Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/vfYZzHur55SwofG7_Uj1prEqwoE.roa
File:                     vfYZzHur55SwofG7_Uj1prEqwoE.roa (raw, json)
Hash identifier:          TTprKhgEMRpczDrOA2mAF1XPbyi+YSfqJgpGP6QgzKM=
Subject key identifier:   BD:F6:19:CC:7B:AB:E7:94:B0:A1:F1:BB:FD:48:F5:A6:B1:2A:C2:81
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       018CC56E270EF3DA4C81271D9E8DF9FA91FC
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/vfYZzHur55SwofG7_Uj1prEqwoE.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212390
IP address blocks:        2a04:2b00:14dd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:27:0e:f3:da:4c:81:27:1d:9e:8d:f9:fa:91:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdf619cc7babe794b0a1f1bbfd48f5a6b12ac281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:66:cb:dc:8e:b1:98:d8:ec:ba:c2:89:a3:
                    2e:76:18:82:95:2a:37:94:8f:52:d4:5a:70:ab:0c:
                    2f:37:3c:9b:91:bd:b6:77:b9:16:d0:a7:7f:3b:22:
                    e8:06:22:c8:c4:7b:92:86:23:76:d5:00:ec:b6:cb:
                    b4:cf:a0:d6:e8:63:15:68:81:85:4a:77:6d:85:53:
                    95:db:74:05:33:40:54:71:00:6e:03:ee:e7:bd:1d:
                    3a:79:47:32:f5:09:c9:59:c1:5d:29:a0:f8:f4:65:
                    69:3f:66:8b:c0:ab:ed:5c:35:b2:94:03:bc:3a:d3:
                    d9:d8:ca:f3:32:9a:40:5d:82:98:61:b5:16:4c:e5:
                    1e:cb:15:b8:3f:6d:53:47:3d:4d:43:5d:ac:3f:c6:
                    7a:8f:e4:89:ef:2a:b5:44:75:49:00:cc:4a:e3:ac:
                    20:b7:09:33:c5:68:0d:f4:df:e0:fa:c3:12:4c:88:
                    3a:91:e1:7d:e9:1b:ac:1e:8e:7e:b0:89:fc:c2:9d:
                    8b:fd:90:be:ff:27:5d:d6:4b:fd:a6:d2:bc:3f:6b:
                    cf:25:78:32:56:3a:2f:24:51:95:92:a9:00:1e:fe:
                    7a:5d:d2:87:81:e3:6c:13:12:8d:b5:cd:b1:d6:97:
                    0c:c8:00:7b:59:42:d3:1e:77:f0:3b:92:55:df:73:
                    c1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F6:19:CC:7B:AB:E7:94:B0:A1:F1:BB:FD:48:F5:A6:B1:2A:C2:81
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/vfYZzHur55SwofG7_Uj1prEqwoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:14dd::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:bd:27:83:87:14:88:e6:05:d3:36:b8:84:0d:d4:32:27:40:
         3f:7e:c4:68:a4:31:76:af:00:c1:0a:a7:59:1d:f8:4d:c0:d4:
         1c:61:1b:21:4d:30:39:d8:5f:e2:fb:f8:2c:ad:bb:9c:22:b5:
         e9:6a:a9:bf:57:e2:39:b2:cf:0e:94:60:54:bc:10:0b:49:74:
         35:3f:58:bf:cd:7f:e9:93:3f:de:6a:c1:1d:ce:c4:e9:21:d4:
         85:a5:41:a6:46:82:12:01:1d:eb:0b:46:cb:59:e7:78:75:cd:
         95:b8:b4:82:16:76:85:9d:ad:bc:3c:da:fa:fb:5b:c2:6b:65:
         59:7a:51:9d:e8:98:6f:6f:4a:2f:26:fa:7e:69:e5:4a:cc:25:
         27:fa:3a:06:f8:62:bc:16:01:07:3d:4e:26:10:55:b0:2d:1f:
         6d:27:ce:e2:47:26:1b:5b:25:83:3e:e5:04:de:94:59:3f:45:
         2a:c8:5d:1f:a9:96:1c:d9:da:67:37:a3:f8:c4:47:77:8f:71:
         37:d2:2f:51:9e:c6:3b:80:65:93:19:7e:4d:92:75:b0:8b:00:
         c4:08:7f:02:ae:a6:69:81:a0:e5:32:f2:ab:dd:1c:ba:bc:2c:
         b9:44:60:45:5f:df:0f:0e:26:94:12:8e:3a:32:07:58:b8:97:
         7e:a7:e9:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbicO89pMgScdno35+pH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY2MTljYzdiYWJlNzk0YjBhMWYxYmJmZDQ4ZjVhNmIxMmFjMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJBmy9yOsZjY7LrCiaMudhiClSo3
lI9S1FpwqwwvNzybkb22d7kW0Kd/OyLoBiLIxHuShiN21QDstsu0z6DW6GMVaIGF
SndthVOV23QFM0BUcQBuA+7nvR06eUcy9QnJWcFdKaD49GVpP2aLwKvtXDWylAO8
OtPZ2MrzMppAXYKYYbUWTOUeyxW4P21TRz1NQ12sP8Z6j+SJ7yq1RHVJAMxK46wg
twkzxWgN9N/g+sMSTIg6keF96RusHo5+sIn8wp2L/ZC+/ydd1kv9ptK8P2vPJXgy
VjovJFGVkqkAHv56XdKHgeNsExKNtc2x1pcMyAB7WULTHnfwO5JV33PBswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL32Gcx7q+eUsKHxu/1I9aaxKsKBMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvdmZZWnpIdXI1NVN3b2ZHN19VajFwckVxd29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQrABTd
MA0GCSqGSIb3DQEBCwUAA4IBAQA5vSeDhxSI5gXTNriEDdQyJ0A/fsRopDF2rwDB
CqdZHfhNwNQcYRshTTA52F/i+/gsrbucIrXpaqm/V+I5ss8OlGBUvBALSXQ1P1i/
zX/pkz/easEdzsTpIdSFpUGmRoISAR3rC0bLWed4dc2VuLSCFnaFna28PNr6+1vC
a2VZelGd6Jhvb0ovJvp+aeVKzCUn+joG+GK8FgEHPU4mEFWwLR9tJ87iRyYbWyWD
PuUE3pRZP0UqyF0fqZYc2dpnN6P4xEd3j3E30i9RnsY7gGWTGX5NknWwiwDECH8C
rqZpgaDlMvKr3Ry6vCy5RGBFX98PDiaUEo46MgdYuJd+p+mz
-----END CERTIFICATE-----