Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uLb0IG0h1MSYmhYwGZJpjOTCduI.roa
File:                     uLb0IG0h1MSYmhYwGZJpjOTCduI.roa (raw, json)
Hash identifier:          6g1j7fZQVGPlWkpbjr8nXn7jMIK9S12HJJoopdFYi3I=
Subject key identifier:   B8:B6:F4:20:6D:21:D4:C4:98:9A:16:30:19:92:69:8C:E4:C2:76:E2
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FD63B45A16AEBED0BFF520E3E0716
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uLb0IG0h1MSYmhYwGZJpjOTCduI.roa
Signing time:             Tue 02 Jan 2024 04:30:21 +0000
ROA not before:           Tue 02 Jan 2024 04:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197795
IP address blocks:        2a03:5840:fa::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d6:3b:45:a1:6a:eb:ed:0b:ff:52:0e:3e:07:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8b6f4206d21d4c4989a16301992698ce4c276e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b7:47:a5:f3:e9:d4:60:a8:25:fb:33:6d:49:
                    ef:10:1b:38:95:29:cf:17:a3:20:40:63:36:15:81:
                    ba:47:64:d6:a2:3d:06:1d:56:11:4a:5b:b5:4e:14:
                    de:13:3e:80:6c:46:9c:1a:b0:e0:7b:0f:66:60:b3:
                    71:bb:32:e7:43:48:67:86:90:aa:6d:24:5d:70:cc:
                    3d:34:9a:0a:9b:dc:ac:bc:45:5f:19:28:ee:ee:5a:
                    34:ef:59:f4:b3:72:57:51:9a:d2:bb:a9:c4:89:23:
                    78:3c:d3:4f:e0:b8:5e:17:01:e5:74:d8:69:3a:bc:
                    16:79:7b:32:9a:72:96:43:74:12:6e:72:c4:55:48:
                    1b:9f:f6:c8:96:44:05:24:83:ae:75:94:70:17:0c:
                    31:01:cc:36:0e:95:e6:c2:3c:0d:44:13:b1:13:71:
                    83:4b:56:4b:f9:fa:76:2b:54:37:b3:67:9c:3e:1d:
                    d2:0d:4f:54:66:bc:5d:40:fb:e1:b2:c5:eb:d4:b1:
                    bb:1b:54:09:c6:31:c5:c3:35:e8:3a:8c:33:a4:97:
                    0b:1d:64:1e:f8:77:a5:50:5b:3a:df:d9:2c:02:4a:
                    85:9f:94:72:3a:72:7c:29:c8:f2:90:f5:1a:39:94:
                    88:25:92:e4:d4:5a:82:91:2e:3c:a2:14:45:48:4f:
                    d1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B6:F4:20:6D:21:D4:C4:98:9A:16:30:19:92:69:8C:E4:C2:76:E2
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uLb0IG0h1MSYmhYwGZJpjOTCduI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:fa::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:c3:77:5e:53:b1:db:34:08:27:eb:2c:e0:7c:be:1a:a1:e5:
         53:36:a4:1c:99:0b:c7:1a:c7:9b:69:13:4d:99:83:ad:d6:b0:
         cb:8a:82:ce:5d:92:dd:28:1c:e1:ce:ff:d0:73:23:1b:1b:81:
         ff:9b:1d:a0:0c:c9:2e:24:62:76:fd:ed:d9:69:5d:a2:6a:4f:
         e3:f9:42:8e:42:3f:99:b0:bb:6c:01:16:27:ec:fe:a7:75:fa:
         79:96:2a:c7:d0:7e:87:43:69:4e:28:4a:44:7b:c5:2a:62:2b:
         dd:a5:ec:02:d1:d6:90:b0:f6:bc:b4:de:71:3a:ab:47:00:a1:
         0f:2e:04:8c:36:93:bb:15:bf:e5:70:0e:40:68:16:f5:ee:cb:
         df:90:06:ad:c7:3f:b3:97:b0:39:37:50:c1:3c:ae:2f:f6:fa:
         33:41:f0:b5:bf:ee:01:02:d5:fa:71:97:e9:b5:20:c2:7c:d8:
         e9:58:12:91:58:10:d5:2c:11:2d:46:06:a7:d0:4a:4f:f6:d2:
         be:28:97:71:88:b6:c6:8d:73:99:88:1f:53:94:92:1c:3d:74:
         9c:ac:ef:54:b6:80:1e:ce:7a:23:11:b7:b5:27:91:29:2d:46:
         7c:58:12:ea:1a:d7:d0:2f:6a:9a:ff:89:61:53:5c:f5:d7:cc:
         2f:2d:71:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9Y7RaFq6+0L/1IOPgcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGI2ZjQyMDZkMjFkNGM0OTg5YTE2MzAxOTkyNjk4Y2U0YzI3NmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLdHpfPp1GCoJfszbUnvEBs4lSnP
F6MgQGM2FYG6R2TWoj0GHVYRSlu1ThTeEz6AbEacGrDgew9mYLNxuzLnQ0hnhpCq
bSRdcMw9NJoKm9ysvEVfGSju7lo071n0s3JXUZrSu6nEiSN4PNNP4LheFwHldNhp
OrwWeXsymnKWQ3QSbnLEVUgbn/bIlkQFJIOudZRwFwwxAcw2DpXmwjwNRBOxE3GD
S1ZL+fp2K1Q3s2ecPh3SDU9UZrxdQPvhssXr1LG7G1QJxjHFwzXoOowzpJcLHWQe
+HelUFs639ksAkqFn5RyOnJ8KcjykPUaOZSIJZLk1FqCkS48ohRFSE/RAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLi29CBtIdTEmJoWMBmSaYzkwnbiMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvdUxiMElHMGgxTVNZbWhZd0daSnBqT1RDZHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD6
MA0GCSqGSIb3DQEBCwUAA4IBAQAUw3deU7HbNAgn6yzgfL4aoeVTNqQcmQvHGseb
aRNNmYOt1rDLioLOXZLdKBzhzv/QcyMbG4H/mx2gDMkuJGJ2/e3ZaV2iak/j+UKO
Qj+ZsLtsARYn7P6ndfp5lirH0H6HQ2lOKEpEe8UqYivdpewC0daQsPa8tN5xOqtH
AKEPLgSMNpO7Fb/lcA5AaBb17svfkAatxz+zl7A5N1DBPK4v9vozQfC1v+4BAtX6
cZfptSDCfNjpWBKRWBDVLBEtRgan0EpP9tK+KJdxiLbGjXOZiB9TlJIcPXScrO9U
toAeznojEbe1J5EpLUZ8WBLqGtfQL2qa/4lhU1z118wvLXFH
-----END CERTIFICATE-----