Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/c1vDNoLQsNBPXPx23w5qLEGZixc.roa
File:                     c1vDNoLQsNBPXPx23w5qLEGZixc.roa (raw, json)
Hash identifier:          D0WczTmqQRgZDYQtGCzha7hD3xeNR+mjSS+pcK7S97U=
Subject key identifier:   73:5B:C3:36:82:D0:B0:D0:4F:5C:FC:76:DF:0E:6A:2C:41:99:8B:17
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018EC9F42ECF0F95F8766A13FA6EFBF5CE6B
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/c1vDNoLQsNBPXPx23w5qLEGZixc.roa
Signing time:             Wed 10 Apr 2024 21:40:06 +0000
ROA not before:           Wed 10 Apr 2024 21:40:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48752
IP address blocks:        2a0a:79c7:ff00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:f4:2e:cf:0f:95:f8:76:6a:13:fa:6e:fb:f5:ce:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Apr 10 21:40:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=735bc33682d0b0d04f5cfc76df0e6a2c41998b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c7:dd:5f:ca:13:ff:d2:ee:fe:3f:1b:ad:49:
                    df:79:93:c6:c1:1f:52:99:2b:f2:c5:28:9a:52:f5:
                    27:6f:99:2e:5b:b6:8b:2d:e1:20:46:f2:4d:3d:ca:
                    1a:1e:4c:72:76:df:36:ac:7b:9e:9d:31:46:29:dc:
                    7a:b2:70:bd:dc:c3:12:e2:e9:0e:95:41:11:e7:91:
                    3f:d1:be:b9:22:94:43:1c:20:e0:70:c4:46:81:3b:
                    d0:0b:4b:7d:29:23:7a:e3:9c:b1:5f:ad:91:d6:bf:
                    c2:95:26:21:c6:f5:a6:73:87:d5:2c:cd:e1:77:b4:
                    c4:34:b7:f4:ae:95:81:e2:85:bf:44:8d:41:be:9a:
                    0e:00:73:aa:4b:16:3a:c8:6a:8e:21:ab:70:61:4b:
                    08:4b:f5:cf:07:76:34:70:28:e3:5a:16:95:29:c8:
                    7f:8c:7b:88:a6:a6:7f:2a:50:cc:d4:ae:ad:f7:fd:
                    0e:f6:a7:ba:5e:25:8a:76:a8:19:a2:b4:e5:fb:ff:
                    52:1b:aa:05:3b:11:01:c9:cf:d2:e2:f5:d7:44:af:
                    b8:57:21:11:fe:bc:41:81:97:7e:34:e0:47:6c:7c:
                    e4:ae:d9:ef:5b:e8:37:87:8e:90:3f:b7:a8:2e:c2:
                    e2:49:7d:40:d5:75:92:89:7a:fe:7d:48:c3:3b:9c:
                    95:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:5B:C3:36:82:D0:B0:D0:4F:5C:FC:76:DF:0E:6A:2C:41:99:8B:17
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/c1vDNoLQsNBPXPx23w5qLEGZixc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c7:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         b6:20:e0:47:1f:31:5e:a7:f9:73:a2:09:7b:f0:7f:55:0f:71:
         d2:ab:38:a7:da:c5:65:79:96:e2:ff:53:e4:e9:f1:2a:f6:a6:
         21:f1:c0:40:0f:70:7b:21:9d:10:62:7c:e0:48:27:98:6c:bf:
         73:a9:64:f4:ca:05:c8:48:a0:43:c9:44:b5:49:f0:16:88:6d:
         69:68:d0:a8:b3:c0:2c:d2:92:86:9f:36:5c:20:eb:a0:66:48:
         f6:ed:57:27:4e:58:64:16:91:b5:09:0f:e9:42:a6:99:9e:50:
         59:92:5e:25:1d:27:53:8e:3f:24:7c:9a:ad:16:a6:59:2e:1b:
         c9:d5:84:8d:6e:37:7e:bc:97:84:67:04:ef:f0:02:8a:2e:9b:
         ad:a3:5c:19:c4:e8:fc:37:a0:13:f9:67:9b:18:5e:bb:59:aa:
         61:b7:4f:68:95:0d:8b:54:4d:51:28:8e:7d:09:43:4c:75:59:
         3b:4f:a3:92:4f:d9:e7:f7:5c:0a:13:83:82:30:f2:6d:a1:f7:
         5c:32:69:d3:b5:90:2c:3b:03:6a:b7:be:35:26:08:40:34:15:
         27:fc:26:d5:04:61:06:70:0e:73:62:86:45:97:93:ed:2d:ac:
         03:bf:6e:4b:07:4b:ae:b5:32:be:1c:e3:b9:42:fa:64:95:09:
         b8:e7:6f:d8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY7J9C7PD5X4dmoT+m779c5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwNDEwMjE0MDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzViYzMzNjgyZDBiMGQwNGY1Y2ZjNzZkZjBlNmEyYzQxOTk4YjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsfdX8oT/9Lu/j8brUnfeZPGwR9S
mSvyxSiaUvUnb5kuW7aLLeEgRvJNPcoaHkxydt82rHuenTFGKdx6snC93MMS4ukO
lUER55E/0b65IpRDHCDgcMRGgTvQC0t9KSN645yxX62R1r/ClSYhxvWmc4fVLM3h
d7TENLf0rpWB4oW/RI1BvpoOAHOqSxY6yGqOIatwYUsIS/XPB3Y0cCjjWhaVKch/
jHuIpqZ/KlDM1K6t9/0O9qe6XiWKdqgZorTl+/9SG6oFOxEByc/S4vXXRK+4VyER
/rxBgZd+NOBHbHzkrtnvW+g3h46QP7eoLsLiSX1A1XWSiXr+fUjDO5yVUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHNbwzaC0LDQT1z8dt8OaixBmYsXMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvYzF2RE5vTFFzTkJQWFB4MjN3NXFMRUdaaXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgp5x/8w
DQYJKoZIhvcNAQELBQADggEBALYg4EcfMV6n+XOiCXvwf1UPcdKrOKfaxWV5luL/
U+Tp8Sr2piHxwEAPcHshnRBifOBIJ5hsv3OpZPTKBchIoEPJRLVJ8BaIbWlo0Kiz
wCzSkoafNlwg66BmSPbtVydOWGQWkbUJD+lCppmeUFmSXiUdJ1OOPyR8mq0Wplku
G8nVhI1uN368l4RnBO/wAooum62jXBnE6Pw3oBP5Z5sYXrtZqmG3T2iVDYtUTVEo
jn0JQ0x1WTtPo5JP2ef3XAoTg4Iw8m2h91wyadO1kCw7A2q3vjUmCEA0FSf8JtUE
YQZwDnNihkWXk+0trAO/bksHS661Mr4c47lC+mSVCbjnb9g=
-----END CERTIFICATE-----