Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/tfk2vjCoFtP56d9PvwtT-qQ6SjU.roa
File:                     tfk2vjCoFtP56d9PvwtT-qQ6SjU.roa (raw, json)
Hash identifier:          Ak0f4gcCulLmPBcTPDeYH0HZVt+6XxNpBIz8cPCox3U=
Subject key identifier:   B5:F9:36:BE:30:A8:16:D3:F9:E9:DF:4F:BF:0B:53:FA:A4:3A:4A:35
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019017D2930D63B589846BF3C6C834E02902
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/tfk2vjCoFtP56d9PvwtT-qQ6SjU.roa
Signing time:             Fri 14 Jun 2024 17:36:34 +0000
ROA not before:           Fri 14 Jun 2024 17:36:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214702
IP address blocks:        2a03:5840:11b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:d2:93:0d:63:b5:89:84:6b:f3:c6:c8:34:e0:29:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jun 14 17:36:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5f936be30a816d3f9e9df4fbf0b53faa43a4a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:62:da:6f:a4:d0:96:16:2b:4d:84:65:00:21:
                    cc:7e:55:8a:7d:08:c3:5e:21:93:c7:90:89:5d:d5:
                    db:40:6f:68:63:c4:23:d1:1a:4b:a9:46:7b:67:0c:
                    a5:04:73:33:64:94:85:a8:d7:88:21:b6:f1:d6:a7:
                    d4:7b:90:c0:3b:f8:3f:58:37:a4:64:a4:a3:80:01:
                    d1:7f:5f:f7:15:19:98:c3:9f:77:6d:8e:d6:28:4b:
                    78:32:d7:52:3e:3e:51:7c:5a:11:27:ca:55:df:94:
                    8d:0a:98:40:2b:ff:ec:19:72:1c:d2:c1:9a:e4:3e:
                    e4:14:d6:ec:8e:a4:2d:b1:5e:9f:97:22:c8:c0:74:
                    ce:0f:b8:5e:3b:f5:3d:1c:e1:7d:3f:2d:79:44:4a:
                    df:93:79:6c:5e:12:a5:96:ef:ab:81:b3:6e:eb:d2:
                    09:f8:71:6d:d1:81:29:92:1c:c7:3d:f3:33:7a:8f:
                    e4:b6:b6:8d:92:c5:f8:b6:6f:bb:9c:4b:16:28:d3:
                    6e:46:87:e1:3d:6e:7e:70:1e:92:06:96:3c:ab:4e:
                    b0:68:a4:f7:4f:67:03:9c:0b:cc:64:2c:d7:f6:9a:
                    32:ff:9c:ca:3d:4a:0a:65:3a:45:eb:cb:12:4a:da:
                    bf:76:4b:64:c0:1d:f0:f3:8a:0d:6a:37:cf:09:96:
                    8a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F9:36:BE:30:A8:16:D3:F9:E9:DF:4F:BF:0B:53:FA:A4:3A:4A:35
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/tfk2vjCoFtP56d9PvwtT-qQ6SjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:11b::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:50:7d:1f:2a:60:1c:ff:36:2f:88:52:ec:c7:5b:51:01:89:
         15:b0:a5:ba:35:20:c0:99:65:cc:43:5a:19:97:4a:f2:fd:4c:
         ab:84:28:e6:59:73:ed:7e:1d:7a:f5:41:4f:0d:b8:d3:a4:e8:
         20:cd:d6:1c:a2:0c:25:8b:f7:8c:30:b8:60:5c:15:81:30:89:
         96:0a:85:dd:b9:3d:85:9e:65:6d:f7:f9:ee:b7:7b:a1:63:70:
         d6:2a:49:bc:5b:e3:4b:6a:73:e4:22:c0:46:8b:04:d7:93:68:
         b2:f6:39:34:c4:34:75:b3:74:2e:4f:23:67:0a:b6:8d:4a:c1:
         7c:4c:50:ab:54:3e:76:38:ba:c3:db:94:93:52:fd:93:31:2e:
         7f:ed:9d:35:ce:83:b2:ed:6d:d4:06:6d:27:9f:0f:ce:56:b9:
         b3:a7:69:94:0f:a0:a2:77:52:4e:e7:7d:95:c2:c7:43:5c:3a:
         46:47:3e:82:73:38:b6:bf:53:c1:3a:51:6b:66:3c:dc:54:e5:
         0d:e5:64:57:1f:93:e9:e5:82:2e:7c:ce:12:76:3b:66:20:b9:
         32:5f:f0:5f:8b:87:23:2c:1d:f0:3c:e6:0a:43:d9:d6:17:38:
         43:60:37:b8:2a:11:2d:54:f6:d0:6d:b8:41:69:52:40:1c:fa:
         68:b7:16:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAX0pMNY7WJhGvzxsg04CkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwNjE0MTczNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY5MzZiZTMwYTgxNmQzZjllOWRmNGZiZjBiNTNmYWE0M2E0YTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2Lab6TQlhYrTYRlACHMflWKfQjD
XiGTx5CJXdXbQG9oY8Qj0RpLqUZ7ZwylBHMzZJSFqNeIIbbx1qfUe5DAO/g/WDek
ZKSjgAHRf1/3FRmYw593bY7WKEt4MtdSPj5RfFoRJ8pV35SNCphAK//sGXIc0sGa
5D7kFNbsjqQtsV6flyLIwHTOD7heO/U9HOF9Py15RErfk3lsXhKllu+rgbNu69IJ
+HFt0YEpkhzHPfMzeo/ktraNksX4tm+7nEsWKNNuRofhPW5+cB6SBpY8q06waKT3
T2cDnAvMZCzX9poy/5zKPUoKZTpF68sSStq/dktkwB3w84oNajfPCZaK6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLX5Nr4wqBbT+enfT78LU/qkOko1MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvdGZrMnZqQ29GdFA1NmQ5UHZ3dFQtcVE2U2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEb
MA0GCSqGSIb3DQEBCwUAA4IBAQBmUH0fKmAc/zYviFLsx1tRAYkVsKW6NSDAmWXM
Q1oZl0ry/UyrhCjmWXPtfh169UFPDbjTpOggzdYcogwli/eMMLhgXBWBMImWCoXd
uT2FnmVt9/nut3uhY3DWKkm8W+NLanPkIsBGiwTXk2iy9jk0xDR1s3QuTyNnCraN
SsF8TFCrVD52OLrD25STUv2TMS5/7Z01zoOy7W3UBm0nnw/OVrmzp2mUD6Cid1JO
532VwsdDXDpGRz6Cczi2v1PBOlFrZjzcVOUN5WRXH5Pp5YIufM4SdjtmILkyX/Bf
i4cjLB3wPOYKQ9nWFzhDYDe4KhEtVPbQbbhBaVJAHPpotxZq
-----END CERTIFICATE-----