Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/Q086Pl3LLjwLxERx9wIA7Kg3fW0.roa
File:                     Q086Pl3LLjwLxERx9wIA7Kg3fW0.roa (raw, json)
Hash identifier:          LOIXS70WSR6OyfZ2hf6mn24mM1A5zQAlZmt5gYVMWxQ=
Subject key identifier:   43:4F:3A:3E:5D:CB:2E:3C:0B:C4:44:71:F7:02:00:EC:A8:37:7D:6D
Certificate issuer:       /CN=3eb1788fe220e46434692d1cc437072d792d7888
Certificate serial:       018CC26D114827ED65815B0996AF5E49E628
Authority key identifier: 3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/Q086Pl3LLjwLxERx9wIA7Kg3fW0.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212674
IP address blocks:        2001:7f8:103::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:11:48:27:ed:65:81:5b:09:96:af:5e:49:e6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb1788fe220e46434692d1cc437072d792d7888
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=434f3a3e5dcb2e3c0bc44471f70200eca8377d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:83:19:22:97:2d:79:60:c8:b5:46:32:65:97:
                    82:62:90:c0:6a:95:cb:8d:c8:5c:d1:26:fc:2e:6c:
                    b0:80:c2:79:2d:dc:b6:49:5d:43:4c:a3:b7:d7:93:
                    f3:0d:7b:58:9b:80:47:cc:4c:e6:30:72:01:7e:30:
                    0c:22:af:41:2f:5a:c1:a9:85:8c:86:e5:8d:d2:5b:
                    7a:ba:b4:66:bf:50:ce:f6:86:13:67:c6:c0:c3:76:
                    47:ad:64:41:5a:05:f7:fa:6d:f5:7c:67:ec:b7:7d:
                    5e:5e:d5:b7:97:d9:42:8c:d6:9f:02:1d:3e:c3:7f:
                    18:a3:cb:58:56:cc:e1:a3:ca:79:ac:75:70:07:07:
                    ef:26:e2:95:cc:36:79:3d:17:9d:7a:56:1e:a4:64:
                    60:c1:d6:f4:4a:0f:70:40:5c:72:e3:0c:33:e5:aa:
                    4e:e7:d5:97:a6:74:3a:ae:08:d0:07:bf:cd:59:99:
                    ec:5e:ba:bd:db:2e:c2:f4:bb:5a:f0:fc:9d:e9:05:
                    7a:15:78:29:7c:64:65:33:f5:c8:d8:87:1d:11:c1:
                    de:78:e5:0e:a8:75:2e:55:40:50:b0:ac:7d:e9:f3:
                    38:06:ae:ff:a2:97:30:87:59:03:1a:9e:10:0d:81:
                    cf:53:4d:d2:15:1d:17:e5:f0:37:55:fb:b6:d1:cb:
                    28:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4F:3A:3E:5D:CB:2E:3C:0B:C4:44:71:F7:02:00:EC:A8:37:7D:6D
            X509v3 Authority Key Identifier:
                keyid:3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/Q086Pl3LLjwLxERx9wIA7Kg3fW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:103::/64

    Signature Algorithm: sha256WithRSAEncryption
         0d:0c:d9:c3:49:8b:e3:b6:e8:f1:ce:95:39:6f:00:38:7f:bf:
         0c:1f:27:fb:e4:a6:0d:0f:2d:fd:e5:28:85:87:34:d4:76:bd:
         00:6d:00:82:55:26:cc:fa:d9:a2:3d:9f:e0:a5:f5:49:d5:af:
         4e:8d:ee:9c:d1:60:a6:4c:24:17:03:73:1a:56:de:a0:e6:59:
         5b:35:79:54:bc:b0:6d:27:41:40:f6:3c:d6:77:e7:c5:26:2a:
         00:78:5f:ea:86:32:eb:5b:c1:e3:37:0e:2b:1f:82:32:60:4b:
         8e:1b:39:e1:04:96:0a:ff:82:1a:15:51:f6:10:d0:13:bf:42:
         72:37:02:ef:c0:ec:12:07:3d:33:ac:e3:eb:7e:4f:2e:f3:89:
         90:79:7c:2e:25:a4:7a:ce:b7:de:d5:c6:6d:fb:7d:3f:82:48:
         e5:a2:9a:8c:0c:72:4c:10:f0:9e:5f:9a:f8:2b:6f:28:66:41:
         c1:88:dd:44:6d:11:a5:54:22:5d:f4:9b:2e:34:9d:b8:f2:7c:
         d1:0d:04:d4:69:40:d5:69:67:5f:df:04:34:ff:75:4b:8f:e1:
         ed:c0:1e:bc:a7:17:fc:82:2e:cf:f5:f1:5c:c2:3d:f5:87:08:
         00:21:23:41:1e:40:2e:53:bc:db:72:78:44:11:13:8e:fb:9b:
         fa:84:9c:85
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzCbRFIJ+1lgVsJlq9eSeYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjE3ODhmZTIyMGU0NjQzNDY5MmQxY2M0MzcwNzJkNzky
ZDc4ODgwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzRmM2EzZTVkY2IyZTNjMGJjNDQ0NzFmNzAyMDBlY2E4Mzc3ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYMZIpcteWDItUYyZZeCYpDAapXL
jchc0Sb8LmywgMJ5Ldy2SV1DTKO315PzDXtYm4BHzEzmMHIBfjAMIq9BL1rBqYWM
huWN0lt6urRmv1DO9oYTZ8bAw3ZHrWRBWgX3+m31fGfst31eXtW3l9lCjNafAh0+
w38Yo8tYVszho8p5rHVwBwfvJuKVzDZ5PRedelYepGRgwdb0Sg9wQFxy4wwz5apO
59WXpnQ6rgjQB7/NWZnsXrq92y7C9Lta8Pyd6QV6FXgpfGRlM/XI2IcdEcHeeOUO
qHUuVUBQsKx96fM4Bq7/opcwh1kDGp4QDYHPU03SFR0X5fA3Vfu20csoKwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFENPOj5dyy48C8REcfcCAOyoN31tMB8GA1UdIwQY
MBaAFD6xeI/iIORkNGktHMQ3By15LXiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAt
ZDk1MDk0NzMwNzJjLzEvUTA4NlBsM0xMandMeEVSeDl3SUE3S2czZlcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAtZDk1MDk0NzMwNzJj
LzEvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAIAEH+AED
AAAwDQYJKoZIhvcNAQELBQADggEBAA0M2cNJi+O26PHOlTlvADh/vwwfJ/vkpg0P
Lf3lKIWHNNR2vQBtAIJVJsz62aI9n+Cl9UnVr06N7pzRYKZMJBcDcxpW3qDmWVs1
eVS8sG0nQUD2PNZ358UmKgB4X+qGMutbweM3DisfgjJgS44bOeEElgr/ghoVUfYQ
0BO/QnI3Au/A7BIHPTOs4+t+Ty7ziZB5fC4lpHrOt97Vxm37fT+CSOWimowMckwQ
8J5fmvgrbyhmQcGI3URtEaVUIl30my40nbjyfNENBNRpQNVpZ1/fBDT/dUuP4e3A
HrynF/yCLs/18VzCPfWHCAAhI0EeQC5TvNtyeEQRE477m/qEnIU=
-----END CERTIFICATE-----