Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/2wtNxLssaja3WyZdSwaWYv-PRHM.roa
File:                     2wtNxLssaja3WyZdSwaWYv-PRHM.roa (raw, json)
Hash identifier:          LFkD60r7wS0DtPuypl8W+PsJg4syL/ha84vB8N9yR90=
Subject key identifier:   DB:0B:4D:C4:BB:2C:6A:36:B7:5B:26:5D:4B:06:96:62:FF:8F:44:73
Certificate issuer:       /CN=ff597b40c6d4469f9b914a78dc8ec439323b0fb8
Certificate serial:       018CC26D85A87980E10F4A038B63B5D404BC
Authority key identifier: FF:59:7B:40:C6:D4:46:9F:9B:91:4A:78:DC:8E:C4:39:32:3B:0F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_1l7QMbURp-bkUp43I7EOTI7D7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/2wtNxLssaja3WyZdSwaWYv-PRHM.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0b:4581::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/_1l7QMbURp-bkUp43I7EOTI7D7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/_1l7QMbURp-bkUp43I7EOTI7D7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_1l7QMbURp-bkUp43I7EOTI7D7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:85:a8:79:80:e1:0f:4a:03:8b:63:b5:d4:04:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff597b40c6d4469f9b914a78dc8ec439323b0fb8
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db0b4dc4bb2c6a36b75b265d4b069662ff8f4473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1a:6c:35:48:c7:8d:4c:d5:d6:4c:d4:74:89:
                    7a:10:04:ca:78:cc:8f:ef:d0:16:d6:a2:d0:3f:13:
                    80:f8:4f:af:03:90:21:67:da:4f:89:a0:ee:0d:9a:
                    eb:97:73:b9:c9:e0:1c:64:70:a7:3a:f7:e8:f4:70:
                    b3:45:48:88:f3:22:62:0d:4c:af:dd:59:96:a4:11:
                    9c:86:c8:5e:25:b1:98:fc:7d:bf:ee:9d:9c:db:61:
                    c3:2e:e1:dd:39:ca:69:4e:7a:f2:8a:1a:39:99:ac:
                    df:a0:c4:2f:bb:6d:2e:80:09:e1:9b:d5:2b:1c:6f:
                    a7:d7:3b:e3:54:9d:bf:d0:78:65:3f:87:9f:0f:c1:
                    25:d8:11:a0:33:0b:1b:c3:56:28:ae:69:54:fb:1a:
                    c5:07:18:af:ed:c9:02:db:cc:7f:d4:84:79:a0:70:
                    6c:be:4e:22:08:33:5d:7f:4d:34:10:0f:30:99:44:
                    00:ff:e1:2b:83:50:fe:71:4a:04:d5:4c:29:26:80:
                    a7:3e:76:7d:ac:ed:35:7c:82:30:68:a7:bf:d6:fb:
                    eb:0c:5f:56:91:b9:9e:80:32:db:b9:63:c1:0d:4a:
                    61:41:9f:56:39:40:0f:1e:f6:c9:73:da:04:68:c4:
                    8a:cf:8c:90:a9:ab:43:f3:18:e3:c6:97:2c:ab:7c:
                    d9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:0B:4D:C4:BB:2C:6A:36:B7:5B:26:5D:4B:06:96:62:FF:8F:44:73
            X509v3 Authority Key Identifier:
                keyid:FF:59:7B:40:C6:D4:46:9F:9B:91:4A:78:DC:8E:C4:39:32:3B:0F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_1l7QMbURp-bkUp43I7EOTI7D7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/2wtNxLssaja3WyZdSwaWYv-PRHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/bfb27a-f005-48cb-9473-ffb2ef4bfe25/1/_1l7QMbURp-bkUp43I7EOTI7D7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4581::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:ad:2f:34:9e:17:ce:63:fb:4d:36:b1:60:ac:84:9a:b0:fb:
         43:c4:c1:a0:73:5f:ed:a9:b4:e2:bd:ea:16:bf:b4:0e:92:97:
         59:37:77:ec:23:98:44:e1:a2:a0:17:31:5c:37:12:0b:fd:aa:
         dc:fa:40:3e:e4:cb:0d:dd:dc:62:3f:3a:84:78:da:27:58:ea:
         6e:f4:e2:49:80:bc:98:c7:6f:8e:30:02:a4:ed:dd:3a:bf:64:
         9a:e2:21:40:09:ac:9a:00:bc:90:52:f4:a6:15:f4:f5:36:be:
         29:32:f8:b4:78:0c:30:2e:18:fa:ce:61:ed:c9:34:2d:26:b1:
         f7:9a:de:c0:c6:88:09:a6:84:dc:cf:3a:fe:04:6c:ce:cf:d4:
         dd:75:fa:f9:cd:5e:d0:27:1f:0f:4d:a6:1f:22:2f:19:66:56:
         c6:9d:ab:87:e6:53:7b:a4:d4:c7:16:e5:a3:5c:37:36:32:d5:
         61:eb:dc:66:f6:e2:2f:47:df:ba:de:3a:3c:c2:eb:d0:24:53:
         4f:16:60:aa:42:01:10:75:23:b7:56:5a:b9:6d:8a:eb:c2:12:
         41:25:b3:ce:f3:80:26:f0:b4:41:94:86:be:6d:ca:21:71:9d:
         b7:c5:4e:99:22:b8:e5:14:e3:2c:1f:32:eb:78:9c:05:78:b8:
         13:7b:3e:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbYWoeYDhD0oDi2O11AS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNTk3YjQwYzZkNDQ2OWY5YjkxNGE3OGRjOGVjNDM5MzIz
YjBmYjgwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjBiNGRjNGJiMmM2YTM2Yjc1YjI2NWQ0YjA2OTY2MmZmOGY0NDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBpsNUjHjUzV1kzUdIl6EATKeMyP
79AW1qLQPxOA+E+vA5AhZ9pPiaDuDZrrl3O5yeAcZHCnOvfo9HCzRUiI8yJiDUyv
3VmWpBGchsheJbGY/H2/7p2c22HDLuHdOcppTnryiho5mazfoMQvu20ugAnhm9Ur
HG+n1zvjVJ2/0HhlP4efD8El2BGgMwsbw1YormlU+xrFBxiv7ckC28x/1IR5oHBs
vk4iCDNdf000EA8wmUQA/+Erg1D+cUoE1UwpJoCnPnZ9rO01fIIwaKe/1vvrDF9W
kbmegDLbuWPBDUphQZ9WOUAPHvbJc9oEaMSKz4yQqatD8xjjxpcsq3zZ+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNsLTcS7LGo2t1smXUsGlmL/j0RzMB8GA1UdIwQY
MBaAFP9Ze0DG1Eafm5FKeNyOxDkyOw+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzFsN1FNYlVScC1ia1VwNDNJN0VPVEk3RDdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iZmIyN2EtZjAwNS00OGNiLTk0NzMt
ZmZiMmVmNGJmZTI1LzEvMnd0TnhMc3NhamEzV3laZFN3YVdZdi1QUkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iZmIyN2EtZjAwNS00OGNiLTk0NzMtZmZiMmVmNGJmZTI1
LzEvXzFsN1FNYlVScC1ia1VwNDNJN0VPVEk3RDdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtFgQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB4rS80nhfOY/tNNrFgrISasPtDxMGgc1/tqbTi
veoWv7QOkpdZN3fsI5hE4aKgFzFcNxIL/arc+kA+5MsN3dxiPzqEeNonWOpu9OJJ
gLyYx2+OMAKk7d06v2Sa4iFACayaALyQUvSmFfT1Nr4pMvi0eAwwLhj6zmHtyTQt
JrH3mt7AxogJpoTczzr+BGzOz9Tddfr5zV7QJx8PTaYfIi8ZZlbGnauH5lN7pNTH
FuWjXDc2MtVh69xm9uIvR9+63jo8wuvQJFNPFmCqQgEQdSO3Vlq5bYrrwhJBJbPO
84Am8LRBlIa+bcohcZ23xU6ZIrjlFOMsHzLreJwFeLgTez7g
-----END CERTIFICATE-----