YmOOmKFbg+BOCWGzXnRy1uPKKztgLRPNVVCDOzMnbPPIk
FfaPx5yHU/MDY4b1RUEN/azSUrpd43AAQCac2mXqDTbKjZOk
-----END CERTIFICATE-----