Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/fv4yBGRCO4HNGn_n27mvIXMhsM4.roa
File:                     fv4yBGRCO4HNGn_n27mvIXMhsM4.roa (raw, json)
Hash identifier:          zUbqrw6BZwhT5340Ep2QHivER3OiqqMeQFGjPQsK45g=
Subject key identifier:   7E:FE:32:04:64:42:3B:81:CD:1A:7F:E7:DB:B9:AF:21:73:21:B0:CE
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDF5C58F2BB374A102D75DCA201F7
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/fv4yBGRCO4HNGn_n27mvIXMhsM4.roa
Signing time:             Tue 02 Jan 2024 04:30:24 +0000
ROA not before:           Tue 02 Jan 2024 04:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216431
IP address blocks:        2a03:5840:fe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:df:5c:58:f2:bb:37:4a:10:2d:75:dc:a2:01:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7efe320464423b81cd1a7fe7dbb9af217321b0ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cd:aa:e4:81:ab:b8:db:45:66:b8:67:c1:49:
                    c3:3e:90:33:44:2d:c8:3e:c8:a7:96:a4:6a:08:b9:
                    72:16:d2:c1:3e:20:8f:ce:a5:85:05:7d:92:9f:62:
                    d1:2a:71:1b:b7:78:22:72:c2:ab:9c:8f:fb:74:19:
                    f6:91:f0:a5:7c:a9:e5:54:93:ce:24:bf:b7:2d:b4:
                    ce:c8:70:8c:b2:02:cf:d3:c2:ad:4c:ce:7c:68:fa:
                    0b:95:eb:e1:c1:c0:71:18:e4:11:52:a7:fa:b0:79:
                    23:e3:c9:ef:ed:4e:01:03:cc:0f:fb:4f:27:3b:ba:
                    f5:23:8e:a5:7e:94:36:b9:93:0b:74:10:e7:90:1e:
                    e9:7b:cb:28:62:36:cf:2e:58:23:16:08:fe:c8:40:
                    1f:da:44:93:c8:ac:33:62:dd:df:11:d9:42:2c:63:
                    5f:02:11:46:9b:76:c4:5b:83:3d:38:37:0e:d1:cb:
                    9b:f9:c8:4d:57:c8:b1:65:97:43:21:ae:a9:be:e0:
                    0a:86:12:81:2e:47:3a:73:5b:e7:cb:5c:5e:05:2d:
                    02:bc:95:bd:63:72:b6:28:b9:06:50:6d:b0:57:b6:
                    b1:9d:25:05:37:7d:41:73:b2:e1:55:19:f9:3f:2e:
                    fc:78:cd:df:d6:a2:56:c9:75:18:84:c0:11:23:f0:
                    3c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:FE:32:04:64:42:3B:81:CD:1A:7F:E7:DB:B9:AF:21:73:21:B0:CE
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/fv4yBGRCO4HNGn_n27mvIXMhsM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:fe::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:0c:52:a2:c7:89:c6:23:af:18:ee:64:84:34:10:4a:d9:31:
         99:04:81:bf:61:ff:02:12:89:f1:a8:77:75:90:4f:11:22:90:
         5b:4a:6b:7d:38:02:d5:d1:0c:9a:e3:3d:b2:c7:89:bd:a6:df:
         97:a0:9c:7a:46:67:a8:ae:70:ef:5b:b0:13:ff:c9:a3:4c:a6:
         f0:d6:a6:1a:e4:b6:6f:db:6e:50:aa:31:47:34:d8:56:ed:5f:
         29:a4:75:d9:06:b1:59:dd:66:74:6a:79:1f:53:3a:32:95:e0:
         69:4b:01:be:a7:9d:f7:82:52:15:bc:98:00:75:65:9a:5f:8b:
         75:30:2b:55:53:1b:a2:e7:f4:a9:73:c0:f6:1c:b4:16:41:ae:
         b3:81:61:38:b0:a7:d2:3b:7c:40:cf:41:33:7f:b6:35:cc:ba:
         cb:cf:93:06:a4:1c:ba:ff:fd:24:28:2f:17:5b:ca:5a:ba:2a:
         a7:c0:bf:9d:0d:a5:be:d5:2d:3b:f0:d6:5e:05:ed:5a:a6:df:
         5b:41:fd:c2:ca:53:77:fd:9c:e9:02:3c:cb:bc:6a:b8:60:20:
         6e:75:1b:0a:d2:83:90:65:eb:d0:d4:d4:0c:80:e2:41:5d:61:
         52:2d:3f:4d:1b:80:0a:25:ec:4b:8a:f0:f9:fa:c5:eb:61:38:
         22:37:6c:90
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb99cWPK7N0oQLXXcogH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWZlMzIwNDY0NDIzYjgxY2QxYTdmZTdkYmI5YWYyMTczMjFiMGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM2q5IGruNtFZrhnwUnDPpAzRC3I
PsinlqRqCLlyFtLBPiCPzqWFBX2Sn2LRKnEbt3gicsKrnI/7dBn2kfClfKnlVJPO
JL+3LbTOyHCMsgLP08KtTM58aPoLlevhwcBxGOQRUqf6sHkj48nv7U4BA8wP+08n
O7r1I46lfpQ2uZMLdBDnkB7pe8soYjbPLlgjFgj+yEAf2kSTyKwzYt3fEdlCLGNf
AhFGm3bEW4M9ODcO0cub+chNV8ixZZdDIa6pvuAKhhKBLkc6c1vny1xeBS0CvJW9
Y3K2KLkGUG2wV7axnSUFN31Bc7LhVRn5Py78eM3f1qJWyXUYhMARI/A84wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH7+MgRkQjuBzRp/59u5ryFzIbDOMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvZnY0eUJHUkNPNEhOR25fbjI3bXZJWE1oc000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD+
MA0GCSqGSIb3DQEBCwUAA4IBAQBmDFKix4nGI68Y7mSENBBK2TGZBIG/Yf8CEonx
qHd1kE8RIpBbSmt9OALV0Qya4z2yx4m9pt+XoJx6RmeornDvW7AT/8mjTKbw1qYa
5LZv225QqjFHNNhW7V8ppHXZBrFZ3WZ0ankfUzoyleBpSwG+p533glIVvJgAdWWa
X4t1MCtVUxui5/Spc8D2HLQWQa6zgWE4sKfSO3xAz0Ezf7Y1zLrLz5MGpBy6//0k
KC8XW8pauiqnwL+dDaW+1S078NZeBe1apt9bQf3CylN3/ZzpAjzLvGq4YCBudRsK
0oOQZevQ1NQMgOJBXWFSLT9NG4AKJexLivD5+sXrYTgiN2yQ
-----END CERTIFICATE-----