Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PB-IUCMGOjjp9rePgWxnXD6peTk.roa
File:                     PB-IUCMGOjjp9rePgWxnXD6peTk.roa (raw, json)
Hash identifier:          JPFdgJ5urmjgHZ1flFPdzB1lC0xBOf6S6HxYOK/+4Ms=
Subject key identifier:   3C:1F:88:50:23:06:3A:38:E9:F6:B7:8F:81:6C:67:5C:3E:A9:79:39
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018CC9BC2A08E75E2CF0DF051B94370FA6C1
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PB-IUCMGOjjp9rePgWxnXD6peTk.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209968
IP address blocks:        2a0f:1e85::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2a:08:e7:5e:2c:f0:df:05:1b:94:37:0f:a6:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c1f885023063a38e9f6b78f816c675c3ea97939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:30:15:2a:11:cf:54:82:57:85:05:f7:8b:0d:
                    29:47:10:15:3a:46:e8:5d:76:50:27:cf:5f:f6:a6:
                    e3:a5:48:0c:62:77:50:aa:8d:2e:c3:8f:2a:c4:ed:
                    83:4d:1c:dd:d3:71:4b:26:1a:51:4d:60:fd:a0:12:
                    d4:c0:38:c1:5b:5b:64:10:b0:90:b6:62:1a:1f:8f:
                    6e:bd:66:f2:37:b2:72:f9:f3:07:87:a0:a0:bb:91:
                    26:0f:55:75:b0:2f:ae:04:8d:33:96:9f:10:15:97:
                    d4:e6:06:c0:0b:39:db:59:35:4b:c1:aa:b3:39:1a:
                    42:e7:a7:61:ff:20:6e:bc:91:c1:39:ff:7f:0e:3f:
                    52:0b:b7:31:6a:be:69:81:8f:51:66:bb:46:5b:2e:
                    55:59:4e:52:3f:dc:a0:7a:97:b8:f6:36:24:4a:bd:
                    10:bb:f3:f5:2e:62:49:69:80:c4:2d:72:0b:8d:2d:
                    92:c7:ec:9b:12:e3:3f:4b:00:ca:4e:29:6c:c6:af:
                    57:8b:7b:8a:23:be:2b:f7:e5:aa:b5:16:fd:0f:99:
                    92:a2:83:ce:7c:98:c8:a2:16:8f:bf:93:a3:e0:93:
                    7d:e5:07:fa:f6:aa:ef:b8:2b:3e:6e:5c:92:f6:23:
                    81:43:5a:35:2e:00:46:5b:05:46:53:ed:9e:46:1d:
                    41:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1F:88:50:23:06:3A:38:E9:F6:B7:8F:81:6C:67:5C:3E:A9:79:39
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PB-IUCMGOjjp9rePgWxnXD6peTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1e85::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:0c:8f:d4:5c:79:b8:86:ec:bf:a0:3c:cb:9e:d0:43:62:94:
         4d:05:33:7d:69:93:52:7a:14:67:a7:f8:0b:06:7e:dc:e2:af:
         89:29:3e:bb:18:21:34:00:c7:a4:bc:1a:5d:ad:70:d4:f3:75:
         3b:ba:8f:b6:1a:ee:18:e1:37:42:70:3c:1c:28:b5:15:87:1d:
         5d:33:de:af:85:ad:0a:b9:13:d3:bf:da:c0:6b:1c:17:0a:54:
         a5:b0:be:4c:69:14:13:4a:00:1d:53:e2:02:fe:58:1e:63:88:
         37:5b:47:cc:4b:f7:b5:2b:b9:e9:5d:11:38:a6:ac:03:94:76:
         cb:c2:61:10:89:88:8d:46:18:fa:23:d2:9e:47:e3:4f:c4:e4:
         2a:30:bf:5b:f9:64:ba:61:5b:90:3f:c8:05:dd:51:0d:fc:eb:
         82:d0:1d:ae:7a:da:dc:27:2a:78:e1:d7:f3:05:c3:6b:f6:51:
         83:c8:a8:70:cd:20:ec:dc:6a:a1:29:48:d9:be:4f:0b:72:f7:
         de:d1:b5:89:03:64:32:a4:e9:3a:37:17:6b:5e:81:02:6a:ed:
         07:03:59:f8:d4:79:87:3f:af:b9:00:8f:72:c2:3e:08:97:d4:
         18:1e:be:96:d2:69:bd:30:97:45:28:e4:cc:95:dc:99:42:7e:
         db:30:d8:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvCoI514s8N8FG5Q3D6bBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzFmODg1MDIzMDYzYTM4ZTlmNmI3OGY4MTZjNjc1YzNlYTk3OTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDAVKhHPVIJXhQX3iw0pRxAVOkbo
XXZQJ89f9qbjpUgMYndQqo0uw48qxO2DTRzd03FLJhpRTWD9oBLUwDjBW1tkELCQ
tmIaH49uvWbyN7Jy+fMHh6Cgu5EmD1V1sC+uBI0zlp8QFZfU5gbACznbWTVLwaqz
ORpC56dh/yBuvJHBOf9/Dj9SC7cxar5pgY9RZrtGWy5VWU5SP9ygepe49jYkSr0Q
u/P1LmJJaYDELXILjS2Sx+ybEuM/SwDKTilsxq9Xi3uKI74r9+WqtRb9D5mSooPO
fJjIohaPv5Oj4JN95Qf69qrvuCs+blyS9iOBQ1o1LgBGWwVGU+2eRh1B1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDwfiFAjBjo46fa3j4FsZ1w+qXk5MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUEItSVVDTUdPampwOXJlUGdXeG5YRDZwZVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg8ehTAN
BgkqhkiG9w0BAQsFAAOCAQEAtwyP1Fx5uIbsv6A8y57QQ2KUTQUzfWmTUnoUZ6f4
CwZ+3OKviSk+uxghNADHpLwaXa1w1PN1O7qPthruGOE3QnA8HCi1FYcdXTPer4Wt
CrkT07/awGscFwpUpbC+TGkUE0oAHVPiAv5YHmOIN1tHzEv3tSu56V0ROKasA5R2
y8JhEImIjUYY+iPSnkfjT8TkKjC/W/lkumFbkD/IBd1RDfzrgtAdrnra3CcqeOHX
8wXDa/ZRg8iocM0g7NxqoSlI2b5PC3L33tG1iQNkMqTpOjcXa16BAmrtBwNZ+NR5
hz+vuQCPcsI+CJfUGB6+ltJpvTCXRSjkzJXcmUJ+2zDYBg==
-----END CERTIFICATE-----