Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/lHHU7U-KKAvnkVsGIgg-xZjjoyc.roa
File:                     lHHU7U-KKAvnkVsGIgg-xZjjoyc.roa (raw, json)
Hash identifier:          /vtbubbVS9NzgwyVLOVQnntiOS9LXWjL/EWe+h1ozFk=
Subject key identifier:   94:71:D4:ED:4F:8A:28:0B:E7:91:5B:06:22:08:3E:C5:98:E3:A3:27
Certificate issuer:       /CN=2631166de785a3531bdc8361f1190a8369a7ed6a
Certificate serial:       018CC8DE911B67C113D4CC12EFAB074BDB47
Authority key identifier: 26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/lHHU7U-KKAvnkVsGIgg-xZjjoyc.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        2a03:3f40:d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:91:1b:67:c1:13:d4:cc:12:ef:ab:07:4b:db:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2631166de785a3531bdc8361f1190a8369a7ed6a
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9471d4ed4f8a280be7915b0622083ec598e3a327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4d:d3:62:37:de:69:81:41:51:48:b6:60:2f:
                    c1:04:56:63:5b:eb:43:5d:66:e9:f2:97:7d:38:5e:
                    68:96:52:f4:6a:ad:48:79:f0:56:61:85:98:19:69:
                    1f:72:2d:c3:ca:1e:29:4c:88:85:ce:c4:bf:7f:a7:
                    a9:e6:aa:7c:c1:78:9e:81:39:2d:c4:98:4a:80:64:
                    5a:5f:f2:ae:d3:27:fd:58:59:ef:87:62:5e:da:31:
                    b5:bd:1b:3a:49:e4:95:f0:74:b6:42:44:3a:9d:5a:
                    16:d0:12:84:1a:d2:40:20:ed:be:1f:14:2a:49:ea:
                    64:f0:af:6a:50:2c:42:69:6b:9a:dc:56:d1:96:15:
                    52:ba:91:70:15:fe:13:77:6b:5b:66:0c:98:9e:5d:
                    af:0b:de:93:91:7f:36:28:c4:21:52:ef:2e:fb:71:
                    1c:b5:11:b4:8b:dd:7c:78:0b:14:aa:8c:8f:6b:02:
                    d3:b2:6b:e8:df:15:18:b7:ef:f3:18:fb:09:5f:73:
                    e5:02:13:66:1d:a9:df:b6:7e:66:29:d8:f8:13:32:
                    d6:be:9d:99:d0:ba:1f:d9:08:df:dd:10:0c:28:fa:
                    6c:78:1e:71:8e:09:ce:9f:a2:5d:f2:74:c8:90:74:
                    2e:71:c1:e7:ac:c4:1a:10:94:70:be:7c:f3:1c:1e:
                    47:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:71:D4:ED:4F:8A:28:0B:E7:91:5B:06:22:08:3E:C5:98:E3:A3:27
            X509v3 Authority Key Identifier:
                keyid:26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/lHHU7U-KKAvnkVsGIgg-xZjjoyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:3f40:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:41:fc:ee:59:dd:09:8d:c2:a0:64:d0:a7:85:72:54:f2:a7:
         6f:ce:cc:78:52:69:d0:63:11:92:c4:55:78:f1:fa:da:13:99:
         c3:30:ad:62:3e:ec:ef:03:92:93:56:1d:d4:b5:54:e2:54:93:
         56:a5:ac:08:f8:4f:36:b6:6e:41:01:bc:48:43:28:2e:fd:b7:
         f6:24:b9:da:db:71:25:c7:06:ba:1a:51:ae:a4:d6:47:aa:1c:
         11:c4:95:54:64:15:47:75:13:25:05:22:c8:c2:34:f8:ab:af:
         e1:40:8e:16:fb:16:79:5d:ed:af:e7:b5:fa:40:85:0f:4c:9d:
         c1:94:a4:8b:3e:af:24:f7:0c:f6:09:cc:13:e4:a1:1b:97:34:
         10:d1:d4:46:ef:70:f9:40:bd:68:1d:46:2e:43:2a:f2:f5:cb:
         5f:04:e1:f2:ec:77:17:78:8e:f3:73:bc:89:b7:cc:5f:1b:10:
         b1:15:ee:6f:49:d1:1a:1c:1e:44:42:52:d1:1f:cb:46:01:7e:
         29:75:4e:fe:79:9a:0f:a4:ac:1d:a4:ac:a0:82:df:df:4e:39:
         f8:93:fa:48:de:e2:df:90:10:16:c7:19:c3:18:06:68:3f:9d:
         ad:0e:28:ad:dd:ef:19:12:ba:91:15:65:04:3a:78:fa:5d:a2:
         08:22:77:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3pEbZ8ET1MwS76sHS9tHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MzExNjZkZTc4NWEzNTMxYmRjODM2MWYxMTkwYTgzNjlh
N2VkNmEwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDcxZDRlZDRmOGEyODBiZTc5MTViMDYyMjA4M2VjNTk4ZTNhMzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw03TYjfeaYFBUUi2YC/BBFZjW+tD
XWbp8pd9OF5ollL0aq1IefBWYYWYGWkfci3Dyh4pTIiFzsS/f6ep5qp8wXiegTkt
xJhKgGRaX/Ku0yf9WFnvh2Je2jG1vRs6SeSV8HS2QkQ6nVoW0BKEGtJAIO2+HxQq
Sepk8K9qUCxCaWua3FbRlhVSupFwFf4Td2tbZgyYnl2vC96TkX82KMQhUu8u+3Ec
tRG0i918eAsUqoyPawLTsmvo3xUYt+/zGPsJX3PlAhNmHanftn5mKdj4EzLWvp2Z
0Lof2Qjf3RAMKPpseB5xjgnOn6Jd8nTIkHQuccHnrMQaEJRwvnzzHB5HuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJRx1O1PiigL55FbBiIIPsWY46MnMB8GA1UdIwQY
MBaAFCYxFm3nhaNTG9yDYfEZCoNpp+1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUt
Yjg5YTI2MTk5OTc2LzEvbEhIVTdVLUtLQXZua1ZzR0lnZy14Wmpqb3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUtYjg5YTI2MTk5OTc2
LzEvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgM/QAAN
MA0GCSqGSIb3DQEBCwUAA4IBAQAvQfzuWd0JjcKgZNCnhXJU8qdvzsx4UmnQYxGS
xFV48fraE5nDMK1iPuzvA5KTVh3UtVTiVJNWpawI+E82tm5BAbxIQygu/bf2JLna
23Elxwa6GlGupNZHqhwRxJVUZBVHdRMlBSLIwjT4q6/hQI4W+xZ5Xe2v57X6QIUP
TJ3BlKSLPq8k9wz2CcwT5KEblzQQ0dRG73D5QL1oHUYuQyry9ctfBOHy7HcXeI7z
c7yJt8xfGxCxFe5vSdEaHB5EQlLRH8tGAX4pdU7+eZoPpKwdpKyggt/fTjn4k/pI
3uLfkBAWxxnDGAZoP52tDiit3e8ZErqRFWUEOnj6XaIIIncW
-----END CERTIFICATE-----