Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/BFT3mzIFYbu0lFDdlKkjSuP_RxY.roa
File:                     BFT3mzIFYbu0lFDdlKkjSuP_RxY.roa (raw, json)
Hash identifier:          1l8cCw5+OSabGpEEamt5IwLnWM3nK36VI2gHTmjR4NI=
Subject key identifier:   04:54:F7:9B:32:05:61:BB:B4:94:50:DD:94:A9:23:4A:E3:FF:47:16
Certificate issuer:       /CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
Certificate serial:       018CCA2A1E239D94D9B4E59263923E31FAFE
Authority key identifier: 81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/BFT3mzIFYbu0lFDdlKkjSuP_RxY.roa
Signing time:             Tue 02 Jan 2024 12:33:26 +0000
ROA not before:           Tue 02 Jan 2024 12:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213204
IP address blocks:        2a0f:3784:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1e:23:9d:94:d9:b4:e5:92:63:92:3e:31:fa:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
        Validity
            Not Before: Jan  2 12:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0454f79b320561bbb49450dd94a9234ae3ff4716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e8:d6:96:9c:97:7f:31:a4:26:2f:8a:ac:0f:
                    e1:68:d9:67:1f:b0:9c:35:35:a8:39:14:c7:60:38:
                    52:2f:d6:fd:32:6f:70:65:65:0c:65:1d:7c:d2:62:
                    76:ab:0f:97:ca:53:c2:4e:0f:af:97:d8:ab:ff:ff:
                    5b:38:de:f3:8c:ca:16:98:1b:ba:42:2a:50:9e:7e:
                    30:62:74:bf:93:d1:f8:5e:b2:cd:94:5f:b4:ad:c2:
                    1e:ce:c9:a2:84:5c:f3:8a:d2:25:c1:cc:f2:48:5e:
                    79:bc:50:87:d8:8d:d6:9e:df:96:71:a5:0f:6c:3b:
                    e0:08:6d:36:fc:e2:d3:ed:da:2f:29:be:e2:bd:9a:
                    b3:c7:3c:ab:11:88:c2:89:43:ad:2f:01:18:26:42:
                    e9:de:e8:72:0e:c0:aa:8d:b1:83:5a:f7:5b:da:fe:
                    7c:56:0f:fa:ab:8e:4b:71:90:a5:7e:d4:34:19:90:
                    7c:3d:e7:03:ec:49:c6:c0:de:a1:dd:02:2a:89:a1:
                    34:8e:ba:29:eb:fc:73:cd:52:1d:ae:38:ee:ca:b3:
                    60:68:eb:85:05:45:13:01:cc:df:8a:a9:66:ed:41:
                    ce:67:81:9e:27:68:cd:cd:4f:3c:1f:63:af:fe:7f:
                    4b:ff:7b:da:b2:f7:3e:de:c4:c4:4e:f6:ae:6c:40:
                    ee:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:54:F7:9B:32:05:61:BB:B4:94:50:DD:94:A9:23:4A:E3:FF:47:16
            X509v3 Authority Key Identifier:
                keyid:81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/BFT3mzIFYbu0lFDdlKkjSuP_RxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3784:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         5e:22:16:bb:c2:30:34:54:6b:4d:c5:0f:08:b5:2a:1f:86:b5:
         98:3b:c8:7c:ba:19:ff:e0:15:b5:97:c1:ac:d9:21:29:01:a6:
         aa:83:7d:02:18:9c:97:b7:f5:8e:42:ce:5b:66:fe:dc:a9:cc:
         41:92:d5:6a:b2:e9:fa:7e:94:f0:2b:80:92:83:cd:5e:61:c1:
         17:c0:9d:da:15:5d:b0:31:72:f6:b9:45:37:9e:b9:61:e4:b1:
         4d:2a:0d:cb:64:92:49:50:d9:ca:9a:ac:e3:0c:fe:fd:f9:f6:
         a5:92:33:49:24:ed:6a:81:11:77:9b:70:11:20:21:3b:56:68:
         f5:27:5e:19:7c:89:72:0f:d0:12:1d:51:33:d1:65:03:e7:ab:
         b9:b5:f5:8f:48:39:a3:ff:e9:5d:c8:e8:1a:4a:73:c4:a3:10:
         f7:a8:26:24:85:5f:2b:4e:2f:65:10:68:c8:58:33:96:d1:8b:
         32:e0:9e:d5:55:56:e0:10:c7:64:c8:ec:15:e9:82:71:02:aa:
         ae:db:0d:71:b7:e3:9b:5c:bc:03:58:78:38:0d:3f:a8:d0:c1:
         13:3b:e7:9a:39:f8:23:17:3b:e3:6e:58:dc:68:e1:e6:4b:4a:
         95:3c:66:97:f2:f7:06:fe:04:cb:dc:17:20:b0:fa:62:df:8a:
         7d:74:79:00
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKh4jnZTZtOWSY5I+Mfr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMzNkODljMDZhOGExY2M5ZGJjMzYyMjAxZjdlYzU1OWQ3
ZmRkNDgwHhcNMjQwMTAyMTIzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDU0Zjc5YjMyMDU2MWJiYjQ5NDUwZGQ5NGE5MjM0YWUzZmY0NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOjWlpyXfzGkJi+KrA/haNlnH7Cc
NTWoORTHYDhSL9b9Mm9wZWUMZR180mJ2qw+XylPCTg+vl9ir//9bON7zjMoWmBu6
QipQnn4wYnS/k9H4XrLNlF+0rcIezsmihFzzitIlwczySF55vFCH2I3Wnt+WcaUP
bDvgCG02/OLT7dovKb7ivZqzxzyrEYjCiUOtLwEYJkLp3uhyDsCqjbGDWvdb2v58
Vg/6q45LcZClftQ0GZB8PecD7EnGwN6h3QIqiaE0jrop6/xzzVIdrjjuyrNgaOuF
BUUTAczfiqlm7UHOZ4GeJ2jNzU88H2Ov/n9L/3vasvc+3sTETvaubEDuqQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFARU95syBWG7tJRQ3ZSpI0rj/0cWMB8GA1UdIwQY
MBaAFIEz2JwGqKHMnbw2IgH37FWdf91IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEt
YzVmZWJlNDg3YzQwLzEvQkZUM216SUZZYnUwbEZEZGxLa2pTdVBfUnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEtYzVmZWJlNDg3YzQw
LzEvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg83hAEw
DQYJKoZIhvcNAQELBQADggEBAF4iFrvCMDRUa03FDwi1Kh+GtZg7yHy6Gf/gFbWX
wazZISkBpqqDfQIYnJe39Y5Czltm/typzEGS1Wqy6fp+lPArgJKDzV5hwRfAndoV
XbAxcva5RTeeuWHksU0qDctkkklQ2cqarOMM/v359qWSM0kk7WqBEXebcBEgITtW
aPUnXhl8iXIP0BIdUTPRZQPnq7m19Y9IOaP/6V3I6BpKc8SjEPeoJiSFXytOL2UQ
aMhYM5bRizLgntVVVuAQx2TI7BXpgnECqq7bDXG345tcvANYeDgNP6jQwRM755o5
+CMXO+NuWNxo4eZLSpU8Zpfy9wb+BMvcFyCw+mLfin10eQA=
-----END CERTIFICATE-----