Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/My4AjSIjL6XG2ko3xj8GECvD3q8.roa
File:                     My4AjSIjL6XG2ko3xj8GECvD3q8.roa (raw, json)
Hash identifier:          936pUQx9uw/KBzn1BPdYkG0NDFD6BOsajwBE2iUyo2s=
Subject key identifier:   33:2E:00:8D:22:23:2F:A5:C6:DA:4A:37:C6:3F:06:10:2B:C3:DE:AF
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE5B89CBA69D81C6118A97A7AD06C
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/My4AjSIjL6XG2ko3xj8GECvD3q8.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201697
IP address blocks:        2a00:f826:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 23:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e5:b8:9c:ba:69:d8:1c:61:18:a9:7a:7a:d0:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=332e008d22232fa5c6da4a37c63f06102bc3deaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:dc:29:ae:bc:fb:26:93:1d:d4:cb:f6:54:ab:
                    50:5d:e7:bd:13:04:d7:ce:86:a4:2d:eb:8c:3b:36:
                    49:36:43:ff:4a:c8:57:be:88:d2:76:3a:26:d1:d3:
                    ec:10:44:f0:1f:08:b3:93:dd:07:3a:b0:78:2d:1e:
                    ed:e2:6a:10:1c:61:4c:80:e5:ab:dd:0a:33:b8:0f:
                    3e:83:9b:a9:85:0e:58:3a:71:98:6a:83:03:c3:13:
                    4d:13:2d:e3:60:97:67:33:84:6c:ca:ca:79:9c:de:
                    13:90:eb:87:7f:44:40:09:3c:54:a2:39:58:75:0d:
                    95:61:cb:43:26:f1:6b:15:58:fc:bc:51:59:82:58:
                    11:9b:53:a4:ad:60:25:a1:7f:99:36:4b:4c:53:93:
                    9d:7e:b1:ac:fb:40:79:f9:7f:e0:82:cb:0a:ea:51:
                    56:38:83:09:9b:04:c1:19:0e:66:e5:15:62:1a:2e:
                    0b:54:d0:c8:d4:25:c9:19:00:8b:1c:49:de:40:2a:
                    46:9d:be:83:7b:00:02:c9:f1:4b:31:a7:9d:02:4d:
                    fa:fa:4e:e4:f5:c3:be:7c:ef:44:42:39:e3:3f:ff:
                    50:ec:95:25:1b:33:5d:3b:68:57:00:a5:96:a0:dd:
                    e6:05:af:5c:c0:1e:41:d4:bb:8a:fe:98:e6:e8:46:
                    c9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:2E:00:8D:22:23:2F:A5:C6:DA:4A:37:C6:3F:06:10:2B:C3:DE:AF
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/My4AjSIjL6XG2ko3xj8GECvD3q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f826:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:f7:f0:c2:fe:07:78:8f:8d:01:24:a0:af:68:50:41:37:21:
         78:44:43:8f:50:f9:06:fa:d2:dc:b6:97:cf:ae:44:9a:ce:d1:
         b3:1f:82:58:c0:da:08:c0:ff:86:05:28:34:8d:6f:12:ea:f4:
         ea:cb:d0:64:70:39:6f:f8:3d:58:d2:68:77:29:fc:2e:c0:e8:
         bf:d8:08:2a:ad:1b:70:e2:50:75:3b:0b:21:e9:97:63:34:f1:
         4d:86:50:c8:ff:41:01:f5:2b:16:ba:4d:49:f0:6e:f6:7c:85:
         94:f6:e8:5b:4e:d3:a5:06:2e:eb:c8:8e:47:33:57:12:d0:e3:
         d0:79:e6:f4:15:bd:aa:ad:97:dc:09:94:12:1a:f9:e8:5b:fe:
         aa:8b:80:16:bf:75:c6:18:f7:d7:d7:9f:42:fd:50:15:0d:9c:
         02:e6:d5:28:f5:d7:6e:c3:23:b7:59:6f:a4:a2:8e:80:dd:08:
         29:54:f5:74:e9:9b:5f:b2:fb:85:55:b0:19:a1:ba:5a:a2:09:
         87:4d:2c:fe:cf:b5:11:0f:fd:6f:82:cd:76:f7:9e:d6:d0:a9:
         eb:45:67:30:33:21:91:ca:67:9c:3f:9b:e3:18:45:c9:f1:4d:
         fe:89:42:b7:9d:ff:df:63:ef:6c:54:8b:5f:e3:a1:79:7c:98:
         f0:d3:bb:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSuW4nLpp2BxhGKl6etBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzJlMDA4ZDIyMjMyZmE1YzZkYTRhMzdjNjNmMDYxMDJiYzNkZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNwprrz7JpMd1Mv2VKtQXee9EwTX
zoakLeuMOzZJNkP/SshXvojSdjom0dPsEETwHwizk90HOrB4LR7t4moQHGFMgOWr
3QozuA8+g5uphQ5YOnGYaoMDwxNNEy3jYJdnM4Rsysp5nN4TkOuHf0RACTxUojlY
dQ2VYctDJvFrFVj8vFFZglgRm1OkrWAloX+ZNktMU5OdfrGs+0B5+X/ggssK6lFW
OIMJmwTBGQ5m5RViGi4LVNDI1CXJGQCLHEneQCpGnb6DewACyfFLMaedAk36+k7k
9cO+fO9EQjnjP/9Q7JUlGzNdO2hXAKWWoN3mBa9cwB5B1LuK/pjm6EbJcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDMuAI0iIy+lxtpKN8Y/BhArw96vMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvTXk0QWpTSWpMNlhHMmtvM3hqOEdFQ3ZEM3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD4JgAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAB9/DC/gd4j40BJKCvaFBBNyF4REOPUPkG+tLc
tpfPrkSaztGzH4JYwNoIwP+GBSg0jW8S6vTqy9BkcDlv+D1Y0mh3KfwuwOi/2Agq
rRtw4lB1Owsh6ZdjNPFNhlDI/0EB9SsWuk1J8G72fIWU9uhbTtOlBi7ryI5HM1cS
0OPQeeb0Fb2qrZfcCZQSGvnoW/6qi4AWv3XGGPfX159C/VAVDZwC5tUo9dduwyO3
WW+koo6A3QgpVPV06ZtfsvuFVbAZobpaogmHTSz+z7URD/1vgs12957W0KnrRWcw
MyGRymecP5vjGEXJ8U3+iUK3nf/fY+9sVItf46F5fJjw07ti
-----END CERTIFICATE-----