Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/pTVPTFP4fo2oHPXTLZfLUr2TkxM.roa
File:                     pTVPTFP4fo2oHPXTLZfLUr2TkxM.roa (raw, json)
Hash identifier:          Y2/5AGFHrsiusIL7MlQs8aU9SpjU2a+S4wIX9xatHlw=
Subject key identifier:   A5:35:4F:4C:53:F8:7E:8D:A8:1C:F5:D3:2D:97:CB:52:BD:93:93:13
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD7238C94EF8053342BE8A5C9AFBD
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/pTVPTFP4fo2oHPXTLZfLUr2TkxM.roa
Signing time:             Tue 02 Jan 2024 04:30:21 +0000
ROA not before:           Tue 02 Jan 2024 04:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198767
IP address blocks:        2a03:5840:f6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d7:23:8c:94:ef:80:53:34:2b:e8:a5:c9:af:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5354f4c53f87e8da81cf5d32d97cb52bd939313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e5:99:ba:fe:88:6c:ac:9e:89:5f:ba:c9:9e:
                    06:29:93:67:1d:9c:b0:af:5b:7a:2f:2a:51:96:52:
                    ac:ad:62:2d:ba:52:aa:47:7a:34:27:61:e1:ed:74:
                    dd:00:77:31:ae:c4:cd:8e:54:94:63:7d:51:18:94:
                    99:80:b9:ff:4c:76:87:4d:63:16:ac:c3:ee:f7:54:
                    ae:0e:f3:e4:f4:3e:51:15:87:3a:cc:b7:d7:e8:01:
                    9b:8a:42:ce:31:7e:40:4b:4a:e1:32:cd:77:54:11:
                    26:d0:02:f3:20:57:31:aa:a4:e6:94:fa:67:50:60:
                    a0:81:ed:55:97:f6:c8:4b:7f:fb:2e:fc:82:3e:60:
                    52:c1:77:0e:ed:dc:02:83:cb:74:5a:c3:7b:42:1d:
                    ac:67:3a:12:53:55:5e:ea:0c:26:4d:6c:f9:8f:1d:
                    fa:26:6c:b2:8f:d9:ad:6d:14:60:21:10:3d:a1:eb:
                    74:bb:cb:33:41:16:11:a9:71:92:87:4f:3b:f3:3f:
                    e4:ef:89:e2:85:d4:33:4a:2e:67:48:4f:21:e1:b4:
                    35:f5:76:6e:e4:2c:53:20:7c:88:ca:90:18:43:e4:
                    8c:07:24:c5:8c:33:a7:ca:aa:b7:a1:95:1e:a3:9a:
                    e8:77:72:c3:12:81:5c:8d:8e:07:a8:53:cd:99:3f:
                    f9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:35:4F:4C:53:F8:7E:8D:A8:1C:F5:D3:2D:97:CB:52:BD:93:93:13
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/pTVPTFP4fo2oHPXTLZfLUr2TkxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f6::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:25:02:f6:7e:1a:5c:d0:a7:5f:83:6c:48:2f:f8:4a:05:4a:
         5d:f4:1e:d3:ef:da:71:2c:71:11:81:40:cc:57:4a:10:6a:a3:
         e2:97:57:89:ec:e5:03:8b:a1:9c:57:ab:bc:5c:84:20:22:27:
         6b:0c:bb:7f:a3:dc:a9:e7:98:98:b1:f2:ea:69:66:a0:6b:62:
         6a:22:92:56:4c:dc:c9:7c:5f:4d:bd:f2:d4:73:94:b5:92:04:
         af:0e:ed:bd:b0:91:6f:4f:23:5d:f3:35:ad:06:fd:1a:fc:ff:
         70:60:30:87:b1:d1:2c:20:c9:91:34:d4:79:88:03:42:dd:61:
         43:66:4f:93:ed:6c:e5:41:a4:02:6d:8e:05:52:10:e7:f7:1c:
         a1:bd:57:15:08:90:37:38:da:34:98:eb:58:52:02:29:dd:ae:
         11:74:6a:78:f8:80:41:f1:e4:5d:e9:a1:68:b4:44:9c:f6:93:
         ef:d8:24:6b:41:15:41:57:94:0b:7a:55:8b:11:23:98:48:d9:
         89:20:40:60:64:ed:fd:bc:30:6b:d1:25:25:1c:02:d4:7d:57:
         ba:c2:bc:7c:13:9b:7b:04:29:eb:43:23:32:ba:9b:a8:5f:28:
         27:33:ff:b2:03:e5:74:1d:26:b6:08:97:e4:4a:a5:6e:93:f1:
         2c:77:aa:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9cjjJTvgFM0K+ilya+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM1NGY0YzUzZjg3ZThkYTgxY2Y1ZDMyZDk3Y2I1MmJkOTM5MzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuWZuv6IbKyeiV+6yZ4GKZNnHZyw
r1t6LypRllKsrWItulKqR3o0J2Hh7XTdAHcxrsTNjlSUY31RGJSZgLn/THaHTWMW
rMPu91SuDvPk9D5RFYc6zLfX6AGbikLOMX5AS0rhMs13VBEm0ALzIFcxqqTmlPpn
UGCgge1Vl/bIS3/7LvyCPmBSwXcO7dwCg8t0WsN7Qh2sZzoSU1Ve6gwmTWz5jx36
Jmyyj9mtbRRgIRA9oet0u8szQRYRqXGSh0878z/k74nihdQzSi5nSE8h4bQ19XZu
5CxTIHyIypAYQ+SMByTFjDOnyqq3oZUeo5rod3LDEoFcjY4HqFPNmT/5MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKU1T0xT+H6NqBz10y2Xy1K9k5MTMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvcFRWUFRGUDRmbzJvSFBYVExaZkxVcjJUa3hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD2
MA0GCSqGSIb3DQEBCwUAA4IBAQBpJQL2fhpc0Kdfg2xIL/hKBUpd9B7T79pxLHER
gUDMV0oQaqPil1eJ7OUDi6GcV6u8XIQgIidrDLt/o9yp55iYsfLqaWaga2JqIpJW
TNzJfF9NvfLUc5S1kgSvDu29sJFvTyNd8zWtBv0a/P9wYDCHsdEsIMmRNNR5iANC
3WFDZk+T7WzlQaQCbY4FUhDn9xyhvVcVCJA3ONo0mOtYUgIp3a4RdGp4+IBB8eRd
6aFotESc9pPv2CRrQRVBV5QLelWLESOYSNmJIEBgZO39vDBr0SUlHALUfVe6wrx8
E5t7BCnrQyMyupuoXygnM/+yA+V0HSa2CJfkSqVuk/Esd6px
-----END CERTIFICATE-----