Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/Vxff7_lS78TQOmOx6LoVIz8ubdQ.roa
File:                     Vxff7_lS78TQOmOx6LoVIz8ubdQ.roa (raw, json)
Hash identifier:          crLe0SNzPisbNYTAOnznLPKN/adNgkZjN1Y/zog9k3Q=
Subject key identifier:   57:17:DF:EF:F9:52:EF:C4:D0:3A:63:B1:E8:BA:15:23:3F:2E:6D:D4
Certificate issuer:       /CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Certificate serial:       018CC72577E886D7CA42BC0E8B4BEFB20005
Authority key identifier: FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/Vxff7_lS78TQOmOx6LoVIz8ubdQ.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29670
IP address blocks:        2001:bf6::/32 maxlen: 48
                          2001:bf0:c000::/35 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:77:e8:86:d7:ca:42:bc:0e:8b:4b:ef:b2:00:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5717dfeff952efc4d03a63b1e8ba15233f2e6dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:33:30:61:14:d6:77:dd:f0:02:53:8f:00:b4:
                    63:9a:ff:3d:c5:e8:11:91:5f:31:4d:06:0e:c7:13:
                    12:fd:a7:e5:ae:11:36:83:02:f2:d9:54:3b:ad:c2:
                    92:96:aa:c1:42:9e:e7:44:4a:ae:57:38:b5:37:c5:
                    fb:69:9d:81:68:7a:60:1a:4f:7b:df:02:a4:fc:db:
                    c3:57:f1:63:72:88:58:29:27:69:66:58:1e:83:90:
                    5c:63:62:9e:97:a0:c2:73:43:1c:3a:a8:a4:d5:e5:
                    90:5e:c6:fb:6a:f4:5c:c1:5c:0a:29:21:5c:f3:64:
                    10:4b:53:46:eb:e4:7b:03:6c:29:aa:59:e3:2b:7a:
                    80:05:a6:a9:10:4d:c8:55:00:8e:39:c8:c0:1a:33:
                    c3:0f:14:f9:fb:d8:9b:4b:74:e2:db:18:6b:3a:20:
                    d4:80:09:9b:e2:14:9b:e3:38:f4:2f:5a:22:6b:6f:
                    00:17:2a:08:c4:b3:21:80:58:b9:80:66:a8:07:84:
                    98:f2:ba:fd:c1:13:2d:d6:55:87:52:0f:60:c7:00:
                    91:05:6f:9e:9b:a0:97:6f:4b:ce:22:16:84:d5:10:
                    51:b2:2a:ae:4f:f2:a5:ae:da:4a:73:c3:07:07:ce:
                    7c:68:88:6e:9b:31:67:84:46:4c:66:38:bb:3f:75:
                    47:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:17:DF:EF:F9:52:EF:C4:D0:3A:63:B1:E8:BA:15:23:3F:2E:6D:D4
            X509v3 Authority Key Identifier:
                keyid:FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/Vxff7_lS78TQOmOx6LoVIz8ubdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:bf0:c000::/35
                  2001:bf6::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:a9:90:94:9b:36:08:60:3f:a9:ec:47:54:ca:4b:b6:19:77:
         34:ca:27:bc:22:de:66:1b:6c:de:f1:6d:33:58:3f:11:aa:71:
         46:5a:72:87:f0:a3:e3:83:34:6c:d0:5b:f4:d6:86:25:e2:1f:
         2a:e8:8d:b9:83:24:39:7e:54:ff:a9:bc:c4:2e:2f:1e:20:63:
         a5:d8:e2:61:09:17:cd:70:aa:53:62:cf:9b:43:92:5c:1b:1e:
         c3:b4:ed:7e:c7:d4:a1:df:08:1a:93:ea:94:7f:53:4b:a2:71:
         59:5d:1e:6b:01:9d:49:ae:86:2b:0c:43:7a:bb:4c:57:e5:60:
         fe:35:24:69:20:40:91:f3:bb:f4:11:59:47:e7:28:e2:22:f7:
         20:3c:f5:6a:b7:1e:dd:7b:bb:83:fb:f6:9d:a0:19:b2:86:80:
         75:4f:51:95:61:7b:28:9b:7c:25:43:d1:4f:f9:02:b3:03:a7:
         5c:91:0d:30:c9:ad:7c:5d:9c:6a:f6:5b:9e:da:70:82:dd:8e:
         39:ea:97:a9:0c:d0:01:02:aa:6b:5f:47:24:58:f4:16:52:80:
         5b:75:d3:72:e6:7d:71:e5:7c:d8:1f:f4:f4:a1:90:c2:e2:35:
         32:ca:93:1d:35:73:64:27:5d:c0:36:00:ec:51:3f:52:cf:e7:
         f6:3b:aa:02
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYzHJXfohtfKQrwOi0vvsgAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzE0OTI0NzNhNzhjNmZlOWY1MzlmOWZhN2QyMjUyNTYw
YTJiN2UwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE3ZGZlZmY5NTJlZmM0ZDAzYTYzYjFlOGJhMTUyMzNmMmU2ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTMwYRTWd93wAlOPALRjmv89xegR
kV8xTQYOxxMS/aflrhE2gwLy2VQ7rcKSlqrBQp7nREquVzi1N8X7aZ2BaHpgGk97
3wKk/NvDV/FjcohYKSdpZlgeg5BcY2Kel6DCc0McOqik1eWQXsb7avRcwVwKKSFc
82QQS1NG6+R7A2wpqlnjK3qABaapEE3IVQCOOcjAGjPDDxT5+9ibS3Ti2xhrOiDU
gAmb4hSb4zj0L1oia28AFyoIxLMhgFi5gGaoB4SY8rr9wRMt1lWHUg9gxwCRBW+e
m6CXb0vOIhaE1RBRsiquT/KlrtpKc8MHB858aIhumzFnhEZMZji7P3VH5wIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFFcX3+/5Uu/E0Dpjsei6FSM/Lm3UMB8GA1UdIwQY
MBaAFP8xSSRzp4xv6fU5+fp9IlJWCit+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDct
NzNmZDNiYzE5YWE3LzEvVnhmZjdfbFM3OFRRT21PeDZMb1ZJejh1YmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDctNzNmZDNiYzE5YWE3
LzEvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwYFIAEL8MAD
BQAgAQv2MA0GCSqGSIb3DQEBCwUAA4IBAQAiqZCUmzYIYD+p7EdUyku2GXc0yie8
It5mG2ze8W0zWD8RqnFGWnKH8KPjgzRs0Fv01oYl4h8q6I25gyQ5flT/qbzELi8e
IGOl2OJhCRfNcKpTYs+bQ5JcGx7DtO1+x9Sh3wgak+qUf1NLonFZXR5rAZ1JroYr
DEN6u0xX5WD+NSRpIECR87v0EVlH5yjiIvcgPPVqtx7de7uD+/adoBmyhoB1T1GV
YXsom3wlQ9FP+QKzA6dckQ0wya18XZxq9lue2nCC3Y456pepDNABAqprX0ckWPQW
UoBbddNy5n1x5XzYH/T0oZDC4jUyypMdNXNkJ13ANgDsUT9Sz+f2O6oC
-----END CERTIFICATE-----