Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/x41ICQgBBY6WdtSq8gC-IghgZPo.roa
File:                     x41ICQgBBY6WdtSq8gC-IghgZPo.roa (raw, json)
Hash identifier:          zBPJJa9Xymv+wW5zuTTNUVz8AJs3TZ8hoAsKCk5VVQM=
Subject key identifier:   C7:8D:48:09:08:01:05:8E:96:76:D4:AA:F2:00:BE:22:08:60:64:FA
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDCBBAF8C3EE8CA9DA8681DB76069
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/x41ICQgBBY6WdtSq8gC-IghgZPo.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209652
IP address blocks:        2a03:5840:f1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:dc:bb:af:8c:3e:e8:ca:9d:a8:68:1d:b7:60:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c78d48090801058e9676d4aaf200be22086064fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:28:e3:92:b7:9d:32:61:a3:58:ac:b1:c6:ca:
                    db:d7:75:e5:b0:8e:6d:f8:46:36:64:60:13:1a:b2:
                    0b:2f:f7:ee:4c:4b:ff:fc:b8:30:4f:90:81:00:1f:
                    bc:e3:dc:9b:46:c1:0c:ef:44:cb:0d:c8:26:d4:7a:
                    f3:bd:5d:d9:c2:56:f2:d1:bf:61:ba:3e:47:df:30:
                    72:03:d9:61:7b:0e:e3:8e:34:4e:0f:84:c5:7d:25:
                    c7:49:52:ae:3c:e0:2f:2f:ea:af:f6:19:ee:5d:9e:
                    a2:31:66:05:bf:4f:c0:09:87:8c:cb:94:39:58:19:
                    0f:2d:51:42:6f:fa:6b:89:58:18:ef:98:d8:ae:1b:
                    5d:61:d9:86:5f:29:b1:2d:12:c4:10:db:98:55:54:
                    e1:a4:77:92:87:76:42:67:76:bb:7a:c3:52:0d:b0:
                    e6:00:45:cf:e4:c2:bd:aa:f2:8f:35:7f:93:60:33:
                    47:51:5d:c0:d1:4a:32:b2:42:c0:06:09:65:2c:ce:
                    aa:5b:fa:2b:42:2e:c2:40:02:0d:24:f5:df:20:87:
                    dd:ac:54:34:6d:ce:53:b5:ed:be:d7:ac:f9:bf:ec:
                    46:6d:ea:25:fe:64:7e:54:30:3d:73:62:b5:ad:99:
                    61:ef:1f:93:e4:82:00:a6:d2:ef:0e:07:ab:a7:5a:
                    73:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8D:48:09:08:01:05:8E:96:76:D4:AA:F2:00:BE:22:08:60:64:FA
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/x41ICQgBBY6WdtSq8gC-IghgZPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:ad:72:b7:fa:b7:2b:1c:e0:39:d5:cd:80:a0:9b:07:7a:55:
         d1:fa:f2:cc:8c:22:75:4d:95:f6:de:88:97:29:eb:17:5a:9c:
         5a:03:80:2a:93:40:d1:e1:d7:c9:36:c3:6c:b9:0f:bf:a0:45:
         5e:cf:0b:9f:0d:4e:54:5f:5f:74:ff:54:0b:c9:73:a3:6f:4e:
         bc:94:d3:fd:99:4c:74:50:be:21:a1:a5:5f:73:d2:b2:e1:64:
         c7:03:5c:db:5a:e8:6a:59:f4:b1:f5:c7:8a:29:a0:88:05:89:
         0b:e6:ec:e6:8f:8a:4d:fc:11:18:1c:49:3b:03:4a:12:69:f6:
         ba:49:18:59:40:af:1d:7f:bf:fe:db:5d:32:0d:45:b9:0d:74:
         2c:53:87:c0:f1:6b:a9:37:0c:a5:60:fc:66:c5:ad:07:05:40:
         84:4a:c6:14:b5:4d:81:d7:08:ca:54:a1:04:e0:13:29:1a:e6:
         91:03:db:ce:0b:92:fa:9f:51:8b:29:c6:27:59:f4:fc:dd:c1:
         37:50:a2:b9:4d:17:46:29:01:ca:d3:e5:3e:0c:2c:84:48:96:
         f5:b9:7e:51:7c:76:5d:34:67:0c:8b:a2:4c:ae:48:d6:9a:bf:
         63:8b:45:ad:cb:8d:d3:31:61:84:1c:d4:21:cf:01:a6:ed:49:
         03:19:c2:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb9y7r4w+6MqdqGgdt2BpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhkNDgwOTA4MDEwNThlOTY3NmQ0YWFmMjAwYmUyMjA4NjA2NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgijjkredMmGjWKyxxsrb13XlsI5t
+EY2ZGATGrILL/fuTEv//LgwT5CBAB+849ybRsEM70TLDcgm1HrzvV3Zwlby0b9h
uj5H3zByA9lhew7jjjROD4TFfSXHSVKuPOAvL+qv9hnuXZ6iMWYFv0/ACYeMy5Q5
WBkPLVFCb/priVgY75jYrhtdYdmGXymxLRLEENuYVVThpHeSh3ZCZ3a7esNSDbDm
AEXP5MK9qvKPNX+TYDNHUV3A0UoyskLABgllLM6qW/orQi7CQAINJPXfIIfdrFQ0
bc5Tte2+16z5v+xGbeol/mR+VDA9c2K1rZlh7x+T5IIAptLvDgerp1pzrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMeNSAkIAQWOlnbUqvIAviIIYGT6MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEveDQxSUNRZ0JCWTZXZHRTcThnQy1JZ2hnWlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQADx
MA0GCSqGSIb3DQEBCwUAA4IBAQAFrXK3+rcrHOA51c2AoJsHelXR+vLMjCJ1TZX2
3oiXKesXWpxaA4Aqk0DR4dfJNsNsuQ+/oEVezwufDU5UX190/1QLyXOjb068lNP9
mUx0UL4hoaVfc9Ky4WTHA1zbWuhqWfSx9ceKKaCIBYkL5uzmj4pN/BEYHEk7A0oS
afa6SRhZQK8df7/+210yDUW5DXQsU4fA8WupNwylYPxmxa0HBUCESsYUtU2B1wjK
VKEE4BMpGuaRA9vOC5L6n1GLKcYnWfT83cE3UKK5TRdGKQHK0+U+DCyESJb1uX5R
fHZdNGcMi6JMrkjWmr9ji0Wty43TMWGEHNQhzwGm7UkDGcLC
-----END CERTIFICATE-----