Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/4DdCslScZhf7UfdlRL_kMV2L7zk.roa
File:                     4DdCslScZhf7UfdlRL_kMV2L7zk.roa (raw, json)
Hash identifier:          z1miIhgSg7AwBaaJoYxw4VvA+9WxYP/+XXPVM87voLk=
Subject key identifier:   E0:37:42:B2:54:9C:66:17:FB:51:F7:65:44:BF:E4:31:5D:8B:EF:39
Certificate issuer:       /CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Certificate serial:       018CC72579A9E78CB2164284DB8D7AC70BFC
Authority key identifier: FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/4DdCslScZhf7UfdlRL_kMV2L7zk.roa
Signing time:             Mon 01 Jan 2024 22:29:31 +0000
ROA not before:           Mon 01 Jan 2024 22:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213106
IP address blocks:        2001:bf7:1321::/48 maxlen: 48
                          2001:bf7:1320::/44 maxlen: 48
                          2001:bf7:1350::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:79:a9:e7:8c:b2:16:42:84:db:8d:7a:c7:0b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
        Validity
            Not Before: Jan  1 22:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e03742b2549c6617fb51f76544bfe4315d8bef39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:67:e0:17:3d:86:02:8d:f5:01:38:6e:38:58:
                    58:7b:c5:c8:79:3d:e1:1b:fa:90:9e:d1:b2:9e:10:
                    e8:85:06:42:4d:5c:22:79:98:0f:7f:12:a3:7b:f4:
                    77:06:1f:8d:22:fa:db:7e:6d:04:76:57:fa:62:42:
                    4a:76:a4:84:37:78:9a:2b:de:d7:8c:67:cf:30:74:
                    3a:60:d4:57:bf:e2:2d:82:da:3e:7f:3a:97:0b:da:
                    63:47:de:92:a7:a2:af:31:d9:1f:3b:cf:c7:8b:13:
                    c7:2d:b9:d8:59:ed:33:3a:6b:9f:00:1a:cf:9a:5a:
                    97:8e:aa:9b:35:0c:45:6d:83:d4:a1:3b:8c:16:f6:
                    3b:26:43:cb:e4:ec:32:21:65:69:78:83:35:70:be:
                    31:49:d1:85:81:56:3f:49:27:f8:fb:9c:90:a0:b2:
                    b1:75:3a:d4:31:7d:8a:dc:a4:fb:90:f3:5b:7b:cc:
                    33:5b:80:33:17:71:d0:ba:65:81:6f:ce:db:a2:86:
                    91:0e:17:c3:ce:63:dc:15:e0:09:37:44:6f:b7:da:
                    a2:55:be:48:e6:d5:cd:ac:f3:37:cc:bf:36:77:91:
                    1a:e5:38:d0:8f:30:a8:8a:f2:47:a4:09:88:8b:0e:
                    b5:11:da:32:cf:31:e9:3c:5c:18:2b:fb:c9:31:03:
                    94:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:37:42:B2:54:9C:66:17:FB:51:F7:65:44:BF:E4:31:5D:8B:EF:39
            X509v3 Authority Key Identifier:
                keyid:FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/4DdCslScZhf7UfdlRL_kMV2L7zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:bf7:1320::/44
                  2001:bf7:1350::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:1e:8d:d1:86:8f:f5:b9:79:c7:75:60:34:2a:e0:fa:03:46:
         58:15:b1:f2:b0:99:87:0f:56:65:87:0c:6d:92:3f:af:84:07:
         ec:04:28:08:ec:54:dc:bf:43:fe:90:25:d9:7e:36:d3:03:ed:
         33:91:12:47:a5:7a:db:46:7c:3e:f8:57:da:cf:c4:b0:e6:3d:
         d4:10:24:26:aa:68:95:14:f1:d2:95:69:e6:6e:c6:a6:77:05:
         74:75:74:ed:89:76:d0:ce:64:d4:1e:6d:64:b4:97:a2:e4:db:
         df:fe:4f:d7:f7:82:21:b1:1b:fb:56:6a:63:9b:c3:d0:e3:18:
         50:95:9d:2d:55:71:b2:ff:86:7b:9f:6b:84:32:63:ce:f7:fa:
         41:6a:42:0d:60:a1:2d:15:6d:96:aa:c1:bb:48:e9:50:24:93:
         df:2c:f1:db:69:5e:7b:c6:c9:5e:04:a1:8c:d2:b6:7e:28:b6:
         75:01:37:bd:aa:dd:47:de:e6:6c:4e:9c:8c:0b:b6:63:40:54:
         5c:b3:be:9f:8f:50:f3:eb:60:a7:b5:56:b9:e6:3b:1e:09:1f:
         4f:69:7b:a8:98:12:ab:69:ef:19:d1:ac:f1:15:6c:4e:40:30:
         af:3e:24:dc:ba:14:9a:47:49:0f:b4:2f:8f:95:7c:13:ca:ec:
         0c:2b:7f:b9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJXmp54yyFkKE2416xwv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzE0OTI0NzNhNzhjNmZlOWY1MzlmOWZhN2QyMjUyNTYw
YTJiN2UwHhcNMjQwMTAxMjIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM3NDJiMjU0OWM2NjE3ZmI1MWY3NjU0NGJmZTQzMTVkOGJlZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmfgFz2GAo31AThuOFhYe8XIeT3h
G/qQntGynhDohQZCTVwieZgPfxKje/R3Bh+NIvrbfm0Edlf6YkJKdqSEN3iaK97X
jGfPMHQ6YNRXv+Itgto+fzqXC9pjR96Sp6KvMdkfO8/HixPHLbnYWe0zOmufABrP
mlqXjqqbNQxFbYPUoTuMFvY7JkPL5OwyIWVpeIM1cL4xSdGFgVY/SSf4+5yQoLKx
dTrUMX2K3KT7kPNbe8wzW4AzF3HQumWBb87booaRDhfDzmPcFeAJN0Rvt9qiVb5I
5tXNrPM3zL82d5Ea5TjQjzCoivJHpAmIiw61EdoyzzHpPFwYK/vJMQOUXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOA3QrJUnGYX+1H3ZUS/5DFdi+85MB8GA1UdIwQY
MBaAFP8xSSRzp4xv6fU5+fp9IlJWCit+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDct
NzNmZDNiYzE5YWE3LzEvNERkQ3NsU2NaaGY3VWZkbFJMX2tNVjJMN3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDctNzNmZDNiYzE5YWE3
LzEvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEIAEL9xMg
AwcEIAEL9xNQMA0GCSqGSIb3DQEBCwUAA4IBAQAWHo3Rho/1uXnHdWA0KuD6A0ZY
FbHysJmHD1Zlhwxtkj+vhAfsBCgI7FTcv0P+kCXZfjbTA+0zkRJHpXrbRnw++Ffa
z8Sw5j3UECQmqmiVFPHSlWnmbsamdwV0dXTtiXbQzmTUHm1ktJei5Nvf/k/X94Ih
sRv7Vmpjm8PQ4xhQlZ0tVXGy/4Z7n2uEMmPO9/pBakINYKEtFW2WqsG7SOlQJJPf
LPHbaV57xsleBKGM0rZ+KLZ1ATe9qt1H3uZsTpyMC7ZjQFRcs76fj1Dz62CntVa5
5jseCR9PaXuomBKrae8Z0azxFWxOQDCvPiTcuhSaR0kPtC+PlXwTyuwMK3+5
-----END CERTIFICATE-----