Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/1L_7GrhEojWz71Err50z2zeJmkM.roa
File:                     1L_7GrhEojWz71Err50z2zeJmkM.roa (raw, json)
Hash identifier:          O4sbn+sPxAS6Z60jMR6yykMYs4JgvCE7GenT6UM7pHQ=
Subject key identifier:   D4:BF:FB:1A:B8:44:A2:35:B3:EF:51:2B:AF:9D:33:DB:37:89:9A:43
Certificate issuer:       /CN=16fe0d024cddbaf868229122158971472b24cb4d
Certificate serial:       018CC56DF40E1D44001BAF65DA38ABD8AE51
Authority key identifier: 16:FE:0D:02:4C:DD:BA:F8:68:22:91:22:15:89:71:47:2B:24:CB:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fv4NAkzduvhoIpEiFYlxRysky00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/1L_7GrhEojWz71Err50z2zeJmkM.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57048
IP address blocks:        2a0e:f7c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/Fv4NAkzduvhoIpEiFYlxRysky00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/Fv4NAkzduvhoIpEiFYlxRysky00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fv4NAkzduvhoIpEiFYlxRysky00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:0e:1d:44:00:1b:af:65:da:38:ab:d8:ae:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16fe0d024cddbaf868229122158971472b24cb4d
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4bffb1ab844a235b3ef512baf9d33db37899a43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:aa:e8:91:87:1f:df:7c:95:0a:31:f9:3f:8e:
                    52:53:54:08:ec:55:b0:15:ae:07:0d:2c:85:c0:ba:
                    33:e1:b1:3c:e2:a6:e8:98:d8:7b:41:2c:44:9c:a9:
                    37:64:c9:b9:63:4a:b1:2e:04:18:4c:9c:9f:00:07:
                    18:0b:18:94:ca:f8:5b:5d:b2:71:1e:98:cd:a4:59:
                    db:4f:32:ae:55:01:ba:63:09:98:2c:46:f9:fd:5d:
                    aa:60:47:b2:19:e1:09:0a:02:ce:88:8a:d3:99:56:
                    6a:7d:e9:32:70:e6:61:39:ca:49:a5:dd:36:58:df:
                    ae:80:ff:53:95:e0:fc:4a:7e:f4:76:58:f5:95:27:
                    a5:03:3c:79:77:e8:e8:03:44:15:59:56:a7:8b:f9:
                    2d:35:9f:1a:bd:08:87:d4:da:ce:86:1b:53:87:40:
                    68:e4:d5:4b:c0:44:fa:29:31:29:b0:30:b8:e3:d6:
                    fa:35:af:a1:7c:2b:08:3e:79:54:85:41:24:a5:6b:
                    b8:d2:6e:24:30:8a:d4:d7:28:de:4c:4e:0f:77:84:
                    d9:64:2a:d6:01:c2:3f:62:cf:b8:df:44:43:ae:5d:
                    e7:68:d4:fa:57:3d:aa:66:13:21:1c:dd:4f:66:c1:
                    88:cc:60:0e:c5:34:be:2a:a3:3a:4b:a5:fe:c0:08:
                    45:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:BF:FB:1A:B8:44:A2:35:B3:EF:51:2B:AF:9D:33:DB:37:89:9A:43
            X509v3 Authority Key Identifier:
                keyid:16:FE:0D:02:4C:DD:BA:F8:68:22:91:22:15:89:71:47:2B:24:CB:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fv4NAkzduvhoIpEiFYlxRysky00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/1L_7GrhEojWz71Err50z2zeJmkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/Fv4NAkzduvhoIpEiFYlxRysky00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:2a:bc:0d:3f:a2:e8:e3:e6:7a:92:ef:48:eb:5a:2e:46:56:
         81:42:0e:8b:42:b2:ad:91:db:70:30:b2:6d:77:f4:58:17:f0:
         a5:25:dd:79:76:4b:05:38:79:16:5d:32:3f:9a:ea:11:59:28:
         73:2a:13:78:36:fd:e9:33:f7:a7:ee:3f:a3:b6:12:44:bc:93:
         50:8b:ac:ba:47:c1:10:ee:d7:90:5e:94:d6:16:c3:80:25:20:
         54:86:87:cd:f5:0b:fd:bf:8f:c8:f6:f6:f8:75:46:9d:b5:11:
         e6:78:1a:23:94:0d:c6:f8:c6:a9:8f:83:50:19:fc:02:cf:36:
         f4:80:07:29:a8:e0:cd:76:e8:79:b0:fd:2c:ca:8e:4a:88:a8:
         4f:04:99:68:1b:59:66:20:ec:83:30:1d:3f:ce:3e:14:fc:9d:
         db:68:0e:02:34:2d:7b:45:ed:91:ed:e5:fa:de:dc:f6:08:70:
         ed:4b:ff:42:11:7a:4b:2a:05:a3:60:5b:2a:5f:06:e4:82:86:
         ef:42:57:89:a4:a2:60:5a:d0:10:35:98:ef:5e:05:46:58:29:
         56:87:c2:00:02:a3:7c:fe:65:d5:d7:1a:67:0d:ec:fd:d1:4f:
         6b:62:b8:c4:22:7c:4f:2a:ae:ea:17:eb:2a:b9:ef:c2:51:84:
         3b:df:72:33
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbfQOHUQAG69l2jir2K5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZmUwZDAyNGNkZGJhZjg2ODIyOTEyMjE1ODk3MTQ3MmIy
NGNiNGQwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGJmZmIxYWI4NDRhMjM1YjNlZjUxMmJhZjlkMzNkYjM3ODk5YTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoarokYcf33yVCjH5P45SU1QI7FWw
Fa4HDSyFwLoz4bE84qbomNh7QSxEnKk3ZMm5Y0qxLgQYTJyfAAcYCxiUyvhbXbJx
HpjNpFnbTzKuVQG6YwmYLEb5/V2qYEeyGeEJCgLOiIrTmVZqfekycOZhOcpJpd02
WN+ugP9TleD8Sn70dlj1lSelAzx5d+joA0QVWVani/ktNZ8avQiH1NrOhhtTh0Bo
5NVLwET6KTEpsDC449b6Na+hfCsIPnlUhUEkpWu40m4kMIrU1yjeTE4Pd4TZZCrW
AcI/Ys+430RDrl3naNT6Vz2qZhMhHN1PZsGIzGAOxTS+KqM6S6X+wAhFkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNS/+xq4RKI1s+9RK6+dM9s3iZpDMB8GA1UdIwQY
MBaAFBb+DQJM3br4aCKRIhWJcUcrJMtNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnY0TkFremR1dmhvSXBFaUZZbHhSeXNreTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80NjE2ZDctZTgwOC00ZTQ3LWE2NDYt
NWIyZjkwZGY3OTZkLzEvMUxfN0dyaEVvald6NzFFcnI1MHoyemVKbWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80NjE2ZDctZTgwOC00ZTQ3LWE2NDYtNWIyZjkwZGY3OTZk
LzEvRnY0TkFremR1dmhvSXBFaUZZbHhSeXNreTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg73wDAN
BgkqhkiG9w0BAQsFAAOCAQEAnCq8DT+i6OPmepLvSOtaLkZWgUIOi0KyrZHbcDCy
bXf0WBfwpSXdeXZLBTh5Fl0yP5rqEVkocyoTeDb96TP3p+4/o7YSRLyTUIusukfB
EO7XkF6U1hbDgCUgVIaHzfUL/b+PyPb2+HVGnbUR5ngaI5QNxvjGqY+DUBn8As82
9IAHKajgzXboebD9LMqOSoioTwSZaBtZZiDsgzAdP84+FPyd22gOAjQte0Xtke3l
+t7c9ghw7Uv/QhF6SyoFo2BbKl8G5IKG70JXiaSiYFrQEDWY714FRlgpVofCAAKj
fP5l1dcaZw3s/dFPa2K4xCJ8Tyqu6hfrKrnvwlGEO99yMw==
-----END CERTIFICATE-----