Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/eYU05nW4fJdc7b2ljWktHXG-lHw.roa
File:                     eYU05nW4fJdc7b2ljWktHXG-lHw.roa (raw, json)
Hash identifier:          GU+h51ximRtyZHup/Sec4PsBhHNTAS3U0zMpEIsxmVo=
Subject key identifier:   79:85:34:E6:75:B8:7C:97:5C:ED:BD:A5:8D:69:2D:1D:71:BE:94:7C
Certificate issuer:       /CN=7f168028ec0dab668a67d5bf6f5358caabe337a8
Certificate serial:       018CC94DC8560906DF6B469F4EBE47E538CA
Authority key identifier: 7F:16:80:28:EC:0D:AB:66:8A:67:D5:BF:6F:53:58:CA:AB:E3:37:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/eYU05nW4fJdc7b2ljWktHXG-lHw.roa
Signing time:             Tue 02 Jan 2024 08:32:47 +0000
ROA not before:           Tue 02 Jan 2024 08:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51105
IP address blocks:        2a01:8ae0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c8:56:09:06:df:6b:46:9f:4e:be:47:e5:38:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f168028ec0dab668a67d5bf6f5358caabe337a8
        Validity
            Not Before: Jan  2 08:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=798534e675b87c975cedbda58d692d1d71be947c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0f:5f:b7:b0:ea:8e:a3:e3:8c:9b:f5:a3:04:
                    03:42:68:64:dd:bf:1a:19:77:0a:bf:38:14:04:a6:
                    c6:c7:87:0a:3e:4e:06:dd:fb:cb:70:e7:a2:01:dc:
                    79:24:d5:9e:d3:cf:09:08:b8:dc:2c:41:09:0d:23:
                    e8:23:4f:be:80:89:e0:97:d0:c2:e4:88:1c:67:bd:
                    54:97:58:a3:b7:82:68:64:ec:f6:fc:60:61:43:8a:
                    f4:c3:20:9b:be:ef:0c:39:7f:80:bf:04:75:fd:be:
                    c6:60:8e:0f:4e:81:8a:9b:c6:26:23:95:01:f4:60:
                    32:9c:28:b0:2e:c4:13:57:94:5d:11:ca:03:28:ce:
                    19:2c:5b:e7:c9:e9:03:e4:b5:92:e4:53:7c:1a:a5:
                    a2:ef:13:2f:8e:52:de:79:e4:c3:4e:db:e7:a7:e0:
                    54:45:98:93:62:3a:72:b0:2a:1d:b0:b6:54:36:8f:
                    93:db:73:78:1c:ac:7f:07:9d:e5:4b:7b:95:de:4d:
                    95:71:95:d1:aa:1a:09:6b:d2:30:44:ef:dd:72:3e:
                    e3:ed:91:07:59:b9:b9:74:20:9b:98:c5:07:d6:be:
                    5f:2d:2e:df:c8:70:85:ef:a0:1f:0d:30:41:30:77:
                    b2:c3:ad:21:d9:9e:e0:f7:60:19:89:bf:30:41:23:
                    21:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:85:34:E6:75:B8:7C:97:5C:ED:BD:A5:8D:69:2D:1D:71:BE:94:7C
            X509v3 Authority Key Identifier:
                keyid:7F:16:80:28:EC:0D:AB:66:8A:67:D5:BF:6F:53:58:CA:AB:E3:37:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/eYU05nW4fJdc7b2ljWktHXG-lHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b15286-fd4d-49fe-a69e-7fadf50a2e37/1/fxaAKOwNq2aKZ9W_b1NYyqvjN6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:c7:81:39:f0:c0:76:08:a4:19:30:e5:67:40:f7:0f:28:8a:
         2e:f6:e3:ad:29:b7:6f:35:a5:c4:67:fa:ec:84:84:a9:e8:0f:
         e1:64:1a:01:22:97:3a:c2:50:a8:f8:76:01:3b:9a:fb:a8:03:
         c1:23:81:db:ec:3e:70:f0:cc:59:da:4a:85:65:13:3f:c6:c9:
         18:29:a7:c0:2b:0a:5b:11:25:8c:c8:9e:6a:e3:f2:fd:4e:6d:
         6b:01:fb:ae:18:c0:9b:a9:a4:0f:c8:1a:a7:ee:e8:97:d0:76:
         0d:83:eb:12:9d:ae:65:68:dc:37:24:9d:81:01:bd:22:89:ba:
         c4:40:ef:4d:33:8a:41:2e:ff:33:2c:9c:14:01:4e:2c:69:ca:
         1e:0f:ef:90:38:f2:15:eb:f9:06:af:bb:b5:68:3e:c1:fa:21:
         9c:87:b9:7b:c9:8f:ba:5c:06:ed:63:07:62:fa:90:56:cd:4f:
         7e:d2:cb:bd:64:56:f1:97:66:12:16:6d:fe:c4:53:8a:09:64:
         a2:c8:b5:d3:6f:37:a7:95:96:62:ad:fb:68:6e:43:12:99:1f:
         e8:a9:12:f4:1d:53:cd:ae:12:95:34:c0:86:c1:09:aa:0e:3e:
         86:05:02:1b:18:50:b2:65:93:9f:06:9c:13:fc:6d:47:70:49:
         d3:c2:53:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTchWCQbfa0afTr5H5TjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMTY4MDI4ZWMwZGFiNjY4YTY3ZDViZjZmNTM1OGNhYWJl
MzM3YTgwHhcNMjQwMTAyMDgzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTg1MzRlNjc1Yjg3Yzk3NWNlZGJkYTU4ZDY5MmQxZDcxYmU5NDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow9ft7DqjqPjjJv1owQDQmhk3b8a
GXcKvzgUBKbGx4cKPk4G3fvLcOeiAdx5JNWe088JCLjcLEEJDSPoI0++gIngl9DC
5IgcZ71Ul1ijt4JoZOz2/GBhQ4r0wyCbvu8MOX+AvwR1/b7GYI4PToGKm8YmI5UB
9GAynCiwLsQTV5RdEcoDKM4ZLFvnyekD5LWS5FN8GqWi7xMvjlLeeeTDTtvnp+BU
RZiTYjpysCodsLZUNo+T23N4HKx/B53lS3uV3k2VcZXRqhoJa9IwRO/dcj7j7ZEH
Wbm5dCCbmMUH1r5fLS7fyHCF76AfDTBBMHeyw60h2Z7g92AZib8wQSMhdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHmFNOZ1uHyXXO29pY1pLR1xvpR8MB8GA1UdIwQY
MBaAFH8WgCjsDatmimfVv29TWMqr4zeoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnhhQUtPd05xMmFLWjlXX2IxTll5cXZqTjZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iMTUyODYtZmQ0ZC00OWZlLWE2OWUt
N2ZhZGY1MGEyZTM3LzEvZVlVMDVuVzRmSmRjN2IybGpXa3RIWEctbEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iMTUyODYtZmQ0ZC00OWZlLWE2OWUtN2ZhZGY1MGEyZTM3
LzEvZnhhQUtPd05xMmFLWjlXX2IxTll5cXZqTjZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgGK4DAN
BgkqhkiG9w0BAQsFAAOCAQEAFceBOfDAdgikGTDlZ0D3DyiKLvbjrSm3bzWlxGf6
7ISEqegP4WQaASKXOsJQqPh2ATua+6gDwSOB2+w+cPDMWdpKhWUTP8bJGCmnwCsK
WxEljMieauPy/U5tawH7rhjAm6mkD8gap+7ol9B2DYPrEp2uZWjcNySdgQG9Iom6
xEDvTTOKQS7/MyycFAFOLGnKHg/vkDjyFev5Bq+7tWg+wfohnIe5e8mPulwG7WMH
YvqQVs1PftLLvWRW8ZdmEhZt/sRTiglkosi10283p5WWYq37aG5DEpkf6KkS9B1T
za4SlTTAhsEJqg4+hgUCGxhQsmWTnwacE/xtR3BJ08JTlA==
-----END CERTIFICATE-----