Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/FvvAu6_0b-lPRXLBBSNnLaIjY2Q.roa
File:                     FvvAu6_0b-lPRXLBBSNnLaIjY2Q.roa (raw, json)
Hash identifier:          Hpd1rNzVdG5A3iV76Xl6sANfFb+2Hcj7TdlyEDIYw/w=
Subject key identifier:   16:FB:C0:BB:AF:F4:6F:E9:4F:45:72:C1:05:23:67:2D:A2:23:63:64
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       018CC86F5860CB8389F3D51182E8E9B60975
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/FvvAu6_0b-lPRXLBBSNnLaIjY2Q.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39765
IP address blocks:        2a0b:b600:3c02::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:58:60:cb:83:89:f3:d5:11:82:e8:e9:b6:09:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16fbc0bbaff46fe94f4572c10523672da2236364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9b:f6:9a:37:f3:ba:0d:45:67:c3:f2:47:30:
                    24:95:a0:2f:c6:2f:81:52:29:57:8a:7c:d0:99:b9:
                    30:13:3b:32:6e:e2:0c:4d:68:3b:2e:1a:3e:e9:c3:
                    2c:cd:20:4c:a8:8f:6f:13:f9:70:3e:9b:1c:a5:70:
                    57:b7:b5:6f:16:65:b9:d2:65:b2:0c:be:8f:d3:b2:
                    65:e3:fb:ad:6b:51:87:fe:00:71:47:44:b1:74:e4:
                    de:b0:a3:01:21:f4:91:6c:1a:8e:85:50:9a:47:27:
                    f2:86:63:ac:f7:82:14:27:da:34:f1:85:b7:d2:d0:
                    64:57:12:58:a1:1b:37:92:e3:ff:bd:1c:5c:82:7a:
                    2f:6d:f3:11:01:11:54:17:95:5e:86:01:86:23:49:
                    87:05:cf:83:9d:92:f2:a7:14:40:06:33:44:0f:e7:
                    66:62:ad:68:ca:6e:df:84:8e:22:50:67:06:a1:7f:
                    fb:7d:5d:c5:61:53:5e:58:d0:88:bb:23:96:b8:f1:
                    52:cd:40:d7:fc:07:93:0f:2a:73:53:ec:29:33:74:
                    91:09:b2:41:4f:ec:02:3d:32:32:f6:20:08:c1:75:
                    9e:9a:b9:44:70:74:63:26:99:02:df:f7:d3:37:57:
                    5c:e4:0c:1b:da:ef:4e:ea:f2:f1:1c:89:66:55:36:
                    50:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:FB:C0:BB:AF:F4:6F:E9:4F:45:72:C1:05:23:67:2D:A2:23:63:64
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/FvvAu6_0b-lPRXLBBSNnLaIjY2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:3c02::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:74:20:b2:ca:1b:03:58:6e:53:60:72:5a:0e:b7:91:ad:f0:
         06:d2:7b:2d:3c:89:a4:57:29:d5:85:ba:bd:b8:8d:61:50:ff:
         7e:97:14:79:50:63:93:12:23:a8:31:2f:04:13:de:4a:c4:94:
         4a:a1:fd:43:c9:45:5e:03:d4:f0:b9:76:98:e9:0a:06:0d:d4:
         75:5f:04:07:c9:5d:8c:b9:c0:7c:bc:18:20:51:62:ae:8c:e4:
         05:51:65:d1:a7:a5:ce:91:74:70:db:fb:6c:9e:6f:18:2f:cc:
         20:36:70:3e:e9:4d:12:f5:48:65:2d:25:ad:88:c6:54:55:de:
         33:47:36:49:ce:32:e4:b3:25:23:39:5b:b5:8b:ee:a2:18:5b:
         bb:16:4e:fd:38:1d:ed:12:aa:e5:8b:97:65:91:f4:20:78:12:
         40:dc:d1:bc:0f:ae:67:c9:cf:b9:9b:cc:e9:29:90:bc:38:07:
         61:4b:d5:0a:c6:69:50:de:44:52:52:97:fb:93:0b:7c:14:6a:
         3c:79:9a:5b:be:ba:55:1a:94:7d:77:e0:c9:0b:5d:36:f2:d8:
         21:ee:82:fd:64:04:c3:ec:55:ba:0c:30:d4:9d:f6:20:3c:36:
         b5:b5:19:f2:f1:21:25:88:af:84:f7:b7:06:44:7d:cb:f7:10:
         b5:2d:42:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb1hgy4OJ89URgujptgl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmZiYzBiYmFmZjQ2ZmU5NGY0NTcyYzEwNTIzNjcyZGEyMjM2MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5v2mjfzug1FZ8PyRzAklaAvxi+B
UilXinzQmbkwEzsybuIMTWg7Lho+6cMszSBMqI9vE/lwPpscpXBXt7VvFmW50mWy
DL6P07Jl4/uta1GH/gBxR0SxdOTesKMBIfSRbBqOhVCaRyfyhmOs94IUJ9o08YW3
0tBkVxJYoRs3kuP/vRxcgnovbfMRARFUF5VehgGGI0mHBc+DnZLypxRABjNED+dm
Yq1oym7fhI4iUGcGoX/7fV3FYVNeWNCIuyOWuPFSzUDX/AeTDypzU+wpM3SRCbJB
T+wCPTIy9iAIwXWemrlEcHRjJpkC3/fTN1dc5Awb2u9O6vLxHIlmVTZQiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBb7wLuv9G/pT0VywQUjZy2iI2NkMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvRnZ2QXU2XzBiLWxQUlhMQkJTTm5MYUlqWTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu2ADwC
MA0GCSqGSIb3DQEBCwUAA4IBAQBMdCCyyhsDWG5TYHJaDreRrfAG0nstPImkVynV
hbq9uI1hUP9+lxR5UGOTEiOoMS8EE95KxJRKof1DyUVeA9TwuXaY6QoGDdR1XwQH
yV2MucB8vBggUWKujOQFUWXRp6XOkXRw2/tsnm8YL8wgNnA+6U0S9UhlLSWtiMZU
Vd4zRzZJzjLksyUjOVu1i+6iGFu7Fk79OB3tEqrli5dlkfQgeBJA3NG8D65nyc+5
m8zpKZC8OAdhS9UKxmlQ3kRSUpf7kwt8FGo8eZpbvrpVGpR9d+DJC1028tgh7oL9
ZATD7FW6DDDUnfYgPDa1tRny8SEliK+E97cGRH3L9xC1LUK4
-----END CERTIFICATE-----