Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/7bJXskbznb0ncquvAgjTA7MzrUc.roa
File:                     7bJXskbznb0ncquvAgjTA7MzrUc.roa (raw, json)
Hash identifier:          3k5yk4XsFp7D3dxp716QjTvf8HxoYfTiCgc9Sbgqm5w=
Subject key identifier:   ED:B2:57:B2:46:F3:9D:BD:27:72:AB:AF:02:08:D3:03:B3:33:AD:47
Certificate issuer:       /CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
Certificate serial:       018CC50079261DB963D1963C37DEE807FFE6
Authority key identifier: DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/7bJXskbznb0ncquvAgjTA7MzrUc.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        2a02:45c0:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/29T45HYjd_hrB6h1P26Y9vS2t5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/29T45HYjd_hrB6h1P26Y9vS2t5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:79:26:1d:b9:63:d1:96:3c:37:de:e8:07:ff:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd4f8e4762377f86b07a8753f6e98f6f4b6b792
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edb257b246f39dbd2772abaf0208d303b333ad47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c9:98:28:8e:c7:d8:c8:81:50:eb:34:01:28:
                    11:60:1f:f3:1b:cd:07:7d:ef:c2:72:cf:86:7d:ec:
                    d2:02:c1:c2:dd:02:16:ba:4e:f2:23:bb:ce:66:79:
                    47:d2:14:24:78:90:7d:3d:6c:3f:fd:f1:d8:6a:01:
                    70:df:ba:24:32:35:ee:8d:ab:55:e9:ef:9f:5d:f4:
                    00:ba:55:14:dd:36:b3:08:19:b0:12:44:38:6e:79:
                    46:39:15:cc:0f:69:f7:7d:9b:df:0b:14:ba:f3:70:
                    99:1a:20:48:a1:7f:14:e4:fe:81:a6:cf:43:de:6a:
                    3a:cc:67:8b:64:71:d5:64:a4:85:17:1e:e8:54:47:
                    41:32:0c:d3:43:28:62:9d:55:cc:8b:26:96:af:24:
                    00:f2:e8:cc:23:9b:89:85:69:07:10:92:28:77:5e:
                    2d:b1:27:0f:76:14:89:49:22:c7:09:9d:b1:11:84:
                    91:3a:45:9f:1a:5f:42:5e:8f:49:f3:33:dd:4b:70:
                    ca:08:8d:4a:b6:4a:40:f8:b8:57:8a:fb:0f:1a:7a:
                    f4:8e:74:57:5c:25:bb:5d:44:56:2f:f6:ed:22:8c:
                    44:12:fe:72:44:d2:a4:46:14:f7:bd:80:e7:c7:4b:
                    4a:02:0d:34:57:b6:ed:f8:85:e5:a7:fe:1d:21:c0:
                    cd:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B2:57:B2:46:F3:9D:BD:27:72:AB:AF:02:08:D3:03:B3:33:AD:47
            X509v3 Authority Key Identifier:
                keyid:DB:D4:F8:E4:76:23:77:F8:6B:07:A8:75:3F:6E:98:F6:F4:B6:B7:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29T45HYjd_hrB6h1P26Y9vS2t5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/7bJXskbznb0ncquvAgjTA7MzrUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/d3f65d-afab-4d28-b46e-620a79cf792b/1/29T45HYjd_hrB6h1P26Y9vS2t5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:45c0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         ce:6a:87:e6:ec:67:c8:e9:a3:38:cc:9a:3c:59:22:53:a0:48:
         3d:04:8c:d5:b3:1a:c8:8f:62:ed:de:f8:15:d4:0d:c9:4c:ba:
         75:93:08:5a:4c:03:45:26:86:aa:d3:d5:da:13:d6:00:b9:f9:
         03:56:77:03:24:f3:11:f6:45:38:ef:53:f8:7b:86:2d:cf:9b:
         5b:d6:c2:0b:03:36:39:24:16:36:e5:62:b9:22:b5:d2:10:6c:
         9b:53:62:7d:a6:b9:1f:13:21:7f:10:31:a4:5b:b8:22:d3:fe:
         c5:79:a8:8a:5f:65:42:91:84:e7:38:ed:87:7d:b0:dc:ad:96:
         ee:f7:8a:9a:b2:41:46:4b:86:77:89:05:f8:33:82:cc:1e:bd:
         59:50:9f:5e:7e:0a:f7:a0:ad:44:dc:1f:a9:e1:13:1a:47:da:
         d5:60:ad:c7:05:4f:01:d2:6d:9f:26:72:cb:c6:dc:14:f2:fd:
         26:cd:a0:d6:27:13:3e:22:10:50:6d:ad:17:1d:62:34:94:b6:
         a7:ec:e9:3d:39:71:c7:bf:ed:e9:8c:66:68:02:6d:bc:62:b4:
         5e:fa:75:65:4a:eb:d8:f7:b2:24:e1:97:01:0e:ba:d1:59:98:
         0a:f9:8b:5a:16:84:01:78:2b:ae:ef:35:0c:5c:51:6f:3c:bb:
         9c:b2:b3:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAHkmHblj0ZY8N97oB//mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDRmOGU0NzYyMzc3Zjg2YjA3YTg3NTNmNmU5OGY2ZjRi
NmI3OTIwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGIyNTdiMjQ2ZjM5ZGJkMjc3MmFiYWYwMjA4ZDMwM2IzMzNhZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcmYKI7H2MiBUOs0ASgRYB/zG80H
fe/Ccs+GfezSAsHC3QIWuk7yI7vOZnlH0hQkeJB9PWw//fHYagFw37okMjXujatV
6e+fXfQAulUU3TazCBmwEkQ4bnlGORXMD2n3fZvfCxS683CZGiBIoX8U5P6Bps9D
3mo6zGeLZHHVZKSFFx7oVEdBMgzTQyhinVXMiyaWryQA8ujMI5uJhWkHEJIod14t
sScPdhSJSSLHCZ2xEYSROkWfGl9CXo9J8zPdS3DKCI1KtkpA+LhXivsPGnr0jnRX
XCW7XURWL/btIoxEEv5yRNKkRhT3vYDnx0tKAg00V7bt+IXlp/4dIcDNcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO2yV7JG8529J3KrrwII0wOzM61HMB8GA1UdIwQY
MBaAFNvU+OR2I3f4aweodT9umPb0treSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUt
NjIwYTc5Y2Y3OTJiLzEvN2JKWHNrYnpuYjBuY3F1dkFnalRBN016clVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kM2Y2NWQtYWZhYi00ZDI4LWI0NmUtNjIwYTc5Y2Y3OTJi
LzEvMjlUNDVIWWpkX2hyQjZoMVAyNlk5dlMydDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJFwAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQDOaofm7GfI6aM4zJo8WSJToEg9BIzVsxrIj2Lt
3vgV1A3JTLp1kwhaTANFJoaq09XaE9YAufkDVncDJPMR9kU471P4e4Ytz5tb1sIL
AzY5JBY25WK5IrXSEGybU2J9prkfEyF/EDGkW7gi0/7FeaiKX2VCkYTnOO2HfbDc
rZbu94qaskFGS4Z3iQX4M4LMHr1ZUJ9efgr3oK1E3B+p4RMaR9rVYK3HBU8B0m2f
JnLLxtwU8v0mzaDWJxM+IhBQba0XHWI0lLan7Ok9OXHHv+3pjGZoAm28YrRe+nVl
SuvY97Ik4ZcBDrrRWZgK+YtaFoQBeCuu7zUMXFFvPLucsrPR
-----END CERTIFICATE-----