Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/tpVFtOCTVjH-iTpQ-fzEcKiv8l8.roa
File:                     tpVFtOCTVjH-iTpQ-fzEcKiv8l8.roa (raw, json)
Hash identifier:          oWIwSvnTsWu9V0Zv/QuoNlYCmAHobFmRm/GT1LLerpI=
Subject key identifier:   B6:95:45:B4:E0:93:56:31:FE:89:3A:50:F9:FC:C4:70:A8:AF:F2:5F
Certificate issuer:       /CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
Certificate serial:       018CC7942BE61F201AC01E0AB0E2C9CC3F15
Authority key identifier: 95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/tpVFtOCTVjH-iTpQ-fzEcKiv8l8.roa
Signing time:             Tue 02 Jan 2024 00:30:25 +0000
ROA not before:           Tue 02 Jan 2024 00:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206804
IP address blocks:        2a03:efc0:2100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2b:e6:1f:20:1a:c0:1e:0a:b0:e2:c9:cc:3f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9502d8b8269c6b07f814acf0c7ed729b3f4b5984
        Validity
            Not Before: Jan  2 00:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b69545b4e0935631fe893a50f9fcc470a8aff25f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cb:dc:a1:fa:d5:56:f3:f6:eb:ac:fd:44:02:
                    b3:aa:69:75:d0:6b:18:42:a0:39:80:f6:b6:b3:4b:
                    d6:f9:2d:f2:da:7e:1c:ea:48:ba:75:db:68:a2:53:
                    86:e6:66:5f:43:bc:2d:02:8e:a8:1b:ac:73:1e:88:
                    28:5f:73:f8:c8:d6:36:e2:5f:cc:f8:e5:60:d6:2a:
                    93:1f:b1:b0:93:4f:08:05:d6:9c:ed:25:92:5f:56:
                    fb:8a:b0:63:57:29:98:5d:fb:26:04:a5:29:ef:5e:
                    0b:f3:e9:97:b6:a8:2c:bf:fd:d9:9d:28:19:fc:87:
                    ab:45:e9:4f:00:2d:da:2a:1c:73:07:dd:d0:a3:52:
                    f2:c3:0b:34:11:6e:64:48:07:79:5f:42:97:16:86:
                    bf:80:6d:b8:89:22:c7:e8:ac:4f:4d:39:e2:4d:33:
                    c6:95:38:f3:cc:49:26:bb:52:d4:78:6b:04:0d:5d:
                    da:ba:f3:78:cf:4b:fb:a5:67:5b:4e:37:2b:22:de:
                    8d:20:ab:10:b4:37:94:58:8c:d4:48:11:80:c1:7b:
                    3a:98:03:c7:bc:82:f8:5f:73:a5:5c:78:23:d9:84:
                    b2:1f:34:89:1d:ad:b1:e4:43:1d:e5:56:aa:56:a7:
                    59:a2:e5:31:1f:5b:90:b1:81:0e:70:77:c5:e7:b5:
                    1d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:95:45:B4:E0:93:56:31:FE:89:3A:50:F9:FC:C4:70:A8:AF:F2:5F
            X509v3 Authority Key Identifier:
                keyid:95:02:D8:B8:26:9C:6B:07:F8:14:AC:F0:C7:ED:72:9B:3F:4B:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQLYuCacawf4FKzwx-1ymz9LWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/tpVFtOCTVjH-iTpQ-fzEcKiv8l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9decaf-47eb-4349-9e86-01b8bb6ad90a/1/lQLYuCacawf4FKzwx-1ymz9LWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:efc0:2100::/40

    Signature Algorithm: sha256WithRSAEncryption
         99:6d:a3:f0:9e:03:7a:d1:87:a7:55:f9:54:9f:31:01:bc:35:
         47:49:de:84:f5:cf:ab:3f:fa:f4:cc:e5:d2:2e:9c:74:72:08:
         ff:c5:84:a2:f6:c8:2f:ec:02:d4:8c:aa:68:62:8a:a2:82:5b:
         a2:0a:0b:9b:ad:89:78:1c:72:c8:66:95:ac:42:46:72:a6:b7:
         b7:7d:86:f2:2b:8b:d3:73:76:e5:cc:dd:8f:73:06:ea:ee:03:
         1b:e9:55:5c:87:bc:cf:ff:2d:79:c8:05:bd:a2:04:03:83:03:
         e7:e4:a9:eb:d9:3e:f3:20:6b:ac:91:00:e6:8c:b3:55:a9:fd:
         19:48:46:99:4d:be:3a:34:66:9b:8d:01:c3:d3:22:7c:f5:b4:
         e1:a4:7a:e3:32:16:69:13:85:a0:1a:5f:04:47:8b:de:19:cb:
         7e:be:a1:9e:d5:62:8a:e9:fb:72:58:fc:98:26:da:2b:b0:6e:
         1b:3c:3a:3e:54:b5:ba:ae:ee:42:c2:cd:5e:69:dd:e7:8e:c3:
         51:c4:7e:36:e2:3a:b0:32:64:71:3d:d9:dc:9d:51:35:3b:52:
         cc:1b:30:24:0a:16:47:ae:9e:7e:4e:d2:71:66:a7:15:34:5c:
         c0:0b:49:8e:da:d1:67:19:4c:3f:a5:2f:b6:1d:66:6f:64:f3:
         b1:9e:80:0e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlCvmHyAawB4KsOLJzD8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDJkOGI4MjY5YzZiMDdmODE0YWNmMGM3ZWQ3MjliM2Y0
YjU5ODQwHhcNMjQwMTAyMDAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjk1NDViNGUwOTM1NjMxZmU4OTNhNTBmOWZjYzQ3MGE4YWZmMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMvcofrVVvP266z9RAKzqml10GsY
QqA5gPa2s0vW+S3y2n4c6ki6ddtoolOG5mZfQ7wtAo6oG6xzHogoX3P4yNY24l/M
+OVg1iqTH7Gwk08IBdac7SWSX1b7irBjVymYXfsmBKUp714L8+mXtqgsv/3ZnSgZ
/IerRelPAC3aKhxzB93Qo1Lywws0EW5kSAd5X0KXFoa/gG24iSLH6KxPTTniTTPG
lTjzzEkmu1LUeGsEDV3auvN4z0v7pWdbTjcrIt6NIKsQtDeUWIzUSBGAwXs6mAPH
vIL4X3OlXHgj2YSyHzSJHa2x5EMd5VaqVqdZouUxH1uQsYEOcHfF57UdJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLaVRbTgk1Yx/ok6UPn8xHCor/JfMB8GA1UdIwQY
MBaAFJUC2LgmnGsH+BSs8Mftcps/S1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYt
MDFiOGJiNmFkOTBhLzEvdHBWRnRPQ1RWakgtaVRwUS1mekVjS2l2OGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZGVjYWYtNDdlYi00MzQ5LTllODYtMDFiOGJiNmFkOTBh
LzEvbFFMWXVDYWNhd2Y0Rkt6d3gtMXltejlMV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgPvwCEw
DQYJKoZIhvcNAQELBQADggEBAJlto/CeA3rRh6dV+VSfMQG8NUdJ3oT1z6s/+vTM
5dIunHRyCP/FhKL2yC/sAtSMqmhiiqKCW6IKC5utiXgccshmlaxCRnKmt7d9hvIr
i9NzduXM3Y9zBuruAxvpVVyHvM//LXnIBb2iBAODA+fkqevZPvMga6yRAOaMs1Wp
/RlIRplNvjo0ZpuNAcPTInz1tOGkeuMyFmkThaAaXwRHi94Zy36+oZ7VYorp+3JY
/Jgm2iuwbhs8Oj5Utbqu7kLCzV5p3eeOw1HEfjbiOrAyZHE92dydUTU7UswbMCQK
Fkeunn5O0nFmpxU0XMALSY7a0WcZTD+lL7YdZm9k87GegA4=
-----END CERTIFICATE-----