Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/1-MNydKrfUJx8AEKpG5OnEl7dMvI.roa
File:                     1-MNydKrfUJx8AEKpG5OnEl7dMvI.roa (raw, json)
Hash identifier:          NKifk6SXh8lxyh84LhRB0Int5nlsj/4a9NNcFZ7aGRw=
Subject key identifier:   F8:C3:72:74:AA:DF:50:9C:7C:00:42:A9:1B:93:A7:12:5E:DD:32:F2
Certificate issuer:       /CN=dfb8ff2f3a0bfc41eadc18af9e52acd100524149
Certificate serial:       018CC6B91E1243702710E2746B0D7045BD47
Authority key identifier: DF:B8:FF:2F:3A:0B:FC:41:EA:DC:18:AF:9E:52:AC:D1:00:52:41:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/1-MNydKrfUJx8AEKpG5OnEl7dMvI.roa
Signing time:             Mon 01 Jan 2024 20:31:09 +0000
ROA not before:           Mon 01 Jan 2024 20:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0a:2b00:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1e:12:43:70:27:10:e2:74:6b:0d:70:45:bd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb8ff2f3a0bfc41eadc18af9e52acd100524149
        Validity
            Not Before: Jan  1 20:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8c37274aadf509c7c0042a91b93a7125edd32f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e1:30:fc:32:33:94:ab:42:b3:8a:c4:4b:27:
                    3f:8a:b3:86:c3:27:2a:fc:71:ba:2a:e3:6d:bb:af:
                    51:cf:b9:a3:23:53:10:f4:b6:6d:dd:c1:99:0f:5b:
                    06:68:47:9d:84:4e:42:41:9e:9c:00:56:18:0f:43:
                    b3:bd:1b:b8:2b:9a:c3:4e:38:54:05:f1:36:03:28:
                    58:a6:6c:45:ac:e7:67:b6:51:71:07:43:11:48:eb:
                    a3:b6:8e:17:c7:c9:e1:fb:9c:11:b3:e1:09:e0:43:
                    bd:f2:0e:78:58:5a:c9:27:ab:7b:b6:7f:8f:f3:ae:
                    a2:10:e0:f6:66:0e:a4:ca:bc:47:2e:21:72:32:ae:
                    14:09:02:bb:86:aa:71:dd:bf:93:2e:6a:ee:47:59:
                    72:28:1a:6a:2f:0b:2c:3c:26:b2:a5:46:2a:76:2e:
                    57:c0:8b:28:8a:92:9c:7d:b0:72:cd:0e:a7:52:33:
                    5d:87:1c:2e:b2:29:85:80:e2:48:6c:0b:11:a3:63:
                    ea:eb:6d:51:ba:76:9a:72:40:57:9d:86:a3:77:d8:
                    c9:6b:3a:9f:cd:70:73:8f:5a:de:27:bd:5d:be:6b:
                    0d:56:02:0b:69:62:e9:9c:d5:fd:cd:0c:95:37:38:
                    13:00:66:db:b8:f9:e8:1f:ad:a7:f6:ae:ed:1b:64:
                    67:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C3:72:74:AA:DF:50:9C:7C:00:42:A9:1B:93:A7:12:5E:DD:32:F2
            X509v3 Authority Key Identifier:
                keyid:DF:B8:FF:2F:3A:0B:FC:41:EA:DC:18:AF:9E:52:AC:D1:00:52:41:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37j_LzoL_EHq3BivnlKs0QBSQUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/1-MNydKrfUJx8AEKpG5OnEl7dMvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/6b87af-a212-480d-a4d4-a3df3b69ce5a/1/37j_LzoL_EHq3BivnlKs0QBSQUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2b00:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:a1:93:e2:50:12:94:01:59:62:d5:9e:c7:8f:6c:b1:18:97:
         4b:5e:76:0e:66:01:63:10:ea:63:a6:cf:97:ac:e5:49:74:af:
         5e:03:9d:53:18:83:6b:dd:49:25:47:6a:94:e3:2e:a8:5a:72:
         ec:4e:53:44:08:81:f5:f8:c5:d1:58:cc:d6:04:5d:30:e8:e7:
         da:ec:67:ec:ee:dd:84:74:8e:25:94:e1:24:d3:ca:21:18:c5:
         fd:e5:1f:57:f1:b7:3b:7f:b8:99:97:9c:d3:a1:51:23:94:b8:
         f7:91:b2:43:41:b0:1a:f0:21:46:85:b7:57:a9:80:21:ae:48:
         29:a9:48:80:58:36:38:f7:6d:8e:ab:c6:bb:cc:80:3f:63:c7:
         96:80:ad:55:2d:cd:dc:68:9e:ed:42:d1:87:cd:47:12:a3:59:
         20:ba:95:5c:1b:10:6a:ec:c7:5a:6a:18:b7:ee:58:9a:c5:4b:
         56:e4:1f:e8:03:71:f8:c2:60:0d:97:1a:45:73:db:24:0c:ff:
         10:83:fc:a6:bf:db:5b:a2:ca:63:d2:05:fd:ea:62:70:b1:0a:
         91:76:92:0f:b1:ca:9c:94:be:fb:4d:64:44:55:13:27:24:71:
         6a:55:79:c4:6e:ac:9b:95:74:54:1b:a9:3a:54:0d:9b:c6:91:
         15:f1:39:18
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzGuR4SQ3AnEOJ0aw1wRb1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjhmZjJmM2EwYmZjNDFlYWRjMThhZjllNTJhY2QxMDA1
MjQxNDkwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGMzNzI3NGFhZGY1MDljN2MwMDQyYTkxYjkzYTcxMjVlZGQzMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguEw/DIzlKtCs4rESyc/irOGwycq
/HG6KuNtu69Rz7mjI1MQ9LZt3cGZD1sGaEedhE5CQZ6cAFYYD0OzvRu4K5rDTjhU
BfE2AyhYpmxFrOdntlFxB0MRSOujto4Xx8nh+5wRs+EJ4EO98g54WFrJJ6t7tn+P
866iEOD2Zg6kyrxHLiFyMq4UCQK7hqpx3b+TLmruR1lyKBpqLwssPCaypUYqdi5X
wIsoipKcfbByzQ6nUjNdhxwusimFgOJIbAsRo2Pq621RunaackBXnYajd9jJazqf
zXBzj1reJ71dvmsNVgILaWLpnNX9zQyVNzgTAGbbuPnoH62n9q7tG2Rn+QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPjDcnSq31CcfABCqRuTpxJe3TLyMB8GA1UdIwQY
MBaAFN+4/y86C/xB6twYr55SrNEAUkFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdqX0x6b0xfRUhxM0Jpdm5sS3MwUUJTUVVrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82Yjg3YWYtYTIxMi00ODBkLWE0ZDQt
YTNkZjNiNjljZTVhLzEvMS1NTnlkS3JmVUp4OEFFS3BHNU9uRWw3ZE12SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGQvNmI4N2FmLWEyMTItNDgwZC1hNGQ0LWEzZGYzYjY5Y2U1
YS8xLzM3al9Mem9MX0VIcTNCaXZubEtzMFFCU1FVay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoKKwAA
IDANBgkqhkiG9w0BAQsFAAOCAQEAY6GT4lASlAFZYtWex49ssRiXS152DmYBYxDq
Y6bPl6zlSXSvXgOdUxiDa91JJUdqlOMuqFpy7E5TRAiB9fjF0VjM1gRdMOjn2uxn
7O7dhHSOJZThJNPKIRjF/eUfV/G3O3+4mZec06FRI5S495GyQ0GwGvAhRoW3V6mA
Ia5IKalIgFg2OPdtjqvGu8yAP2PHloCtVS3N3Gie7ULRh81HEqNZILqVXBsQauzH
WmoYt+5YmsVLVuQf6ANx+MJgDZcaRXPbJAz/EIP8pr/bW6LKY9IF/epicLEKkXaS
D7HKnJS++01kRFUTJyRxalV5xG6sm5V0VBupOlQNm8aRFfE5GA==
-----END CERTIFICATE-----