Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/7_FMBrAVc7sfsMYUvt71kvtz3tg.roa
File:                     7_FMBrAVc7sfsMYUvt71kvtz3tg.roa (raw, json)
Hash identifier:          HK8Ovf7xfYIy7/vdg1sakAgLf1RZVxq9fpMuNVAsOlM=
Subject key identifier:   EF:F1:4C:06:B0:15:73:BB:1F:B0:C6:14:BE:DE:F5:92:FB:73:DE:D8
Certificate issuer:       /CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
Certificate serial:       018CC8DEEEB9336576920D1EAAD38270A807
Authority key identifier: 67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/7_FMBrAVc7sfsMYUvt71kvtz3tg.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60672
IP address blocks:        2a10:c883::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:09:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ee:b9:33:65:76:92:0d:1e:aa:d3:82:70:a8:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eff14c06b01573bb1fb0c614bedef592fb73ded8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0d:d9:d8:64:71:76:fd:bd:dd:50:d1:8c:dc:
                    48:af:7d:d4:f2:90:ba:51:36:1f:48:15:f0:32:ca:
                    9a:2e:91:98:a1:02:53:2c:2b:32:03:3f:0f:65:70:
                    cb:bd:7c:5e:b5:db:fb:48:63:30:f8:e4:75:28:3c:
                    e4:27:ab:ec:48:e9:db:cf:6c:74:cb:ef:6e:84:ff:
                    84:15:d4:80:51:37:2e:01:df:3a:a7:0d:2c:f6:d5:
                    4d:ae:47:34:6f:e2:9f:6e:d4:3b:46:fb:b6:bc:f2:
                    5e:98:6f:8f:14:71:6c:08:ed:0c:55:16:b1:0a:db:
                    f4:f2:de:ec:e4:24:67:f1:34:6d:19:41:11:12:ba:
                    c3:62:0e:6c:8c:21:fc:09:78:9d:8c:28:0d:44:8f:
                    6b:44:b7:c2:c6:15:72:80:f5:9d:2c:0d:48:0d:b5:
                    0d:59:1d:5a:c2:05:50:95:eb:9a:48:11:5c:5b:97:
                    62:48:68:f7:2c:92:de:21:2b:e1:8d:1c:17:cc:20:
                    de:54:81:1c:e9:4a:51:86:29:c9:50:6c:7e:93:92:
                    36:cf:77:09:dc:f9:4a:ab:06:43:71:a4:0c:31:e9:
                    47:8c:10:0d:ec:1d:4b:e1:89:3f:9f:92:a1:77:20:
                    90:d5:1c:95:22:7e:29:a5:ad:a0:6f:49:af:5a:b0:
                    3f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F1:4C:06:B0:15:73:BB:1F:B0:C6:14:BE:DE:F5:92:FB:73:DE:D8
            X509v3 Authority Key Identifier:
                keyid:67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/7_FMBrAVc7sfsMYUvt71kvtz3tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:c883::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:42:30:91:c0:b8:ed:ce:29:f4:9c:ad:c5:ce:0b:1b:aa:ff:
         8f:8e:70:ab:55:90:3b:01:cf:8f:cc:38:dd:15:f0:2e:0d:e0:
         28:f2:d3:25:c0:ae:b8:9a:49:a6:3a:d3:e9:b8:6f:39:ab:f1:
         d4:b6:82:6f:ba:47:ff:f9:e0:2b:f9:41:a4:7e:13:67:6b:05:
         fa:14:22:e6:1d:28:cf:dc:fd:db:de:4e:71:19:a5:2e:f6:92:
         87:72:d1:c3:ab:cb:92:08:14:88:e0:cb:67:ff:2d:62:19:71:
         5f:7f:11:51:98:76:60:6b:da:3c:a7:ef:d6:45:68:23:57:32:
         bd:61:29:25:71:dc:ff:bb:7c:1f:6b:36:cf:e2:c5:08:a9:c5:
         64:06:1b:0c:dd:c7:94:1d:6d:8e:92:ba:8f:a8:07:fc:72:76:
         fd:25:05:6d:ce:b7:89:e4:72:23:16:b4:7a:9b:a9:ca:d9:0f:
         a0:75:d1:29:88:18:95:28:27:7e:1b:40:53:74:e2:6f:55:f6:
         37:46:5b:41:ec:61:75:f6:b4:a0:f0:63:1b:45:31:45:72:78:
         dc:b2:90:71:81:36:8d:29:d8:f7:59:20:80:7a:d9:34:a2:97:
         9a:48:18:42:52:a1:ce:ee:95:f7:8f:7a:f4:41:82:4f:e1:dd:
         aa:de:ab:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3u65M2V2kg0eqtOCcKgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZTI0YzcyODRlZjQ4ODdlNDVkNGNjZDliZGU2NzljZDlh
YjRmMDAwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmYxNGMwNmIwMTU3M2JiMWZiMGM2MTRiZWRlZjU5MmZiNzNkZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow3Z2GRxdv293VDRjNxIr33U8pC6
UTYfSBXwMsqaLpGYoQJTLCsyAz8PZXDLvXxetdv7SGMw+OR1KDzkJ6vsSOnbz2x0
y+9uhP+EFdSAUTcuAd86pw0s9tVNrkc0b+KfbtQ7Rvu2vPJemG+PFHFsCO0MVRax
Ctv08t7s5CRn8TRtGUERErrDYg5sjCH8CXidjCgNRI9rRLfCxhVygPWdLA1IDbUN
WR1awgVQleuaSBFcW5diSGj3LJLeISvhjRwXzCDeVIEc6UpRhinJUGx+k5I2z3cJ
3PlKqwZDcaQMMelHjBAN7B1L4Yk/n5KhdyCQ1RyVIn4ppa2gb0mvWrA/NwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO/xTAawFXO7H7DGFL7e9ZL7c97YMB8GA1UdIwQY
MBaAFGfiTHKE70iH5F1MzZveZ5zZq08AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzct
MDM3NWE5YzMyYjAwLzEvN19GTUJyQVZjN3Nmc01ZVXZ0NzFrdnR6M3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzctMDM3NWE5YzMyYjAw
LzEvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhDIgzAN
BgkqhkiG9w0BAQsFAAOCAQEADEIwkcC47c4p9Jytxc4LG6r/j45wq1WQOwHPj8w4
3RXwLg3gKPLTJcCuuJpJpjrT6bhvOavx1LaCb7pH//ngK/lBpH4TZ2sF+hQi5h0o
z9z9295OcRmlLvaSh3LRw6vLkggUiODLZ/8tYhlxX38RUZh2YGvaPKfv1kVoI1cy
vWEpJXHc/7t8H2s2z+LFCKnFZAYbDN3HlB1tjpK6j6gH/HJ2/SUFbc63ieRyIxa0
epupytkPoHXRKYgYlSgnfhtAU3Tib1X2N0ZbQexhdfa0oPBjG0UxRXJ43LKQcYE2
jSnY91kggHrZNKKXmkgYQlKhzu6V94969EGCT+Hdqt6rLQ==
-----END CERTIFICATE-----