Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/8ssogR7nMUn5efygmsx6N4WdAe8.roa
File:                     8ssogR7nMUn5efygmsx6N4WdAe8.roa (raw, json)
Hash identifier:          U3nJDP4e5EaeW899bYoThwxmq9UZWF+MGDX5jfg4+Cs=
Subject key identifier:   F2:CB:28:81:1E:E7:31:49:F9:79:FC:A0:9A:CC:7A:37:85:9D:01:EF
Certificate issuer:       /CN=f6137c597d1e30cb75618e51f42b7f79ed5ffc88
Certificate serial:       018D129A3B26F56F10D290382BAEB645A871
Authority key identifier: F6:13:7C:59:7D:1E:30:CB:75:61:8E:51:F4:2B:7F:79:ED:5F:FC:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/8ssogR7nMUn5efygmsx6N4WdAe8.roa
Signing time:             Tue 16 Jan 2024 14:08:34 +0000
ROA not before:           Tue 16 Jan 2024 14:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52041
IP address blocks:        2a0c:7b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:9a:3b:26:f5:6f:10:d2:90:38:2b:ae:b6:45:a8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6137c597d1e30cb75618e51f42b7f79ed5ffc88
        Validity
            Not Before: Jan 16 14:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2cb28811ee73149f979fca09acc7a37859d01ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:82:56:cb:50:b4:73:47:a5:9f:74:76:93:87:
                    28:08:51:96:7b:e7:e2:f2:95:f0:34:cc:0e:80:8d:
                    2c:0a:92:47:09:cb:c7:44:18:b4:b7:1f:77:35:f2:
                    16:3c:f8:c6:a3:70:aa:9a:ec:f4:34:dd:ce:4c:42:
                    22:f6:c7:b6:bc:9b:d2:c1:f8:80:0c:19:f8:1b:3a:
                    2e:69:9a:50:51:9d:08:cf:d7:3b:1a:c6:0b:9b:68:
                    eb:51:de:84:f0:9c:53:95:86:37:a5:6c:07:1e:46:
                    fe:cb:c2:30:af:b9:82:4a:e0:dd:21:16:34:4a:22:
                    c9:3d:d4:e7:77:a1:a1:aa:ae:26:78:f4:ea:af:05:
                    15:90:38:b3:bc:03:0f:69:e4:4b:3e:7e:df:21:07:
                    8e:72:0a:d4:1c:83:1c:51:ee:a4:5a:25:82:38:32:
                    d5:31:2f:d2:af:ed:34:dd:25:e2:04:58:3d:1a:1f:
                    a4:e0:b0:31:9d:1a:4d:e1:32:98:5b:d4:7a:c8:5b:
                    1f:f3:4b:6a:15:32:7b:40:25:4e:aa:45:e7:34:13:
                    c3:3d:75:fa:a3:67:09:cf:1a:80:61:ee:e3:9f:fd:
                    fe:c8:63:2e:04:a8:23:35:54:ff:70:40:22:b7:a2:
                    e5:8c:64:be:86:b9:4f:59:40:c1:1d:83:6d:8a:c2:
                    72:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CB:28:81:1E:E7:31:49:F9:79:FC:A0:9A:CC:7A:37:85:9D:01:EF
            X509v3 Authority Key Identifier:
                keyid:F6:13:7C:59:7D:1E:30:CB:75:61:8E:51:F4:2B:7F:79:ED:5F:FC:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/8ssogR7nMUn5efygmsx6N4WdAe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:7b:75:f4:89:08:58:8e:63:2d:3e:d4:ea:34:a9:ff:96:14:
         76:18:57:cd:54:20:6c:45:d6:60:05:48:3b:08:78:9c:76:47:
         f8:af:77:15:87:2f:d6:fb:5e:a1:26:c9:2e:47:a6:83:dd:ee:
         fa:b3:01:6a:48:3e:ed:11:b1:a6:c8:93:f4:e8:9a:00:0a:4a:
         a6:11:4b:e3:b1:b6:54:ef:7d:df:dc:60:9c:c2:de:15:96:e2:
         7e:39:b2:3d:2e:bc:37:8d:15:73:2b:df:dc:6a:e2:dc:31:34:
         bd:d6:7e:ec:b7:a1:74:9c:1f:77:78:aa:1a:ef:c9:9d:f4:ce:
         0a:29:22:99:89:c4:37:4e:db:09:d4:c1:a1:a6:47:02:5e:fa:
         2f:97:c1:74:34:63:59:e6:00:81:99:39:70:d1:c4:03:90:c0:
         2e:eb:ca:23:19:0f:ac:bb:bd:ff:68:bd:49:5b:6c:49:5e:34:
         21:68:30:e2:74:da:b8:ed:b2:3e:40:80:09:65:39:a6:66:a6:
         40:1e:27:9d:aa:cf:43:97:1c:d2:91:bf:4f:ce:0b:67:1e:e0:
         02:87:ae:15:93:07:6d:7c:e6:fd:a2:73:ca:ca:34:0a:23:f3:
         fa:27:5e:f9:82:d6:7a:e5:58:2d:9a:3d:f3:10:06:0b:98:ad:
         01:7e:07:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0Smjsm9W8Q0pA4K662RahxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MTM3YzU5N2QxZTMwY2I3NTYxOGU1MWY0MmI3Zjc5ZWQ1
ZmZjODgwHhcNMjQwMTE2MTQwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNiMjg4MTFlZTczMTQ5Zjk3OWZjYTA5YWNjN2EzNzg1OWQwMWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YJWy1C0c0eln3R2k4coCFGWe+fi
8pXwNMwOgI0sCpJHCcvHRBi0tx93NfIWPPjGo3Cqmuz0NN3OTEIi9se2vJvSwfiA
DBn4GzouaZpQUZ0Iz9c7GsYLm2jrUd6E8JxTlYY3pWwHHkb+y8Iwr7mCSuDdIRY0
SiLJPdTnd6Ghqq4mePTqrwUVkDizvAMPaeRLPn7fIQeOcgrUHIMcUe6kWiWCODLV
MS/Sr+003SXiBFg9Gh+k4LAxnRpN4TKYW9R6yFsf80tqFTJ7QCVOqkXnNBPDPXX6
o2cJzxqAYe7jn/3+yGMuBKgjNVT/cEAit6LljGS+hrlPWUDBHYNtisJy8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPLLKIEe5zFJ+Xn8oJrMejeFnQHvMB8GA1UdIwQY
MBaAFPYTfFl9HjDLdWGOUfQrf3ntX/yIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWhOOFdYMGVNTXQxWVk1UjlDdF9lZTFmX0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8wZjFmOWYtNWE1MS00YmQ2LWJmMzAt
MzlhMjQzODhhNWU4LzEvOHNzb2dSN25NVW41ZWZ5Z21zeDZONFdkQWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8wZjFmOWYtNWE1MS00YmQ2LWJmMzAtMzlhMjQzODhhNWU4
LzEvOWhOOFdYMGVNTXQxWVk1UjlDdF9lZTFmX0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgx7gDAN
BgkqhkiG9w0BAQsFAAOCAQEAe3t19IkIWI5jLT7U6jSp/5YUdhhXzVQgbEXWYAVI
Owh4nHZH+K93FYcv1vteoSbJLkemg93u+rMBakg+7RGxpsiT9OiaAApKphFL47G2
VO9939xgnMLeFZbifjmyPS68N40Vcyvf3Gri3DE0vdZ+7LehdJwfd3iqGu/JnfTO
CikimYnEN07bCdTBoaZHAl76L5fBdDRjWeYAgZk5cNHEA5DALuvKIxkPrLu9/2i9
SVtsSV40IWgw4nTauO2yPkCACWU5pmamQB4nnarPQ5cc0pG/T84LZx7gAoeuFZMH
bXzm/aJzyso0CiPz+ide+YLWeuVYLZo98xAGC5itAX4HGA==
-----END CERTIFICATE-----