Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/_39QFah0VF-CCniR3f4jPIvHAnQ.roa
File:                     _39QFah0VF-CCniR3f4jPIvHAnQ.roa (raw, json)
Hash identifier:          OcApsCEsiXeKA2tyFfgWMllIzSLBgf8FKXCHx0gGzJE=
Subject key identifier:   FF:7F:50:15:A8:74:54:5F:82:0A:78:91:DD:FE:23:3C:8B:C7:02:74
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6AB5B47D45C57FCFA8F185932C0B9
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/_39QFah0VF-CCniR3f4jPIvHAnQ.roa
Signing time:             Mon 01 Jan 2024 06:29:37 +0000
ROA not before:           Mon 01 Jan 2024 06:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        2a07:3501:1030::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ab:5b:47:d4:5c:57:fc:fa:8f:18:59:32:c0:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff7f5015a874545f820a7891ddfe233c8bc70274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:dc:fc:eb:06:9c:fb:a8:c8:9e:b1:e9:e2:96:
                    f3:d3:9a:12:91:ca:f9:e7:70:30:b0:4f:6d:69:cf:
                    a1:53:d0:3c:99:19:88:14:c9:3d:38:7f:2e:05:7f:
                    1b:aa:e7:81:4e:71:9a:ce:49:f8:03:5a:43:42:84:
                    60:f3:ee:37:ce:1e:02:f7:6d:84:2f:e4:8e:47:d8:
                    24:e1:db:a0:c7:0a:86:c1:3e:e7:3a:35:d2:10:57:
                    38:5b:2c:67:f9:12:f1:d3:cc:d4:bc:28:f1:b3:8a:
                    44:c3:3d:23:a7:36:42:43:9f:bc:d0:aa:8b:f3:96:
                    50:71:fd:61:c7:5f:30:2f:68:a5:bb:7a:d5:c1:de:
                    00:a7:34:ed:bf:2a:f6:c0:3e:c0:33:ae:1c:fd:d3:
                    a2:c9:c9:78:86:e5:04:f5:d7:66:0c:71:26:01:4f:
                    82:f8:bf:f5:17:03:68:0c:80:0d:e1:86:8b:93:1d:
                    fe:2c:b2:34:53:e3:bd:e8:08:05:4f:c2:d7:4a:02:
                    4c:73:f2:c6:ba:60:5e:76:09:11:38:af:a9:f6:93:
                    fb:7c:94:a5:92:be:63:24:0e:81:a4:8d:5e:e2:92:
                    58:2b:ab:87:55:49:3d:4d:af:ce:34:9c:76:0d:72:
                    d2:27:f7:e1:66:0b:a4:cd:71:2b:d3:7c:56:0d:70:
                    95:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7F:50:15:A8:74:54:5F:82:0A:78:91:DD:FE:23:3C:8B:C7:02:74
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/_39QFah0VF-CCniR3f4jPIvHAnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1030::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:b7:19:15:a7:91:20:8f:f1:0e:46:0e:8d:35:23:1a:14:47:
         3c:42:34:1f:08:2a:ef:a3:bf:43:69:37:b2:c8:0d:a1:c8:ba:
         35:c7:d2:47:29:50:bc:2e:1b:16:ea:02:54:18:35:61:0f:e2:
         48:d0:9b:6b:aa:8f:e1:66:62:59:15:11:01:23:e8:f9:e7:4f:
         39:45:ea:db:32:ec:9c:47:d3:d9:01:9e:7c:69:71:93:db:8c:
         f3:06:1a:d5:a2:cb:9e:e6:ba:59:7f:9b:72:a8:bf:e6:51:fe:
         86:04:ad:d0:79:97:b2:5e:d4:dc:ee:38:fc:9b:45:cc:62:66:
         4a:6d:6c:14:fa:37:3c:46:c5:47:cf:e3:26:ad:1a:2d:4a:ba:
         b0:e6:6c:54:f3:7d:b0:52:fa:e0:27:bd:30:b1:4a:61:39:44:
         de:d9:56:05:9d:a9:90:3c:d2:6e:09:15:6a:7e:d2:81:34:a4:
         28:5d:b9:60:7a:cb:29:03:59:0f:9f:ec:a6:be:14:2a:c8:0c:
         a9:49:ef:70:fd:2c:fd:51:4d:29:68:27:da:ce:0e:e3:77:6c:
         c8:37:14:ae:f3:c1:ee:a5:69:16:91:83:ea:83:af:9a:d1:5f:
         23:d6:63:73:e8:a9:a5:d5:7c:a0:dc:54:c1:94:cc:5e:e1:2d:
         1e:fc:46:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtqtbR9RcV/z6jxhZMsC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdmNTAxNWE4NzQ1NDVmODIwYTc4OTFkZGZlMjMzYzhiYzcwMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidz86wac+6jInrHp4pbz05oSkcr5
53AwsE9tac+hU9A8mRmIFMk9OH8uBX8bqueBTnGazkn4A1pDQoRg8+43zh4C922E
L+SOR9gk4dugxwqGwT7nOjXSEFc4Wyxn+RLx08zUvCjxs4pEwz0jpzZCQ5+80KqL
85ZQcf1hx18wL2ilu3rVwd4ApzTtvyr2wD7AM64c/dOiycl4huUE9ddmDHEmAU+C
+L/1FwNoDIAN4YaLkx3+LLI0U+O96AgFT8LXSgJMc/LGumBedgkROK+p9pP7fJSl
kr5jJA6BpI1e4pJYK6uHVUk9Ta/ONJx2DXLSJ/fhZgukzXEr03xWDXCVrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP9/UBWodFRfggp4kd3+IzyLxwJ0MB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvXzM5UUZhaDBWRi1DQ25pUjNmNGpQSXZIQW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARAw
MA0GCSqGSIb3DQEBCwUAA4IBAQC1txkVp5Egj/EORg6NNSMaFEc8QjQfCCrvo79D
aTeyyA2hyLo1x9JHKVC8LhsW6gJUGDVhD+JI0Jtrqo/hZmJZFREBI+j55085Rerb
MuycR9PZAZ58aXGT24zzBhrVosue5rpZf5tyqL/mUf6GBK3QeZeyXtTc7jj8m0XM
YmZKbWwU+jc8RsVHz+MmrRotSrqw5mxU832wUvrgJ70wsUphOUTe2VYFnamQPNJu
CRVqftKBNKQoXblgesspA1kPn+ymvhQqyAypSe9w/Sz9UU0paCfazg7jd2zINxSu
88HupWkWkYPqg6+a0V8j1mNz6Kml1Xyg3FTBlMxe4S0e/EYb
-----END CERTIFICATE-----