Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/aSfI1J6Bgu3rqaEIE084AZ9b6pI.roa
File:                     aSfI1J6Bgu3rqaEIE084AZ9b6pI.roa (raw, json)
Hash identifier:          FZkfObYTynUk8qwFY+KJ29s9MbIvFtGIw7SDxOdIGbQ=
Subject key identifier:   69:27:C8:D4:9E:81:82:ED:EB:A9:A1:08:13:4F:38:01:9F:5B:EA:92
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD846D2DB761D312E8F4CCB828C16
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/aSfI1J6Bgu3rqaEIE084AZ9b6pI.roa
Signing time:             Tue 02 Jan 2024 04:30:22 +0000
ROA not before:           Tue 02 Jan 2024 04:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199580
IP address blocks:        2a03:5840:f4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d8:46:d2:db:76:1d:31:2e:8f:4c:cb:82:8c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6927c8d49e8182edeba9a108134f38019f5bea92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:48:d5:7b:13:e7:77:2b:ed:07:04:25:ad:f7:
                    c8:87:b3:e3:80:33:77:3e:67:89:6d:ef:db:c1:31:
                    8e:fd:89:27:b1:67:bf:eb:6e:a1:e3:69:d3:e8:20:
                    0a:b3:41:07:1f:9b:b8:e0:08:84:73:51:14:c4:cd:
                    00:3f:e0:8c:e6:67:51:58:eb:13:70:b4:8d:28:b2:
                    1f:67:d6:5e:e0:4e:f7:1b:8c:13:cb:bf:1b:f4:2d:
                    18:d4:ce:c7:6d:5e:6e:89:6e:df:5c:db:8c:cc:9e:
                    b0:99:b4:20:cb:c6:95:6c:ff:1b:9a:70:c3:f6:90:
                    4e:5d:f8:91:dd:ea:c2:2a:c9:de:b1:8e:73:33:e5:
                    86:7c:30:ca:9f:fb:ff:53:ab:bf:e1:b7:c0:de:81:
                    91:0d:f9:1b:f1:a4:d5:1a:11:f2:21:57:c5:84:79:
                    d0:77:1b:b2:54:f2:dc:58:d8:03:10:f1:14:d4:82:
                    40:f8:f1:f6:92:95:70:2f:74:0a:d0:3b:8c:23:55:
                    2d:d5:67:f7:e7:35:20:ca:78:5d:22:5f:33:84:1d:
                    61:44:f4:15:20:17:d0:da:27:9b:bf:be:db:cf:a0:
                    12:a4:f3:4a:0f:5d:75:b0:49:c6:23:8b:a0:4d:f8:
                    6f:c6:25:d9:83:3b:3b:48:24:5a:7a:2d:bf:c1:7b:
                    8f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:27:C8:D4:9E:81:82:ED:EB:A9:A1:08:13:4F:38:01:9F:5B:EA:92
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/aSfI1J6Bgu3rqaEIE084AZ9b6pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:ef:af:96:3a:73:e9:2f:0c:65:5a:08:ad:31:cd:61:89:3d:
         92:94:8d:59:69:b1:18:ae:52:43:72:4c:3c:8a:9c:59:d7:df:
         7a:b8:76:ba:1b:ec:ae:0a:eb:e6:b2:b0:ff:8a:3c:f1:57:84:
         7e:c7:d9:3b:db:09:b8:59:78:04:6e:c5:d6:7f:c7:18:c9:32:
         30:ae:e4:15:00:91:68:c2:53:8d:00:22:11:6f:6f:02:cb:36:
         5b:32:22:5a:58:c3:8c:39:56:d3:d8:3d:00:4b:c4:8e:38:b7:
         d2:51:6a:9a:73:ed:ff:c0:d5:44:0f:1c:11:a2:e3:23:f2:b0:
         e3:e6:bc:41:d9:c4:48:42:1d:ed:e9:68:c0:f7:d4:88:25:56:
         5a:cf:2c:5e:9e:bd:35:a3:00:a3:5e:ef:3b:b4:56:8d:95:b9:
         01:c9:42:95:ac:5c:63:e5:db:50:ee:b7:84:89:ad:cb:a6:0f:
         98:2f:26:da:bd:4d:1b:23:5c:89:0c:39:99:80:d3:58:38:26:
         c1:11:83:d1:64:55:3e:6d:bd:1c:c3:9d:e1:d8:cc:39:f8:68:
         b7:d5:6d:a3:6f:04:a3:c0:d5:4d:e6:a1:ee:76:01:0f:0b:ed:
         d2:5a:b0:8c:60:82:e5:8d:8a:71:60:e4:f4:92:f4:c2:f6:f5:
         77:ac:02:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9hG0tt2HTEuj0zLgowWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTI3YzhkNDllODE4MmVkZWJhOWExMDgxMzRmMzgwMTlmNWJlYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0jVexPndyvtBwQlrffIh7PjgDN3
PmeJbe/bwTGO/YknsWe/626h42nT6CAKs0EHH5u44AiEc1EUxM0AP+CM5mdRWOsT
cLSNKLIfZ9Ze4E73G4wTy78b9C0Y1M7HbV5uiW7fXNuMzJ6wmbQgy8aVbP8bmnDD
9pBOXfiR3erCKsnesY5zM+WGfDDKn/v/U6u/4bfA3oGRDfkb8aTVGhHyIVfFhHnQ
dxuyVPLcWNgDEPEU1IJA+PH2kpVwL3QK0DuMI1Ut1Wf35zUgynhdIl8zhB1hRPQV
IBfQ2iebv77bz6ASpPNKD111sEnGI4ugTfhvxiXZgzs7SCRaei2/wXuPmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGknyNSegYLt66mhCBNPOAGfW+qSMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvYVNmSTFKNkJndTNycWFFSUUwODRBWjliNnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD0
MA0GCSqGSIb3DQEBCwUAA4IBAQB/76+WOnPpLwxlWgitMc1hiT2SlI1ZabEYrlJD
ckw8ipxZ1996uHa6G+yuCuvmsrD/ijzxV4R+x9k72wm4WXgEbsXWf8cYyTIwruQV
AJFowlONACIRb28CyzZbMiJaWMOMOVbT2D0AS8SOOLfSUWqac+3/wNVEDxwRouMj
8rDj5rxB2cRIQh3t6WjA99SIJVZazyxenr01owCjXu87tFaNlbkByUKVrFxj5dtQ
7reEia3Lpg+YLybavU0bI1yJDDmZgNNYOCbBEYPRZFU+bb0cw53h2Mw5+Gi31W2j
bwSjwNVN5qHudgEPC+3SWrCMYILljYpxYOT0kvTC9vV3rAJ2
-----END CERTIFICATE-----