Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/8QpsFWQ-mASNPviVqcb5h0_KZfA.roa
File:                     8QpsFWQ-mASNPviVqcb5h0_KZfA.roa (raw, json)
Hash identifier:          yuJ6jVhrAM738gcRpgljdI4F7o7OIlZtS2V8chcyWLI=
Subject key identifier:   F1:0A:6C:15:64:3E:98:04:8D:3E:F8:95:A9:C6:F9:87:4F:CA:65:F0
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019363134F8654A213B6ACF9AA9ACF101183
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/8QpsFWQ-mASNPviVqcb5h0_KZfA.roa
Signing time:             Mon 25 Nov 2024 11:27:10 +0000
ROA not before:           Mon 25 Nov 2024 11:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        2a05:9080:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:13:4f:86:54:a2:13:b6:ac:f9:aa:9a:cf:10:11:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Nov 25 11:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f10a6c15643e98048d3ef895a9c6f9874fca65f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8b:ca:43:ba:02:ed:8b:1e:d1:4a:a7:d3:e9:
                    ed:d2:93:75:c2:24:f5:30:fc:26:1c:c1:c0:cd:f6:
                    ca:ca:00:25:f5:76:84:31:37:42:f8:fc:c2:f7:82:
                    a4:60:80:04:c5:46:79:f5:df:27:83:ad:be:a4:37:
                    34:f9:0b:49:93:fc:1d:ab:94:ea:e2:2d:3e:f8:e5:
                    79:57:4d:ad:4c:9f:1e:b5:2b:0e:39:24:24:ec:16:
                    35:ad:e9:9d:58:cc:0f:3d:d4:cb:ca:9c:b9:e8:a7:
                    a5:81:e7:d9:ab:e9:4b:a6:f7:be:e5:cc:94:c6:cc:
                    ed:c2:40:ca:60:30:61:8b:04:2e:b0:8d:0f:72:87:
                    c4:3f:3d:ba:18:ba:61:65:dc:72:a4:52:76:32:9f:
                    b3:f0:2f:90:91:6c:eb:30:56:80:a3:d2:6d:1c:f5:
                    97:46:8c:ca:60:49:77:15:b9:7d:51:69:b2:09:d9:
                    79:d7:d4:70:cf:9c:e9:49:c0:24:b7:f1:c8:6f:a9:
                    c2:ed:45:5f:13:35:83:f4:e8:29:e0:3e:c9:86:1d:
                    18:81:b5:fb:84:c3:e2:e3:51:c5:78:0a:b3:fe:00:
                    9a:bb:2f:dc:88:76:b9:62:01:9f:b0:a2:bf:8b:a9:
                    7b:3f:4a:3f:2c:ef:ad:8a:f4:df:23:73:0b:7c:e9:
                    c0:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:0A:6C:15:64:3E:98:04:8D:3E:F8:95:A9:C6:F9:87:4F:CA:65:F0
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/8QpsFWQ-mASNPviVqcb5h0_KZfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:f7:58:33:02:e2:32:c9:45:b8:0d:4c:3e:de:29:98:6f:0f:
         03:ca:2f:b3:f3:54:6e:cb:80:24:ba:14:28:21:c4:1b:ac:2c:
         3f:52:5d:bd:b3:07:da:55:99:08:39:b8:29:46:74:f0:59:6c:
         ac:80:12:28:05:6e:3f:dd:e8:27:ad:15:99:00:7d:f0:5e:95:
         ab:95:36:90:c1:b1:b0:89:32:d0:39:4b:0e:76:40:ed:86:c2:
         f9:10:e0:a0:c7:b0:8b:03:9a:b2:ad:d4:13:b7:ab:1f:d2:dd:
         b2:63:b3:e9:c9:f5:28:be:99:b9:82:5f:3b:03:71:33:3d:a8:
         2f:e4:a0:d4:7c:f9:e5:c5:8c:a0:2a:9f:2e:18:a1:47:de:3b:
         64:b2:9a:c7:2d:73:8a:b3:6a:8c:6c:3c:bc:3c:c6:6a:d6:14:
         ac:2e:8f:8c:76:35:b9:88:0c:60:0c:d7:4f:ed:3e:fc:1a:dd:
         cf:44:c1:ad:51:16:31:1c:7d:f2:ab:cf:ed:c6:61:17:d5:36:
         64:ad:0e:71:50:8e:8c:37:8f:1b:f5:b6:61:d0:82:1e:ed:f6:
         e2:dd:29:13:fa:4b:9a:11:ed:86:49:c6:1a:c1:26:68:f2:f9:
         d3:21:78:f8:1a:66:d2:4f:82:47:a9:79:d5:f4:50:f2:f8:79:
         07:c3:b3:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNjE0+GVKITtqz5qprPEBGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQxMTI1MTEyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTBhNmMxNTY0M2U5ODA0OGQzZWY4OTVhOWM2Zjk4NzRmY2E2NWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4vKQ7oC7Yse0Uqn0+nt0pN1wiT1
MPwmHMHAzfbKygAl9XaEMTdC+PzC94KkYIAExUZ59d8ng62+pDc0+QtJk/wdq5Tq
4i0++OV5V02tTJ8etSsOOSQk7BY1remdWMwPPdTLypy56KelgefZq+lLpve+5cyU
xsztwkDKYDBhiwQusI0PcofEPz26GLphZdxypFJ2Mp+z8C+QkWzrMFaAo9JtHPWX
RozKYEl3Fbl9UWmyCdl519Rwz5zpScAkt/HIb6nC7UVfEzWD9Ogp4D7Jhh0YgbX7
hMPi41HFeAqz/gCauy/ciHa5YgGfsKK/i6l7P0o/LO+tivTfI3MLfOnAcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPEKbBVkPpgEjT74lanG+YdPymXwMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvOFFwc0ZXUS1tQVNOUHZpVnFjYjVoMF9LWmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQA591gzAuIyyUW4DUw+3imYbw8Dyi+z81Ruy4Ak
uhQoIcQbrCw/Ul29swfaVZkIObgpRnTwWWysgBIoBW4/3egnrRWZAH3wXpWrlTaQ
wbGwiTLQOUsOdkDthsL5EOCgx7CLA5qyrdQTt6sf0t2yY7PpyfUovpm5gl87A3Ez
Pagv5KDUfPnlxYygKp8uGKFH3jtksprHLXOKs2qMbDy8PMZq1hSsLo+MdjW5iAxg
DNdP7T78Gt3PRMGtURYxHH3yq8/txmEX1TZkrQ5xUI6MN48b9bZh0IIe7fbi3SkT
+kuaEe2GScYawSZo8vnTIXj4GmbST4JHqXnV9FDy+HkHw7Nz
-----END CERTIFICATE-----