Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/oUvAsEzc1h5Cmx1eLMuAYWNV7vo.roa
File:                     oUvAsEzc1h5Cmx1eLMuAYWNV7vo.roa (raw, json)
Hash identifier:          rxjs0a+O3tdqGRXUgs/nyOHUgml3msPz3xm+Jpmi/dE=
Subject key identifier:   A1:4B:C0:B0:4C:DC:D6:1E:42:9B:1D:5E:2C:CB:80:61:63:55:EE:FA
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDC353B9600006F7FA0921857F4B6
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/oUvAsEzc1h5Cmx1eLMuAYWNV7vo.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205414
IP address blocks:        2a03:5840:260::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:dc:35:3b:96:00:00:6f:7f:a0:92:18:57:f4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a14bc0b04cdcd61e429b1d5e2ccb80616355eefa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:01:d2:ff:4c:db:3a:9f:65:82:8c:d6:f5:6e:
                    96:78:3b:0b:0f:30:28:ce:43:a0:d9:cb:fc:1d:1d:
                    da:ba:22:b1:99:5d:7a:18:8c:6c:8f:31:2c:72:d9:
                    f7:45:cb:73:bc:e1:07:1f:db:66:62:ca:27:52:49:
                    63:ad:63:14:58:62:c8:e6:71:00:a1:af:4e:c1:29:
                    31:2f:16:ac:76:a6:12:1f:d3:6a:cd:c8:d5:ff:50:
                    02:39:5f:9e:49:bb:00:03:5e:83:f4:08:05:a5:ee:
                    6e:c3:c4:2b:3a:d7:2c:ff:8f:22:d0:a6:1b:07:6a:
                    d8:f7:cd:6b:e4:87:c6:ab:36:ed:9f:b6:90:7b:ff:
                    aa:85:93:96:66:b3:1b:87:04:88:2c:5f:a5:1f:7a:
                    49:62:22:3e:e2:01:24:3b:cd:5f:5d:5a:de:75:a4:
                    cc:59:9a:ad:a9:e3:99:80:94:f1:b1:89:7d:a1:74:
                    c0:9d:25:b6:05:f6:28:08:d2:6c:38:c2:18:1c:57:
                    78:6e:46:ab:fe:de:9c:9a:95:87:f4:47:eb:87:8d:
                    c8:3b:1e:f4:94:19:ef:a7:ab:63:8b:9d:10:f2:ad:
                    38:7c:1c:80:b8:38:33:b0:71:31:f1:db:96:22:fc:
                    b0:8b:03:e2:25:a7:58:17:25:20:b5:4e:5b:09:87:
                    68:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4B:C0:B0:4C:DC:D6:1E:42:9B:1D:5E:2C:CB:80:61:63:55:EE:FA
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/oUvAsEzc1h5Cmx1eLMuAYWNV7vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:ab:81:c2:f2:c2:0e:1a:ad:f4:c0:86:5a:15:ba:ae:67:03:
         e3:ba:28:90:aa:c1:fa:d7:f9:3f:91:34:c5:0d:e6:f4:46:a5:
         83:a7:5c:0a:2e:8e:6e:13:48:fd:f6:be:84:07:21:f5:73:a8:
         5c:73:3d:f5:7a:7f:bd:29:f8:c3:bb:f2:af:22:06:9f:22:b0:
         70:28:56:4d:67:59:ed:1b:b3:fe:cf:cc:e2:a5:4f:47:96:e0:
         f2:64:db:e3:ad:b2:e7:32:9c:38:43:16:35:9b:80:ea:f9:ee:
         3c:e5:7c:92:b7:8e:0b:a5:7d:1d:96:13:18:5d:4e:a3:0d:25:
         da:62:99:d3:78:c1:09:93:e3:f5:45:61:9f:f3:31:97:98:e4:
         6d:0a:ad:ed:f7:fa:a7:fa:d6:56:b3:e1:87:ed:56:b6:12:57:
         9a:cb:24:b9:64:59:94:21:c0:96:c6:bf:4c:88:4c:f4:fb:94:
         ca:9c:f5:4b:88:ae:a3:4d:7d:41:40:b7:11:7a:2f:06:16:57:
         59:f5:cc:04:45:94:1f:41:3c:d5:bf:9a:cf:31:78:4b:c7:af:
         28:41:81:d5:cd:d7:a7:65:20:48:1c:f0:6d:f6:12:17:24:9d:
         68:2f:d4:fd:74:3c:26:60:81:c0:16:02:03:f7:af:98:92:30:
         4a:9a:3f:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9w1O5YAAG9/oJIYV/S2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTRiYzBiMDRjZGNkNjFlNDI5YjFkNWUyY2NiODA2MTYzNTVlZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQHS/0zbOp9lgozW9W6WeDsLDzAo
zkOg2cv8HR3auiKxmV16GIxsjzEsctn3RctzvOEHH9tmYsonUkljrWMUWGLI5nEA
oa9OwSkxLxasdqYSH9NqzcjV/1ACOV+eSbsAA16D9AgFpe5uw8QrOtcs/48i0KYb
B2rY981r5IfGqzbtn7aQe/+qhZOWZrMbhwSILF+lH3pJYiI+4gEkO81fXVredaTM
WZqtqeOZgJTxsYl9oXTAnSW2BfYoCNJsOMIYHFd4bkar/t6cmpWH9Efrh43IOx70
lBnvp6tji50Q8q04fByAuDgzsHEx8duWIvywiwPiJadYFyUgtU5bCYdoEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKFLwLBM3NYeQpsdXizLgGFjVe76MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvb1V2QXNFemMxaDVDbXgxZUxNdUFZV05WN3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgNYQAJg
MA0GCSqGSIb3DQEBCwUAA4IBAQCYq4HC8sIOGq30wIZaFbquZwPjuiiQqsH61/k/
kTTFDeb0RqWDp1wKLo5uE0j99r6EByH1c6hccz31en+9KfjDu/KvIgafIrBwKFZN
Z1ntG7P+z8zipU9HluDyZNvjrbLnMpw4QxY1m4Dq+e485XySt44LpX0dlhMYXU6j
DSXaYpnTeMEJk+P1RWGf8zGXmORtCq3t9/qn+tZWs+GH7Va2EleayyS5ZFmUIcCW
xr9MiEz0+5TKnPVLiK6jTX1BQLcRei8GFldZ9cwERZQfQTzVv5rPMXhLx68oQYHV
zdenZSBIHPBt9hIXJJ1oL9T9dDwmYIHAFgID96+YkjBKmj+Y
-----END CERTIFICATE-----