Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/_XlTR9n70DNzPKVjAssYE5KuCu0.roa
File:                     _XlTR9n70DNzPKVjAssYE5KuCu0.roa (raw, json)
Hash identifier:          SkeZnbRRhSDeT8l8HO75eji7C+C7TcNNTTbiP2hI9qg=
Subject key identifier:   FD:79:53:47:D9:FB:D0:33:73:3C:A5:63:02:CB:18:13:92:AE:0A:ED
Certificate issuer:       /CN=f15cb9afc8a8670e1f116cbd21499c9f71215bc0
Certificate serial:       018F94A83CA43F3A6DD79779B86AE38F3DE1
Authority key identifier: F1:5C:B9:AF:C8:A8:67:0E:1F:11:6C:BD:21:49:9C:9F:71:21:5B:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/_XlTR9n70DNzPKVjAssYE5KuCu0.roa
Signing time:             Mon 20 May 2024 06:20:04 +0000
ROA not before:           Mon 20 May 2024 06:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        2a00:b703:fff1::/48 maxlen: 48
                          2a00:b703:fff2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:94:a8:3c:a4:3f:3a:6d:d7:97:79:b8:6a:e3:8f:3d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f15cb9afc8a8670e1f116cbd21499c9f71215bc0
        Validity
            Not Before: May 20 06:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd795347d9fbd033733ca56302cb181392ae0aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:db:0a:34:be:f3:ed:52:56:eb:76:45:6c:
                    bb:47:87:39:fc:47:79:cb:53:3c:57:7c:15:aa:af:
                    90:e7:00:f0:9a:c3:5e:9b:2d:07:2e:2f:3a:45:23:
                    66:54:55:8e:64:3d:79:09:65:1a:d6:c1:92:b2:aa:
                    9a:02:43:65:b0:5c:a9:5e:18:b1:0a:b4:fe:e2:19:
                    ee:ea:ae:3e:8b:7a:1f:35:75:73:85:82:53:85:0f:
                    0e:6c:8b:1f:1b:ce:00:d2:f9:75:a5:2c:88:1b:79:
                    c6:69:37:b1:d1:65:74:52:42:30:c9:93:4e:3c:5a:
                    4a:f6:67:fc:f8:35:82:37:e3:b3:34:af:3f:5a:c4:
                    1c:f2:71:91:3e:b4:63:85:0f:e0:d1:10:dd:76:9b:
                    8a:22:73:39:16:36:b3:ec:e0:99:83:db:d9:a6:4a:
                    cb:2a:91:ce:d5:de:6c:ee:c2:9b:81:4b:63:50:63:
                    7b:28:d9:3c:47:0c:c7:05:3a:5c:88:be:27:8a:8f:
                    10:96:a2:84:b1:4b:e9:3f:b2:50:cf:7f:02:17:75:
                    f7:82:19:d7:37:cd:1f:d7:f5:a2:53:f6:26:58:8f:
                    76:63:09:68:02:90:57:bf:1b:dd:57:30:76:c4:3e:
                    97:1d:b0:35:85:cb:57:5f:88:0d:dd:f5:72:87:cd:
                    54:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:79:53:47:D9:FB:D0:33:73:3C:A5:63:02:CB:18:13:92:AE:0A:ED
            X509v3 Authority Key Identifier:
                keyid:F1:5C:B9:AF:C8:A8:67:0E:1F:11:6C:BD:21:49:9C:9F:71:21:5B:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/_XlTR9n70DNzPKVjAssYE5KuCu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/977d70-6c87-409d-8ef8-027a743ba462/1/8Vy5r8ioZw4fEWy9IUmcn3EhW8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:b703:fff1::-2a00:b703:fff2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         ae:9b:82:30:af:63:6e:d0:76:cc:33:60:f3:c5:24:0e:2a:3f:
         0d:3d:79:48:05:7c:51:c3:fb:f6:b1:88:ea:20:bb:d0:54:73:
         02:2e:f9:47:25:fe:6d:03:12:77:ab:f3:62:f1:11:b2:3b:93:
         ab:80:96:d4:71:a8:75:8f:21:e3:38:ad:c2:5e:eb:05:4f:4f:
         10:f0:2b:32:d0:0c:03:b1:b1:c9:61:ea:65:0f:93:4d:3c:67:
         c7:c3:41:0b:3f:d4:0c:c2:2d:a4:9a:97:99:04:a6:d3:72:9f:
         32:7b:c3:7d:91:80:81:0f:76:59:07:76:c0:94:48:b7:be:8e:
         14:71:ae:78:03:a3:8a:35:cf:7b:b1:f4:86:29:68:d5:de:19:
         8a:6d:74:93:b3:02:28:61:50:7b:6b:c3:67:74:d3:c6:61:40:
         db:2b:40:be:59:2e:21:65:e8:12:2d:b9:e8:84:ef:33:5f:1a:
         46:c7:fb:92:0c:81:c5:46:11:82:06:54:24:33:57:17:67:30:
         08:43:d2:be:d3:bf:ef:ae:4a:35:f2:5c:70:2b:87:fc:09:02:
         3a:9e:8c:69:58:89:d4:ba:33:da:2f:4f:70:85:10:7d:18:26:
         74:f3:44:b0:f3:74:dc:db:04:06:34:c8:5d:91:34:17:d4:f9:
         50:88:ff:fa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY+UqDykPzpt15d5uGrjjz3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNWNiOWFmYzhhODY3MGUxZjExNmNiZDIxNDk5YzlmNzEy
MTViYzAwHhcNMjQwNTIwMDYyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDc5NTM0N2Q5ZmJkMDMzNzMzY2E1NjMwMmNiMTgxMzkyYWUwYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxODbCjS+8+1SVut2RWy7R4c5/Ed5
y1M8V3wVqq+Q5wDwmsNemy0HLi86RSNmVFWOZD15CWUa1sGSsqqaAkNlsFypXhix
CrT+4hnu6q4+i3ofNXVzhYJThQ8ObIsfG84A0vl1pSyIG3nGaTex0WV0UkIwyZNO
PFpK9mf8+DWCN+OzNK8/WsQc8nGRPrRjhQ/g0RDddpuKInM5Fjaz7OCZg9vZpkrL
KpHO1d5s7sKbgUtjUGN7KNk8RwzHBTpciL4nio8QlqKEsUvpP7JQz38CF3X3ghnX
N80f1/WiU/YmWI92YwloApBXvxvdVzB2xD6XHbA1hctXX4gN3fVyh81UfwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFP15U0fZ+9AzczylYwLLGBOSrgrtMB8GA1UdIwQY
MBaAFPFcua/IqGcOHxFsvSFJnJ9xIVvAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFZ5NXI4aW9adzRmRVd5OUlVbWNuM0VoVzhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85NzdkNzAtNmM4Ny00MDlkLThlZjgt
MDI3YTc0M2JhNDYyLzEvX1hsVFI5bjcwRE56UEtWakFzc1lFNUt1Q3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85NzdkNzAtNmM4Ny00MDlkLThlZjgtMDI3YTc0M2JhNDYy
LzEvOFZ5NXI4aW9adzRmRVd5OUlVbWNuM0VoVzhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqALcD
//EDBwAqALcD//IwDQYJKoZIhvcNAQELBQADggEBAK6bgjCvY27QdswzYPPFJA4q
Pw09eUgFfFHD+/axiOogu9BUcwIu+Ucl/m0DEner82LxEbI7k6uAltRxqHWPIeM4
rcJe6wVPTxDwKzLQDAOxsclh6mUPk008Z8fDQQs/1AzCLaSal5kEptNynzJ7w32R
gIEPdlkHdsCUSLe+jhRxrngDo4o1z3ux9IYpaNXeGYptdJOzAihhUHtrw2d008Zh
QNsrQL5ZLiFl6BItueiE7zNfGkbH+5IMgcVGEYIGVCQzVxdnMAhD0r7Tv++uSjXy
XHArh/wJAjqejGlYidS6M9ovT3CFEH0YJnTzRLDzdNzbBAY0yF2RNBfU+VCI//o=
-----END CERTIFICATE-----