Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/BGG7KTRMxBjpw3JBHlfwsft8Xy8.roa
File:                     BGG7KTRMxBjpw3JBHlfwsft8Xy8.roa (raw, json)
Hash identifier:          83qc4KluA8oQhp4VuQfW0BTn8gDqJlW3kEVoNCCs/KU=
Subject key identifier:   04:61:BB:29:34:4C:C4:18:E9:C3:72:41:1E:57:F0:B1:FB:7C:5F:2F
Certificate issuer:       /CN=e17a1a62248df879133c073ad562ad03a2b92fdc
Certificate serial:       018CC50128B16B2A41A36F63307D63F45CFF
Authority key identifier: E1:7A:1A:62:24:8D:F8:79:13:3C:07:3A:D5:62:AD:03:A2:B9:2F:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4XoaYiSN-HkTPAc61WKtA6K5L9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/BGG7KTRMxBjpw3JBHlfwsft8Xy8.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3301
IP address blocks:        2001:67c:1770::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4XoaYiSN-HkTPAc61WKtA6K5L9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:28:b1:6b:2a:41:a3:6f:63:30:7d:63:f4:5c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e17a1a62248df879133c073ad562ad03a2b92fdc
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0461bb29344cc418e9c372411e57f0b1fb7c5f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cb:8a:0e:e5:25:4d:52:a9:85:63:be:77:38:
                    9e:d4:c9:e4:f6:69:c8:50:d0:58:e6:85:72:9b:92:
                    08:e2:3b:5a:56:8f:e7:de:db:b3:ec:7f:14:a3:93:
                    7d:dd:93:ab:73:f6:1a:a3:cb:53:a7:cc:9f:4e:f5:
                    e7:9d:5c:9f:29:8d:14:b7:86:e7:c2:0c:99:66:8b:
                    25:e1:82:fa:da:06:d2:fd:2b:ac:ce:ed:2c:15:61:
                    a8:a5:5a:80:79:48:83:0b:82:19:c7:c9:03:ee:30:
                    29:8d:da:eb:40:d5:9f:a4:3b:97:78:65:56:83:8d:
                    46:4a:8e:40:e5:1f:64:5d:03:e5:59:4c:91:19:8a:
                    b8:c3:86:a9:db:fc:d7:57:28:93:a4:28:a0:c4:94:
                    11:5d:12:c0:ab:ac:06:a3:94:e8:f2:ef:43:f0:b6:
                    1d:b3:76:ea:c1:ab:03:33:c8:81:ec:b2:73:09:cb:
                    27:af:66:21:9f:60:2f:7d:e9:f4:51:cb:54:37:1f:
                    1c:3f:e8:45:69:c0:0f:45:e3:e4:78:ab:95:a3:5c:
                    7a:25:73:24:fe:98:fc:40:c3:fe:bd:27:ca:3d:29:
                    f0:d4:47:27:4b:98:93:19:a2:4b:b3:07:ac:89:15:
                    b3:e7:7c:7b:f7:72:5d:ec:be:ce:14:4d:cd:5c:fd:
                    19:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:61:BB:29:34:4C:C4:18:E9:C3:72:41:1E:57:F0:B1:FB:7C:5F:2F
            X509v3 Authority Key Identifier:
                keyid:E1:7A:1A:62:24:8D:F8:79:13:3C:07:3A:D5:62:AD:03:A2:B9:2F:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4XoaYiSN-HkTPAc61WKtA6K5L9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/BGG7KTRMxBjpw3JBHlfwsft8Xy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1770::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:b1:83:bf:70:9c:c9:0e:c0:b0:cb:57:c7:0c:56:03:d7:45:
         d7:32:24:aa:36:c6:5e:3c:cf:54:01:7e:a5:42:7e:ad:14:5e:
         3c:a2:91:2f:fe:cc:4e:f8:4a:c6:1e:e0:dc:8d:7c:39:da:df:
         d5:4a:b9:fc:d9:34:2c:6b:e8:64:79:b1:66:30:65:dc:2d:d9:
         46:60:4e:2b:86:18:db:20:73:13:c0:c3:e1:79:92:b4:8a:97:
         f5:b9:1f:36:d9:96:5f:25:9f:9a:47:66:8d:7c:05:b7:90:7a:
         e8:81:5c:51:3a:71:c5:de:02:62:c1:95:cf:ef:1f:1b:21:d8:
         da:d6:41:15:93:d7:ff:21:88:40:a4:40:a5:f3:94:e5:89:9d:
         4c:16:12:c8:04:ab:bc:a5:c6:20:ee:22:94:1a:3c:b6:f0:c0:
         ef:ee:a1:14:7a:58:6a:c4:ab:35:c5:12:07:42:79:75:0c:c3:
         5b:df:46:1a:25:95:8c:bf:a7:4e:f0:c2:4e:3d:83:a3:32:01:
         c5:71:c3:f0:e3:17:90:a2:94:4c:cb:43:44:57:46:5b:dc:00:
         f7:0a:2d:c2:55:7e:c0:ca:a8:fd:53:3b:07:98:4c:bc:05:e8:
         03:f6:dc:5f:ae:2d:3b:e0:5f:d9:d8:32:cb:3f:5d:0e:55:89:
         21:3f:9f:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFASixaypBo29jMH1j9Fz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxN2ExYTYyMjQ4ZGY4NzkxMzNjMDczYWQ1NjJhZDAzYTJi
OTJmZGMwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDYxYmIyOTM0NGNjNDE4ZTljMzcyNDExZTU3ZjBiMWZiN2M1ZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocuKDuUlTVKphWO+dzie1Mnk9mnI
UNBY5oVym5II4jtaVo/n3tuz7H8Uo5N93ZOrc/Yao8tTp8yfTvXnnVyfKY0Ut4bn
wgyZZosl4YL62gbS/Suszu0sFWGopVqAeUiDC4IZx8kD7jApjdrrQNWfpDuXeGVW
g41GSo5A5R9kXQPlWUyRGYq4w4ap2/zXVyiTpCigxJQRXRLAq6wGo5To8u9D8LYd
s3bqwasDM8iB7LJzCcsnr2Yhn2Avfen0UctUNx8cP+hFacAPRePkeKuVo1x6JXMk
/pj8QMP+vSfKPSnw1EcnS5iTGaJLswesiRWz53x793Jd7L7OFE3NXP0ZTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFARhuyk0TMQY6cNyQR5X8LH7fF8vMB8GA1UdIwQY
MBaAFOF6GmIkjfh5EzwHOtVirQOiuS/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFhvYVlpU04tSGtUUEFjNjFXS3RBNks1TDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8xMzBmZmYtOTdlMy00YWMwLWJkY2Qt
NWZkYzg3ZTZkMmEwLzEvQkdHN0tUUk14QmpwdzNKQkhsZndzZnQ4WHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8xMzBmZmYtOTdlMy00YWMwLWJkY2QtNWZkYzg3ZTZkMmEw
LzEvNFhvYVlpU04tSGtUUEFjNjFXS3RBNks1TDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBdw
MA0GCSqGSIb3DQEBCwUAA4IBAQCJsYO/cJzJDsCwy1fHDFYD10XXMiSqNsZePM9U
AX6lQn6tFF48opEv/sxO+ErGHuDcjXw52t/VSrn82TQsa+hkebFmMGXcLdlGYE4r
hhjbIHMTwMPheZK0ipf1uR822ZZfJZ+aR2aNfAW3kHrogVxROnHF3gJiwZXP7x8b
Idja1kEVk9f/IYhApECl85TliZ1MFhLIBKu8pcYg7iKUGjy28MDv7qEUelhqxKs1
xRIHQnl1DMNb30YaJZWMv6dO8MJOPYOjMgHFccPw4xeQopRMy0NEV0Zb3AD3Ci3C
VX7Ayqj9UzsHmEy8BegD9txfri074F/Z2DLLP10OVYkhP5+A
-----END CERTIFICATE-----