Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/hGSWc_z0bl4bEYSvaaqI3Yxep5M.roa
File:                     hGSWc_z0bl4bEYSvaaqI3Yxep5M.roa (raw, json)
Hash identifier:          JXRvi+Y1N6Resq5tcARWwJC+l+hT8eH1rY2cCWJXTik=
Subject key identifier:   84:64:96:73:FC:F4:6E:5E:1B:11:84:AF:69:AA:88:DD:8C:5E:A7:93
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDB93CA6775CB892FFE3B66B281D4
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/hGSWc_z0bl4bEYSvaaqI3Yxep5M.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205232
IP address blocks:        2a03:5840:270::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:db:93:ca:67:75:cb:89:2f:fe:3b:66:b2:81:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84649673fcf46e5e1b1184af69aa88dd8c5ea793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:29:ed:ce:1a:26:6a:6e:56:b3:35:33:f4:e4:
                    55:a8:00:c2:54:4e:86:6e:b0:11:38:a9:ed:7e:4f:
                    7b:6a:93:a8:68:7e:d7:32:5f:9f:8a:64:82:cd:c5:
                    a1:80:2b:33:23:74:e6:76:8d:39:15:fd:39:ff:24:
                    d3:87:82:92:6b:3e:f0:f4:61:a8:9e:a4:9f:04:64:
                    21:e1:e2:60:83:17:27:d7:72:8e:87:77:13:49:44:
                    12:60:0d:ea:b4:bc:bd:11:30:30:58:47:0b:b3:53:
                    7a:9b:d8:0b:61:57:ec:89:23:e5:3e:24:dd:54:f6:
                    f2:67:ac:fc:08:41:96:ce:25:7a:b1:27:db:e5:7b:
                    e3:f7:b1:86:ca:0d:c9:cb:14:c9:34:75:30:57:51:
                    b2:a9:2b:d1:ea:4c:23:5d:cc:d8:1b:c1:9a:22:01:
                    6c:f7:20:1f:52:d3:dc:1e:89:07:65:94:ba:9f:65:
                    77:7d:5d:59:d8:3a:f0:81:8e:5a:da:ee:51:a5:95:
                    74:5a:f7:2a:b1:63:7e:1c:41:ff:1e:d4:59:8a:0a:
                    35:c4:e5:8a:cf:52:2c:91:59:cb:cb:81:79:a1:1e:
                    0b:0e:2b:7c:6a:66:4e:cf:80:50:e3:4e:94:ff:43:
                    d0:e4:29:b0:ce:5a:a2:80:7f:75:a1:a4:a7:61:d1:
                    cd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:64:96:73:FC:F4:6E:5E:1B:11:84:AF:69:AA:88:DD:8C:5E:A7:93
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/hGSWc_z0bl4bEYSvaaqI3Yxep5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:0a:9b:0b:49:87:2f:6e:f5:78:8d:a8:02:cd:9f:16:7a:9e:
         d9:eb:65:87:73:6c:df:4f:81:60:cc:5e:f1:21:7d:35:a9:48:
         f7:5b:e8:68:17:b6:7c:88:51:ba:f3:08:78:45:85:28:d4:a0:
         7c:f8:eb:05:e9:b5:1d:11:ba:1b:1e:ae:ad:c0:5e:c1:08:b8:
         a7:bd:ea:a3:f0:62:25:7b:19:1f:82:66:6c:c0:7f:a3:d6:97:
         71:e4:fa:cc:74:69:34:56:76:86:dc:e0:ad:fb:2b:fd:22:52:
         ab:9e:84:2d:df:e4:9a:c4:79:6e:a6:0f:3f:0b:28:e6:b1:1c:
         2c:e8:bc:73:9f:0f:53:7c:88:f0:e1:7c:55:d1:7f:d1:fc:91:
         fc:1b:a2:a0:47:2c:87:a2:a9:3a:0e:58:9f:cd:f5:5f:ce:be:
         55:54:43:7e:0c:25:0f:89:c3:b9:1b:6d:f8:0f:fc:81:39:2a:
         6e:9b:a7:1e:02:4e:ba:59:f9:29:e3:cf:8c:12:31:2c:ee:08:
         d8:b6:14:e6:37:4a:0c:00:eb:15:3a:dc:80:2d:11:8a:2f:81:
         ff:53:38:c8:7c:f1:99:77:10:63:fd:78:b2:7f:00:0f:9f:72:
         0a:c0:e9:96:97:79:ec:d4:d8:d8:ee:fb:1a:94:fa:2b:e5:9e:
         0c:97:74:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9uTymd1y4kv/jtmsoHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY0OTY3M2ZjZjQ2ZTVlMWIxMTg0YWY2OWFhODhkZDhjNWVhNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwintzhomam5WszUz9ORVqADCVE6G
brAROKntfk97apOoaH7XMl+fimSCzcWhgCszI3Tmdo05Ff05/yTTh4KSaz7w9GGo
nqSfBGQh4eJggxcn13KOh3cTSUQSYA3qtLy9ETAwWEcLs1N6m9gLYVfsiSPlPiTd
VPbyZ6z8CEGWziV6sSfb5Xvj97GGyg3JyxTJNHUwV1GyqSvR6kwjXczYG8GaIgFs
9yAfUtPcHokHZZS6n2V3fV1Z2DrwgY5a2u5RpZV0WvcqsWN+HEH/HtRZigo1xOWK
z1IskVnLy4F5oR4LDit8amZOz4BQ406U/0PQ5CmwzlqigH91oaSnYdHNMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIRklnP89G5eGxGEr2mqiN2MXqeTMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvaEdTV2NfejBibDRiRVlTdmFhcUkzWXhlcDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgNYQAJw
MA0GCSqGSIb3DQEBCwUAA4IBAQA5CpsLSYcvbvV4jagCzZ8Wep7Z62WHc2zfT4Fg
zF7xIX01qUj3W+hoF7Z8iFG68wh4RYUo1KB8+OsF6bUdEbobHq6twF7BCLinveqj
8GIlexkfgmZswH+j1pdx5PrMdGk0VnaG3OCt+yv9IlKrnoQt3+SaxHlupg8/Cyjm
sRws6Lxznw9TfIjw4XxV0X/R/JH8G6KgRyyHoqk6DlifzfVfzr5VVEN+DCUPicO5
G234D/yBOSpum6ceAk66Wfkp48+MEjEs7gjYthTmN0oMAOsVOtyALRGKL4H/UzjI
fPGZdxBj/XiyfwAPn3IKwOmWl3ns1NjY7vsalPor5Z4Ml3Qz
-----END CERTIFICATE-----