Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/hPEtXs323fx0LX0Y9AdSvpcWiPg.roa
File:                     hPEtXs323fx0LX0Y9AdSvpcWiPg.roa (raw, json)
Hash identifier:          fbLm/1wvMKupP5ReKGjKyucGKpeARahIGnbRrmU0Aa8=
Subject key identifier:   84:F1:2D:5E:CD:F6:DD:FC:74:2D:7D:18:F4:07:52:BE:97:16:88:F8
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       018CC56E261950E35D5651C069A06B965C97
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/hPEtXs323fx0LX0Y9AdSvpcWiPg.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207021
IP address blocks:        2a04:2b00:14dd::/48 maxlen: 48
                          2a04:2b00:14ee::/48 maxlen: 48
                          2a04:2b00:14cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:26:19:50:e3:5d:56:51:c0:69:a0:6b:96:5c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84f12d5ecdf6ddfc742d7d18f40752be971688f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:75:81:45:73:0b:17:d4:2e:68:34:a5:4d:ec:
                    c1:34:96:5e:bd:9b:d4:c3:b4:ac:72:43:e7:e7:61:
                    f4:f8:16:41:63:15:7a:1b:51:1c:8c:c9:9f:c2:6f:
                    26:4e:47:99:3c:a0:54:08:81:4c:ee:01:0f:25:93:
                    43:46:9a:0b:41:b9:53:ea:93:cf:9d:d6:d2:06:68:
                    a6:14:45:80:48:c8:74:63:38:50:58:93:d5:a5:b4:
                    66:b8:7f:79:4e:56:f1:50:61:0f:51:87:f7:20:24:
                    92:1f:4e:b0:2d:d1:19:a4:b6:7f:7c:33:e0:c4:91:
                    d4:e6:57:ad:e0:ac:bb:d8:23:90:d0:f6:39:19:7b:
                    dd:b4:fc:81:5f:2c:4a:99:ef:50:c9:df:6a:35:a3:
                    50:47:f3:7b:36:51:c8:bd:3b:27:34:46:51:10:fe:
                    f0:ee:d8:e9:ff:05:7c:c7:c4:48:e3:92:e8:f2:e6:
                    00:4a:f8:87:a6:cc:82:c6:0a:48:a2:c0:96:3a:e1:
                    7e:1c:ac:ce:68:99:7e:79:cd:8c:c3:e6:e8:5f:84:
                    e7:1b:6b:af:2a:89:44:dd:5d:0d:5e:d3:f6:0b:db:
                    9c:35:b9:6a:20:89:57:a8:44:09:7c:48:eb:f1:52:
                    a6:a2:f1:9a:5f:b9:0b:2f:2d:eb:8e:e4:4e:14:92:
                    df:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F1:2D:5E:CD:F6:DD:FC:74:2D:7D:18:F4:07:52:BE:97:16:88:F8
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/hPEtXs323fx0LX0Y9AdSvpcWiPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:14cc::/48
                  2a04:2b00:14dd::/48
                  2a04:2b00:14ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:db:80:85:a4:3c:7f:4d:3e:c7:06:6d:a1:35:a3:1b:eb:a0:
         13:62:6c:7e:84:89:bd:77:dc:05:9b:56:51:15:6c:2d:c9:7c:
         4a:4c:c6:84:f3:24:c9:8e:2f:53:98:46:13:69:c1:2b:3d:1d:
         ee:82:bb:bb:ec:31:a3:23:61:cf:ff:66:39:21:46:ea:a3:c5:
         ed:75:86:5d:e7:43:d5:a6:85:bd:95:05:fa:97:45:10:23:4d:
         8f:4a:ec:e8:f7:06:03:f1:b3:6b:63:60:30:38:c5:eb:f7:d1:
         87:21:b0:17:09:f0:c9:07:b0:ee:2b:05:c6:70:d1:66:f1:34:
         96:fa:c2:36:6e:bf:79:e9:5b:10:c6:c7:59:d5:32:89:6d:93:
         9e:73:e3:6b:42:cc:b8:fc:57:a1:87:b0:63:cf:2b:23:41:c7:
         4b:46:c0:38:3c:21:40:22:50:d1:6e:e5:fa:00:b9:fc:75:72:
         48:aa:13:c2:23:3f:75:50:3d:cb:db:95:93:b5:b0:61:35:e2:
         0f:2c:f3:06:2a:70:f0:e9:56:d2:fd:0a:60:15:be:15:de:29:
         de:9a:af:50:97:aa:60:38:ea:5d:e5:86:00:8a:b7:83:49:20:
         49:aa:e6:2f:cd:b0:9c:eb:2a:d1:9d:c0:c0:59:4b:c2:b5:3a:
         2c:49:dd:6f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbiYZUONdVlHAaaBrllyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGYxMmQ1ZWNkZjZkZGZjNzQyZDdkMThmNDA3NTJiZTk3MTY4OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHWBRXMLF9QuaDSlTezBNJZevZvU
w7SsckPn52H0+BZBYxV6G1EcjMmfwm8mTkeZPKBUCIFM7gEPJZNDRpoLQblT6pPP
ndbSBmimFEWASMh0YzhQWJPVpbRmuH95TlbxUGEPUYf3ICSSH06wLdEZpLZ/fDPg
xJHU5let4Ky72COQ0PY5GXvdtPyBXyxKme9Qyd9qNaNQR/N7NlHIvTsnNEZREP7w
7tjp/wV8x8RI45Lo8uYASviHpsyCxgpIosCWOuF+HKzOaJl+ec2Mw+boX4TnG2uv
KolE3V0NXtP2C9ucNblqIIlXqEQJfEjr8VKmovGaX7kLLy3rjuROFJLfuwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFITxLV7N9t38dC19GPQHUr6XFoj4MB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvaFBFdFhzMzIzZngwTFgwWTlBZFN2cGNXaVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgQrABTM
AwcAKgQrABTdAwcAKgQrABTuMA0GCSqGSIb3DQEBCwUAA4IBAQA924CFpDx/TT7H
Bm2hNaMb66ATYmx+hIm9d9wFm1ZRFWwtyXxKTMaE8yTJji9TmEYTacErPR3ugru7
7DGjI2HP/2Y5IUbqo8XtdYZd50PVpoW9lQX6l0UQI02PSuzo9wYD8bNrY2AwOMXr
99GHIbAXCfDJB7DuKwXGcNFm8TSW+sI2br956VsQxsdZ1TKJbZOec+NrQsy4/Feh
h7BjzysjQcdLRsA4PCFAIlDRbuX6ALn8dXJIqhPCIz91UD3L25WTtbBhNeIPLPMG
KnDw6VbS/QpgFb4V3inemq9Ql6pgOOpd5YYAireDSSBJquYvzbCc6yrRncDAWUvC
tTosSd1v
-----END CERTIFICATE-----