Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/7PIP1FWXYDN1Eo6TpaT8Kz61Oe8.roa
File:                     7PIP1FWXYDN1Eo6TpaT8Kz61Oe8.roa (raw, json)
Hash identifier:          N4ORB3w7i0PmLXtF0Zpga/yxQAOvg4Gw0jXb4k2m+0s=
Subject key identifier:   EC:F2:0F:D4:55:97:60:33:75:12:8E:93:A5:A4:FC:2B:3E:B5:39:EF
Certificate issuer:       /CN=ac8a69ecb787cce9892dc65480463fb088b613df
Certificate serial:       018CCA293CDCA3723C16114A87689A6660C2
Authority key identifier: AC:8A:69:EC:B7:87:CC:E9:89:2D:C6:54:80:46:3F:B0:88:B6:13:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/7PIP1FWXYDN1Eo6TpaT8Kz61Oe8.roa
Signing time:             Tue 02 Jan 2024 12:32:29 +0000
ROA not before:           Tue 02 Jan 2024 12:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8481
IP address blocks:        2a02:158:ffff::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/rIpp7LeHzOmJLcZUgEY_sIi2E98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/rIpp7LeHzOmJLcZUgEY_sIi2E98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:3c:dc:a3:72:3c:16:11:4a:87:68:9a:66:60:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a69ecb787cce9892dc65480463fb088b613df
        Validity
            Not Before: Jan  2 12:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecf20fd45597603375128e93a5a4fc2b3eb539ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cc:a3:05:c5:54:6a:28:26:ef:e4:8c:38:7c:
                    3a:36:31:85:37:90:f4:96:aa:e2:66:6b:82:6a:98:
                    42:c9:ed:17:5f:c0:d7:5d:c1:ae:46:d3:42:46:6d:
                    7c:c9:68:13:69:e8:62:87:54:6a:ad:7f:cb:0b:04:
                    fd:42:2e:cc:44:69:19:28:1e:c1:f0:a4:bf:73:dc:
                    99:d4:ce:43:30:cd:25:87:b4:e9:7e:1b:b9:fe:d8:
                    9c:cc:2c:73:90:0b:30:48:ed:36:80:44:69:8c:78:
                    5a:35:d6:83:1f:86:d7:99:56:fc:5b:6c:5a:03:d6:
                    22:61:c6:72:74:d9:de:98:97:60:e2:a6:aa:66:85:
                    4b:33:e2:4c:d2:58:c7:6d:b3:c3:cb:fd:0e:32:f6:
                    e2:ff:f1:5c:dc:16:2e:7f:75:10:f3:64:a3:af:0a:
                    c1:d7:0c:a1:69:6e:07:b9:04:54:d6:4b:8c:bd:b8:
                    5b:0e:94:7d:06:30:21:33:4e:54:53:37:cc:31:80:
                    a5:90:f5:f2:b6:26:cb:91:1e:86:a9:73:fa:77:a0:
                    c1:ce:79:43:ee:21:ff:53:7d:8f:10:22:2b:a1:1a:
                    4c:d6:34:c4:20:49:57:6a:39:4c:8f:98:65:f2:d4:
                    48:af:95:f4:4c:45:50:42:97:1f:96:68:70:9c:2a:
                    03:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F2:0F:D4:55:97:60:33:75:12:8E:93:A5:A4:FC:2B:3E:B5:39:EF
            X509v3 Authority Key Identifier:
                keyid:AC:8A:69:EC:B7:87:CC:E9:89:2D:C6:54:80:46:3F:B0:88:B6:13:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/7PIP1FWXYDN1Eo6TpaT8Kz61Oe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/rIpp7LeHzOmJLcZUgEY_sIi2E98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:158:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:8d:8a:7d:78:f0:65:e4:fb:f9:ff:72:12:2a:a0:09:bf:85:
         0c:50:f7:97:c7:34:ba:39:92:3b:4e:0c:8d:96:4f:17:c4:a9:
         80:8f:8a:52:19:a2:8e:9e:b8:ab:15:13:cd:ba:a1:57:2b:b2:
         73:37:37:94:c2:10:5c:3a:74:bb:db:ea:8a:35:56:72:b4:24:
         43:f4:cb:f9:d4:56:47:ee:77:70:87:1e:43:02:68:7f:e2:e3:
         4a:4a:4a:e8:9a:77:1c:16:99:f7:2d:58:76:6c:31:94:5f:90:
         cb:fb:0e:eb:91:df:3c:0d:67:6d:54:a8:a7:4b:61:9b:8d:6f:
         fc:b2:0c:6c:2b:90:55:0f:b6:c8:1d:6d:0b:c5:75:05:09:9b:
         44:bd:02:6a:6c:cb:94:8b:86:fb:f8:46:92:5b:91:6c:aa:a3:
         01:d2:c3:87:dc:c1:e6:19:01:46:79:35:32:8d:c0:00:66:e7:
         e9:c0:49:69:ad:4a:91:11:ed:11:1d:8a:37:b2:17:53:10:e5:
         71:1d:fa:ef:eb:67:0b:17:1f:cd:39:55:c5:d5:0b:b0:3f:65:
         22:db:2c:f3:f3:99:b8:2c:be:5f:06:aa:58:bc:7b:e6:c5:b9:
         22:6e:e3:07:7b:72:55:d7:ee:aa:ef:12:4c:04:57:c7:44:0e:
         ce:6b:20:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKTzco3I8FhFKh2iaZmDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGE2OWVjYjc4N2NjZTk4OTJkYzY1NDgwNDYzZmIwODhi
NjEzZGYwHhcNMjQwMTAyMTIzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2YyMGZkNDU1OTc2MDMzNzUxMjhlOTNhNWE0ZmMyYjNlYjUzOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsyjBcVUaigm7+SMOHw6NjGFN5D0
lqriZmuCaphCye0XX8DXXcGuRtNCRm18yWgTaehih1RqrX/LCwT9Qi7MRGkZKB7B
8KS/c9yZ1M5DMM0lh7Tpfhu5/ticzCxzkAswSO02gERpjHhaNdaDH4bXmVb8W2xa
A9YiYcZydNnemJdg4qaqZoVLM+JM0ljHbbPDy/0OMvbi//Fc3BYuf3UQ82SjrwrB
1wyhaW4HuQRU1kuMvbhbDpR9BjAhM05UUzfMMYClkPXytibLkR6GqXP6d6DBznlD
7iH/U32PECIroRpM1jTEIElXajlMj5hl8tRIr5X0TEVQQpcflmhwnCoD1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOzyD9RVl2AzdRKOk6Wk/Cs+tTnvMB8GA1UdIwQY
MBaAFKyKaey3h8zpiS3GVIBGP7CIthPfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklwcDdMZUh6T21KTGNaVWdFWV9zSWkyRTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84N2RhZGYtMjlkOS00OWQzLThhYzYt
NGNjNDBmZmQ3OTZkLzEvN1BJUDFGV1hZRE4xRW82VHBhVDhLejYxT2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84N2RhZGYtMjlkOS00OWQzLThhYzYtNGNjNDBmZmQ3OTZk
LzEvcklwcDdMZUh6T21KTGNaVWdFWV9zSWkyRTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIBWP//
MA0GCSqGSIb3DQEBCwUAA4IBAQBUjYp9ePBl5Pv5/3ISKqAJv4UMUPeXxzS6OZI7
TgyNlk8XxKmAj4pSGaKOnrirFRPNuqFXK7JzNzeUwhBcOnS72+qKNVZytCRD9Mv5
1FZH7ndwhx5DAmh/4uNKSkromnccFpn3LVh2bDGUX5DL+w7rkd88DWdtVKinS2Gb
jW/8sgxsK5BVD7bIHW0LxXUFCZtEvQJqbMuUi4b7+EaSW5FsqqMB0sOH3MHmGQFG
eTUyjcAAZufpwElprUqREe0RHYo3shdTEOVxHfrv62cLFx/NOVXF1QuwP2Ui2yzz
85m4LL5fBqpYvHvmxbkibuMHe3JV1+6q7xJMBFfHRA7OayDp
-----END CERTIFICATE-----