Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/md2Wgn6r7Ad8XFusuP--bYnLgwA.roa
File:                     md2Wgn6r7Ad8XFusuP--bYnLgwA.roa (raw, json)
Hash identifier:          TzKbMGokTLer2FlKwERLxH3TEAAEHT/rRZ+TGIx+1p8=
Subject key identifier:   99:DD:96:82:7E:AB:EC:07:7C:5C:5B:AC:B8:FF:BE:6D:89:CB:83:00
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958963BD567435B43A6E1FF74ED684
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/md2Wgn6r7Ad8XFusuP--bYnLgwA.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48625
IP address blocks:        2001:7f8:82::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:89:63:bd:56:74:35:b4:3a:6e:1f:f7:4e:d6:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99dd96827eabec077c5c5bacb8ffbe6d89cb8300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:48:e1:1d:3d:e6:04:e4:ee:0f:c3:52:ba:
                    61:a4:36:21:1b:7b:19:5c:ee:9f:34:2a:74:84:dc:
                    3a:8b:cb:02:d9:a4:49:10:e5:01:dc:b0:48:59:81:
                    58:38:54:b3:f8:ce:1c:2d:ab:0d:48:87:3f:7c:8d:
                    05:46:a6:4b:64:7d:68:72:36:ef:64:19:10:25:da:
                    67:4b:0d:16:87:e0:b5:38:da:fe:c8:d9:99:af:35:
                    e1:f8:eb:3d:01:23:35:b6:39:14:b9:be:4b:2b:1c:
                    51:9d:82:93:25:d6:78:c0:18:34:14:2a:e9:50:71:
                    f7:c2:4a:b9:81:e5:6c:e8:ab:f6:2f:d2:b4:a0:ba:
                    76:35:52:db:27:58:62:78:81:d0:8b:ea:65:98:ba:
                    ab:76:82:eb:8a:03:f1:c2:1b:8c:d3:7a:83:12:8b:
                    b2:7a:a0:4d:dd:76:d9:bf:2b:e1:07:7e:71:17:fe:
                    00:9a:5f:ee:2f:d9:a6:04:50:e5:f8:31:c0:61:a9:
                    dd:2a:e9:d4:b6:89:cc:49:a6:b6:39:02:6e:bd:dd:
                    5b:e6:1e:9f:1b:8a:da:21:c4:bb:5a:ec:8a:1c:5e:
                    cf:66:9e:a9:05:27:dd:7e:e7:b4:ff:09:fc:fe:69:
                    bc:87:62:21:cb:c2:c9:f8:81:3a:71:bf:c6:b2:3e:
                    94:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:DD:96:82:7E:AB:EC:07:7C:5C:5B:AC:B8:FF:BE:6D:89:CB:83:00
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/md2Wgn6r7Ad8XFusuP--bYnLgwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:82::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:8d:4b:02:bd:50:cb:07:5f:05:12:9c:20:85:9c:83:a3:47:
         18:c2:ae:d6:cc:10:15:43:13:02:49:10:e1:13:6d:9a:b5:19:
         8d:15:06:7d:3a:76:b5:06:5b:c9:85:35:b6:b3:e1:a0:30:f3:
         ac:1c:7d:6e:6d:9c:ca:c1:70:8b:dd:84:87:15:10:88:61:7b:
         16:6b:01:ed:73:9e:51:af:6c:80:db:79:c4:a3:75:71:bc:19:
         82:e6:94:fa:1b:71:63:e0:72:ec:68:7d:5d:b6:b8:ba:3a:2a:
         73:f3:16:8d:6a:eb:94:fc:60:c5:80:5a:45:58:98:96:e5:fe:
         71:8a:03:94:c3:04:ca:76:f3:22:c1:c5:b8:ff:9d:16:00:52:
         4c:36:f6:a3:6f:ed:53:14:2a:70:28:d9:ec:78:13:30:6b:ac:
         95:07:e6:d1:fd:51:16:36:66:f6:77:eb:3c:bb:4c:5f:e8:83:
         15:48:6c:12:1c:2c:36:a2:1a:65:b7:f9:5c:d8:87:82:66:6e:
         d0:f0:f8:5e:74:4e:74:21:6d:c4:b6:8f:f1:62:d1:97:1c:89:
         91:8f:c8:b0:4d:0e:4e:9a:fa:5d:67:d8:cb:11:0b:40:9b:7d:
         73:87:59:19:cc:94:dc:8e:30:3a:2d:6e:8a:91:2a:d6:77:08:
         db:0d:99:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlYljvVZ0NbQ6bh/3TtaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWRkOTY4MjdlYWJlYzA3N2M1YzViYWNiOGZmYmU2ZDg5Y2I4MzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIdI4R095gTk7g/DUrphpDYhG3sZ
XO6fNCp0hNw6i8sC2aRJEOUB3LBIWYFYOFSz+M4cLasNSIc/fI0FRqZLZH1ocjbv
ZBkQJdpnSw0Wh+C1ONr+yNmZrzXh+Os9ASM1tjkUub5LKxxRnYKTJdZ4wBg0FCrp
UHH3wkq5geVs6Kv2L9K0oLp2NVLbJ1hieIHQi+plmLqrdoLrigPxwhuM03qDEouy
eqBN3XbZvyvhB35xF/4Aml/uL9mmBFDl+DHAYandKunUtonMSaa2OQJuvd1b5h6f
G4raIcS7WuyKHF7PZp6pBSfdfue0/wn8/mm8h2Ihy8LJ+IE6cb/Gsj6UlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJndloJ+q+wHfFxbrLj/vm2Jy4MAMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvbWQyV2duNnI3QWQ4WEZ1c3VQLS1iWW5MZ3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+ACC
MA0GCSqGSIb3DQEBCwUAA4IBAQB/jUsCvVDLB18FEpwghZyDo0cYwq7WzBAVQxMC
SRDhE22atRmNFQZ9Ona1BlvJhTW2s+GgMPOsHH1ubZzKwXCL3YSHFRCIYXsWawHt
c55Rr2yA23nEo3VxvBmC5pT6G3Fj4HLsaH1dtri6Oipz8xaNauuU/GDFgFpFWJiW
5f5xigOUwwTKdvMiwcW4/50WAFJMNvajb+1TFCpwKNnseBMwa6yVB+bR/VEWNmb2
d+s8u0xf6IMVSGwSHCw2ohplt/lc2IeCZm7Q8PhedE50IW3Eto/xYtGXHImRj8iw
TQ5OmvpdZ9jLEQtAm31zh1kZzJTcjjA6LW6KkSrWdwjbDZmp
-----END CERTIFICATE-----