Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/FEmNV6RCXEyXSd2kVJ8L786goBY.roa
File:                     FEmNV6RCXEyXSd2kVJ8L786goBY.roa (raw, json)
Hash identifier:          bb6RMCGc4tJgnUSuQIuxYAR34DxEQ6c3anZt6NKD4o4=
Subject key identifier:   14:49:8D:57:A4:42:5C:4C:97:49:DD:A4:54:9F:0B:EF:CE:A0:A0:16
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF8A8C787E0ABCBBC1296A5B0A953
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/FEmNV6RCXEyXSd2kVJ8L786goBY.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210769
IP address blocks:        2a0f:607:1300::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f8:a8:c7:87:e0:ab:cb:bc:12:96:a5:b0:a9:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14498d57a4425c4c9749dda4549f0befcea0a016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7c:f0:cd:22:77:9b:d6:be:41:49:f2:88:3c:
                    e6:70:cf:fd:51:cb:a7:af:2a:ae:da:ac:fa:45:e9:
                    92:54:fb:73:0f:c5:d5:80:b5:1f:5a:e9:ea:1b:bd:
                    92:f4:cc:9c:50:57:13:a2:95:47:1e:2d:51:84:c2:
                    fb:48:54:c6:cc:63:a6:24:8e:b3:0e:ff:cb:a2:c5:
                    fa:2e:0a:c8:5c:e4:9c:fa:d5:b5:5b:7d:b5:00:2c:
                    14:c3:23:d8:4e:a8:0d:f7:1e:a0:f6:58:f9:18:48:
                    89:14:e3:ee:26:a0:42:0f:54:09:d7:8f:d0:d5:35:
                    73:a7:96:99:9a:51:ed:4a:dd:62:c0:a5:46:d2:f0:
                    a2:00:2e:ba:bf:bd:fa:8c:e7:c4:9e:54:b8:2f:16:
                    00:34:ec:5c:99:4b:d9:05:27:79:76:c2:0d:bd:c9:
                    40:6e:1c:16:4a:68:2a:7b:ce:52:5f:fe:1b:7b:72:
                    4a:42:cc:3d:38:d1:22:2f:00:fa:c0:c0:9c:68:a8:
                    8e:ca:7d:3d:b4:61:94:57:f9:a2:b7:4d:18:eb:c0:
                    3f:98:72:e0:a9:e5:f9:69:34:c7:32:d3:19:1d:82:
                    6c:18:16:34:57:a5:32:c4:34:09:ed:ab:a9:28:3d:
                    af:1a:51:13:e6:bd:84:97:cc:56:71:04:e0:85:5f:
                    19:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:49:8D:57:A4:42:5C:4C:97:49:DD:A4:54:9F:0B:EF:CE:A0:A0:16
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/FEmNV6RCXEyXSd2kVJ8L786goBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1300::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:c5:25:9b:6c:dd:09:40:5e:88:7d:35:6c:a2:58:f2:05:c1:
         ba:5e:8f:6e:86:ce:fe:77:15:54:f4:3f:e2:90:6a:5b:14:62:
         48:96:57:b2:21:62:23:61:2f:84:3a:f6:15:bc:04:7b:2a:18:
         90:f6:51:bf:49:fd:0c:e1:4f:b9:23:f2:93:29:3a:f1:24:c0:
         2f:78:c2:4f:56:9b:c8:20:76:77:e9:1b:f0:fe:05:37:26:45:
         7a:d6:80:1a:19:70:7c:9f:be:15:71:f9:13:fa:49:06:a5:79:
         0b:32:af:a0:62:b9:81:9f:99:6d:d2:2f:4d:90:e9:b1:48:49:
         63:0c:83:40:fb:a7:60:7e:c0:df:25:c7:9d:0c:de:f9:c7:7b:
         e7:76:a0:3b:83:04:17:33:3f:0d:a2:ed:a6:12:68:4c:57:83:
         55:3c:e6:ba:80:d7:d0:44:d4:f1:68:15:65:63:59:6b:25:be:
         30:7e:1a:27:64:76:62:a4:55:b2:bd:4d:da:cc:a9:d7:21:2a:
         e0:72:39:fc:a8:9c:12:f0:d0:fc:f6:96:80:40:f1:f5:5c:72:
         01:f8:f3:5d:88:5e:d5:1f:f5:cf:b5:d3:09:5a:03:c1:17:9f:
         37:08:d1:05:3a:3c:d9:54:28:17:95:2b:eb:7c:c7:f9:e8:26:
         8b:56:70:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3Piox4fgq8u8EpalsKlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ5OGQ1N2E0NDI1YzRjOTc0OWRkYTQ1NDlmMGJlZmNlYTBhMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknzwzSJ3m9a+QUnyiDzmcM/9Ucun
ryqu2qz6RemSVPtzD8XVgLUfWunqG72S9MycUFcTopVHHi1RhML7SFTGzGOmJI6z
Dv/LosX6LgrIXOSc+tW1W321ACwUwyPYTqgN9x6g9lj5GEiJFOPuJqBCD1QJ14/Q
1TVzp5aZmlHtSt1iwKVG0vCiAC66v736jOfEnlS4LxYANOxcmUvZBSd5dsINvclA
bhwWSmgqe85SX/4be3JKQsw9ONEiLwD6wMCcaKiOyn09tGGUV/mit00Y68A/mHLg
qeX5aTTHMtMZHYJsGBY0V6UyxDQJ7aupKD2vGlET5r2El8xWcQTghV8ZvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBRJjVekQlxMl0ndpFSfC+/OoKAWMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvRkVtTlY2UkNYRXlYU2Qya1ZKOEw3ODZnb0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxMA
MA0GCSqGSIb3DQEBCwUAA4IBAQBzxSWbbN0JQF6IfTVsoljyBcG6Xo9uhs7+dxVU
9D/ikGpbFGJIlleyIWIjYS+EOvYVvAR7KhiQ9lG/Sf0M4U+5I/KTKTrxJMAveMJP
VpvIIHZ36Rvw/gU3JkV61oAaGXB8n74VcfkT+kkGpXkLMq+gYrmBn5lt0i9NkOmx
SEljDINA+6dgfsDfJcedDN75x3vndqA7gwQXMz8Nou2mEmhMV4NVPOa6gNfQRNTx
aBVlY1lrJb4wfhonZHZipFWyvU3azKnXISrgcjn8qJwS8ND89paAQPH1XHIB+PNd
iF7VH/XPtdMJWgPBF583CNEFOjzZVCgXlSvrfMf56CaLVnDP
-----END CERTIFICATE-----