Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/8LzhxsZay75U7aTvpB7E6VaBEN8.roa
File:                     8LzhxsZay75U7aTvpB7E6VaBEN8.roa (raw, json)
Hash identifier:          JEMqCLCToppZOCIhPnGFQP3sMb6rpgOz6E45JXunGlQ=
Subject key identifier:   F0:BC:E1:C6:C6:5A:CB:BE:54:ED:A4:EF:A4:1E:C4:E9:56:81:10:DF
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6B2E4F00BF7BE53FCF13E4BB92F8C
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/8LzhxsZay75U7aTvpB7E6VaBEN8.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198687
IP address blocks:        2a07:3501:1090::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b2:e4:f0:0b:f7:be:53:fc:f1:3e:4b:b9:2f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0bce1c6c65acbbe54eda4efa41ec4e9568110df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:67:ea:d3:3d:3e:94:f7:66:a2:ab:ba:ba:df:
                    6d:7f:24:3f:41:49:09:a6:bd:6a:18:ff:d7:d7:45:
                    bf:ba:6c:54:70:a3:53:c6:26:68:50:c8:d7:7d:22:
                    95:09:45:39:87:3b:4b:0a:95:28:16:67:18:2c:60:
                    e9:27:b8:f9:3c:94:91:47:88:0c:84:7f:80:02:58:
                    6a:bb:53:2b:d7:60:0f:46:1f:34:ea:a0:ca:27:0d:
                    88:1e:e7:57:bd:94:89:45:06:b3:fd:9b:c1:5c:b6:
                    94:24:e5:8d:f0:2a:d1:94:92:3b:ce:fe:8a:e0:ff:
                    91:7b:91:91:db:1b:f4:d2:9e:f4:f8:15:f8:ef:a1:
                    e1:48:22:9c:68:2a:c6:00:3d:67:a7:de:0b:d9:15:
                    8b:07:50:b1:98:d1:ab:fc:c1:b4:b6:95:c6:1e:c7:
                    23:a6:e3:2f:a9:64:04:3d:86:4a:c6:da:c9:af:0b:
                    4e:43:bd:b0:58:b2:66:93:19:87:a1:aa:3d:6e:de:
                    3e:09:ad:ee:da:e7:1f:16:01:8f:f7:fb:cd:0d:81:
                    a2:a1:81:6c:b5:47:a4:c6:2d:2c:61:ca:ff:d2:df:
                    9c:c7:2a:b7:11:fe:55:0b:66:40:a1:f6:54:e2:09:
                    e7:ff:f4:d3:b0:ba:fe:60:a9:93:37:e3:17:1a:d1:
                    47:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:BC:E1:C6:C6:5A:CB:BE:54:ED:A4:EF:A4:1E:C4:E9:56:81:10:DF
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/8LzhxsZay75U7aTvpB7E6VaBEN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1090::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:87:c1:b3:64:8c:cc:b9:0f:c4:87:b5:41:e6:98:91:be:6a:
         e1:26:a8:b5:56:72:84:29:ad:67:69:8e:ee:65:32:89:d7:e9:
         f6:08:a1:17:b1:16:33:08:d1:a6:8a:35:32:cf:aa:41:0c:63:
         53:e9:92:5b:42:af:a9:a7:e9:98:f3:ce:02:57:82:04:93:20:
         b5:67:87:b9:b5:9d:1b:83:9c:19:ef:98:ff:40:9a:42:21:bd:
         d1:ff:00:fc:8f:a0:c3:c4:3e:d0:d4:a2:99:73:ac:38:e1:5c:
         72:24:ec:c2:eb:e3:2e:d5:7d:df:6e:5c:48:c4:54:6f:b6:f5:
         34:f6:6f:af:30:51:c4:05:aa:e5:5b:ad:9f:3c:cf:b3:a0:17:
         61:74:7c:51:30:4e:ba:60:0f:f5:bb:66:20:9a:5a:f1:f3:67:
         e3:fc:96:43:0a:4a:e9:a5:a5:b7:5f:8b:a7:7d:26:b4:c3:3e:
         66:3f:9a:91:3c:c9:a8:10:df:58:2c:ee:ca:83:b9:a5:0e:22:
         2b:43:e7:c5:16:d8:22:1d:b9:2a:76:be:92:fb:d5:a2:93:50:
         24:cf:dc:7b:5f:bf:a7:20:e0:a1:7c:e0:d4:e1:e7:1e:38:b2:
         c0:7a:b4:fd:6c:19:18:e8:e1:8e:6b:85:70:9f:77:68:3c:d5:
         9a:00:5a:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtrLk8Av3vlP88T5LuS+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGJjZTFjNmM2NWFjYmJlNTRlZGE0ZWZhNDFlYzRlOTU2ODExMGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mfq0z0+lPdmoqu6ut9tfyQ/QUkJ
pr1qGP/X10W/umxUcKNTxiZoUMjXfSKVCUU5hztLCpUoFmcYLGDpJ7j5PJSRR4gM
hH+AAlhqu1Mr12APRh806qDKJw2IHudXvZSJRQaz/ZvBXLaUJOWN8CrRlJI7zv6K
4P+Re5GR2xv00p70+BX476HhSCKcaCrGAD1np94L2RWLB1CxmNGr/MG0tpXGHscj
puMvqWQEPYZKxtrJrwtOQ72wWLJmkxmHoao9bt4+Ca3u2ucfFgGP9/vNDYGioYFs
tUekxi0sYcr/0t+cxyq3Ef5VC2ZAofZU4gnn//TTsLr+YKmTN+MXGtFHHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPC84cbGWsu+VO2k76QexOlWgRDfMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvOEx6aHhzWmF5NzVVN2FUdnBCN0U2VmFCRU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB9h8GzZIzMuQ/Eh7VB5piRvmrhJqi1VnKEKa1n
aY7uZTKJ1+n2CKEXsRYzCNGmijUyz6pBDGNT6ZJbQq+pp+mY884CV4IEkyC1Z4e5
tZ0bg5wZ75j/QJpCIb3R/wD8j6DDxD7Q1KKZc6w44VxyJOzC6+Mu1X3fblxIxFRv
tvU09m+vMFHEBarlW62fPM+zoBdhdHxRME66YA/1u2Ygmlrx82fj/JZDCkrppaW3
X4unfSa0wz5mP5qRPMmoEN9YLO7Kg7mlDiIrQ+fFFtgiHbkqdr6S+9Wik1Akz9x7
X7+nIOChfODU4eceOLLAerT9bBkY6OGOa4Vwn3doPNWaAFrE
-----END CERTIFICATE-----