Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/321889-abc6-43a8-b28a-bb29063f4881/1/8sJ26ivXixcrMxFSRjNwqFmfcN4.roa
File:                     8sJ26ivXixcrMxFSRjNwqFmfcN4.roa (raw, json)
Hash identifier:          Q0VnJ3nIOvd3ftcF3NH5hzfM8Q94jyMHrfiKGij2p80=
Subject key identifier:   F2:C2:76:EA:2B:D7:8B:17:2B:33:11:52:46:33:70:A8:59:9F:70:DE
Certificate issuer:       /CN=b7b9fc504a4d2178ae4f73c877c5f907bb476bf8
Certificate serial:       0191CD1E5409BBCCBEE48BDDBC3BA9A3CFAD
Authority key identifier: B7:B9:FC:50:4A:4D:21:78:AE:4F:73:C8:77:C5:F9:07:BB:47:6B:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t7n8UEpNIXiuT3PId8X5B7tHa_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/321889-abc6-43a8-b28a-bb29063f4881/1/8sJ26ivXixcrMxFSRjNwqFmfcN4.roa
Signing time:             Sat 07 Sep 2024 15:33:22 +0000
ROA not before:           Sat 07 Sep 2024 15:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2001:7f8:c5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/321889-abc6-43a8-b28a-bb29063f4881/1/t7n8UEpNIXiuT3PId8X5B7tHa_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/321889-abc6-43a8-b28a-bb29063f4881/1/t7n8UEpNIXiuT3PId8X5B7tHa_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t7n8UEpNIXiuT3PId8X5B7tHa_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:cd:1e:54:09:bb:cc:be:e4:8b:dd:bc:3b:a9:a3:cf:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7b9fc504a4d2178ae4f73c877c5f907bb476bf8
        Validity
            Not Before: Sep  7 15:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2c276ea2bd78b172b331152463370a8599f70de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:42:b0:6e:7f:13:a7:a9:13:25:03:c2:1b:63:
                    c0:c6:31:8e:06:80:a0:d2:24:22:ba:ee:fb:14:c2:
                    47:9f:b6:a2:e6:90:94:82:43:18:80:d7:5c:d8:b1:
                    5a:51:6e:62:76:0f:18:51:77:2a:ad:03:97:c9:6d:
                    b7:57:a1:7e:db:f7:69:fa:6e:ab:7c:bf:1a:5c:2f:
                    59:14:c8:bd:aa:97:12:91:31:03:08:74:2e:e7:7b:
                    f5:3c:9e:31:cf:f2:eb:27:54:5a:63:33:5a:4a:ce:
                    b8:65:cc:d2:94:cc:60:5b:5b:5e:0d:85:8d:98:4c:
                    ab:83:3d:0c:88:b0:7f:9b:a9:d2:75:71:ff:b5:ec:
                    10:aa:51:49:e0:61:20:65:bf:cc:bf:ac:d0:46:f2:
                    de:9c:56:37:44:f6:fe:a6:2b:8b:d4:58:f9:d9:dd:
                    ed:08:70:52:26:34:f3:3a:df:57:7b:80:1f:a8:de:
                    27:19:d1:42:e0:d7:31:9f:e5:0d:dc:07:b9:7d:b6:
                    16:68:bf:77:fc:ef:76:21:b0:83:d1:9b:c3:e7:3d:
                    86:8d:33:c0:41:12:8a:e6:45:61:7d:78:1b:c8:50:
                    be:e2:51:e3:e6:be:96:c8:27:8d:dc:67:f1:9e:6c:
                    96:5a:83:c3:e2:0f:7b:7c:8a:e3:f0:5b:d9:44:c7:
                    a6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C2:76:EA:2B:D7:8B:17:2B:33:11:52:46:33:70:A8:59:9F:70:DE
            X509v3 Authority Key Identifier:
                keyid:B7:B9:FC:50:4A:4D:21:78:AE:4F:73:C8:77:C5:F9:07:BB:47:6B:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t7n8UEpNIXiuT3PId8X5B7tHa_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/321889-abc6-43a8-b28a-bb29063f4881/1/8sJ26ivXixcrMxFSRjNwqFmfcN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/321889-abc6-43a8-b28a-bb29063f4881/1/t7n8UEpNIXiuT3PId8X5B7tHa_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:c5::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:92:78:41:58:bc:4f:cb:40:f3:38:d7:63:6a:84:09:f7:39:
         a5:6a:1b:eb:30:c7:bb:83:cd:08:d3:9b:e4:6c:d7:92:c2:46:
         44:5a:d6:8d:50:ff:e7:d2:e9:05:f8:c0:87:44:6f:c9:28:9d:
         f4:ce:9c:e3:30:3f:d7:a8:5d:45:35:54:16:c1:e4:2e:87:2a:
         c3:0d:b5:07:63:fa:79:f4:60:2d:ef:25:92:60:e2:36:94:aa:
         cc:69:09:16:bb:51:4f:2a:5c:27:39:79:62:f7:42:7d:dd:59:
         26:78:63:3e:d0:59:26:8c:39:94:54:41:58:fe:76:74:83:66:
         01:7f:40:9e:1d:bc:42:95:88:66:39:74:e8:12:5b:2c:75:28:
         af:47:e3:3a:b2:44:0b:08:63:12:a6:7c:01:77:94:72:55:46:
         38:b9:f5:3d:05:7b:fe:70:66:00:33:8b:43:f4:3c:9d:d8:6a:
         87:2a:58:db:b2:20:66:c7:6d:6a:9a:1f:17:9c:4c:95:c2:ae:
         d9:1b:5f:b1:1f:b5:f8:19:36:3b:fb:3f:65:63:b8:78:47:e4:
         00:13:96:94:8a:56:5c:07:d3:ee:f6:91:e3:03:08:80:89:4b:
         e6:ea:45:da:4e:c2:19:25:ff:a1:24:fe:6e:64:a3:f5:4f:2e:
         f9:a6:df:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHNHlQJu8y+5IvdvDupo8+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YjlmYzUwNGE0ZDIxNzhhZTRmNzNjODc3YzVmOTA3YmI0
NzZiZjgwHhcNMjQwOTA3MTUzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmMyNzZlYTJiZDc4YjE3MmIzMzExNTI0NjMzNzBhODU5OWY3MGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkKwbn8Tp6kTJQPCG2PAxjGOBoCg
0iQiuu77FMJHn7ai5pCUgkMYgNdc2LFaUW5idg8YUXcqrQOXyW23V6F+2/dp+m6r
fL8aXC9ZFMi9qpcSkTEDCHQu53v1PJ4xz/LrJ1RaYzNaSs64ZczSlMxgW1teDYWN
mEyrgz0MiLB/m6nSdXH/tewQqlFJ4GEgZb/Mv6zQRvLenFY3RPb+piuL1Fj52d3t
CHBSJjTzOt9Xe4AfqN4nGdFC4Ncxn+UN3Ae5fbYWaL93/O92IbCD0ZvD5z2GjTPA
QRKK5kVhfXgbyFC+4lHj5r6WyCeN3GfxnmyWWoPD4g97fIrj8FvZRMemgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPLCduor14sXKzMRUkYzcKhZn3DeMB8GA1UdIwQY
MBaAFLe5/FBKTSF4rk9zyHfF+Qe7R2v4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDduOFVFcE5JWGl1VDNQSWQ4WDVCN3RIYV9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zMjE4ODktYWJjNi00M2E4LWIyOGEt
YmIyOTA2M2Y0ODgxLzEvOHNKMjZpdlhpeGNyTXhGU1JqTndxRm1mY040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zMjE4ODktYWJjNi00M2E4LWIyOGEtYmIyOTA2M2Y0ODgx
LzEvdDduOFVFcE5JWGl1VDNQSWQ4WDVCN3RIYV9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+ADF
MA0GCSqGSIb3DQEBCwUAA4IBAQAYknhBWLxPy0DzONdjaoQJ9zmlahvrMMe7g80I
05vkbNeSwkZEWtaNUP/n0ukF+MCHRG/JKJ30zpzjMD/XqF1FNVQWweQuhyrDDbUH
Y/p59GAt7yWSYOI2lKrMaQkWu1FPKlwnOXli90J93VkmeGM+0FkmjDmUVEFY/nZ0
g2YBf0CeHbxClYhmOXToElssdSivR+M6skQLCGMSpnwBd5RyVUY4ufU9BXv+cGYA
M4tD9Dyd2GqHKljbsiBmx21qmh8XnEyVwq7ZG1+xH7X4GTY7+z9lY7h4R+QAE5aU
ilZcB9Pu9pHjAwiAiUvm6kXaTsIZJf+hJP5uZKP1Ty75pt8L
-----END CERTIFICATE-----