Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/J6g0w0pywcaziI6eog0qqmn5s2I.roa
File:                     J6g0w0pywcaziI6eog0qqmn5s2I.roa (raw, json)
Hash identifier:          ySbogk9hm8MBr7BGT9PDBsdXbanrXQPW3tdnh/+WFmg=
Subject key identifier:   27:A8:34:C3:4A:72:C1:C6:B3:88:8E:9E:A2:0D:2A:AA:69:F9:B3:62
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       018D9C618D7C17B75574B453F9CEFF4D79D6
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/J6g0w0pywcaziI6eog0qqmn5s2I.roa
Signing time:             Mon 12 Feb 2024 08:14:15 +0000
ROA not before:           Mon 12 Feb 2024 08:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42350
IP address blocks:        2a02:2000:3c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:61:8d:7c:17:b7:55:74:b4:53:f9:ce:ff:4d:79:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Feb 12 08:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27a834c34a72c1c6b3888e9ea20d2aaa69f9b362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1d:69:76:4a:32:d8:d4:01:ad:ac:35:43:ad:
                    3a:09:08:18:5e:92:95:19:96:55:53:66:04:37:75:
                    bf:d2:f3:c5:8d:14:fa:d6:58:87:85:02:aa:31:34:
                    c0:b9:bb:23:1e:eb:c7:c9:86:5c:20:0b:ba:60:65:
                    c0:6f:44:30:06:55:ce:38:c2:3f:e8:89:1d:ab:32:
                    3a:bb:a0:3f:b9:5d:32:7f:21:a9:6e:48:cf:a9:08:
                    a2:72:95:09:98:7b:19:a2:4b:22:e7:d9:94:a3:79:
                    51:b8:0b:54:e4:f8:b4:dd:73:f6:48:d2:22:6c:14:
                    3b:e5:1f:fa:74:21:c3:d6:3c:90:3f:fb:da:d9:e9:
                    18:19:12:6a:85:69:a6:4e:03:8b:02:57:ea:8f:a5:
                    20:d4:da:14:ed:4b:54:ef:00:63:d1:4e:58:1f:9c:
                    91:31:e1:c0:62:92:aa:cd:c0:05:cd:cf:43:28:e0:
                    50:cf:17:c3:b1:cf:32:a9:2a:1a:0e:ba:63:3e:d0:
                    92:a7:3b:5d:fc:41:e2:81:52:be:6a:5b:f3:56:37:
                    87:08:de:24:56:88:38:fa:b7:e5:ea:a7:9f:d4:41:
                    65:51:60:47:5f:82:5b:4b:37:64:51:32:2e:06:e7:
                    13:16:36:bf:35:68:23:bb:61:c6:60:bc:5d:b0:a0:
                    08:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:A8:34:C3:4A:72:C1:C6:B3:88:8E:9E:A2:0D:2A:AA:69:F9:B3:62
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/J6g0w0pywcaziI6eog0qqmn5s2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2000:3c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:01:9a:2b:b4:7f:da:1f:49:5e:65:84:6f:29:c6:c2:c7:de:
         1e:3c:d9:a9:0b:28:9d:11:ea:99:10:fb:f8:aa:29:9f:0b:66:
         f8:ce:23:9d:20:bb:b2:27:c8:b1:d9:04:2e:9e:9d:01:36:d0:
         be:e6:61:01:81:a6:68:48:c3:50:7d:85:ca:ac:c1:fc:1a:09:
         0d:9a:a7:fd:3c:72:bb:e6:94:f9:7b:2f:2e:9c:fc:a2:85:d3:
         3f:a2:24:7e:6e:ba:04:d5:8b:db:ff:c8:bc:9f:8b:1b:bb:43:
         22:29:1e:98:43:ae:77:ac:0e:b7:0b:0c:06:f8:5f:2d:a7:fb:
         9c:34:eb:6f:83:ed:7d:49:1e:f5:e4:be:b2:5c:e1:57:48:5a:
         1b:a9:8b:7e:79:cc:cf:81:dd:50:66:1c:58:f7:db:44:8f:1b:
         97:03:ad:6f:cb:a0:9a:b2:12:2e:45:f1:89:37:41:5b:c3:bf:
         69:39:70:95:12:fc:ee:67:2c:f3:96:1f:e9:71:c0:88:f1:00:
         ab:11:66:21:0d:ce:a5:75:87:cd:a6:3a:52:35:1e:bf:53:4d:
         c1:a2:1c:4e:2c:18:1e:ff:aa:4b:6c:8b:55:ac:0a:a8:e5:17:
         ca:d0:a9:4b:f9:e7:c3:0f:20:51:c0:f4:14:55:28:0d:f8:29:
         52:16:54:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2cYY18F7dVdLRT+c7/TXnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjQwMjEyMDgxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2E4MzRjMzRhNzJjMWM2YjM4ODhlOWVhMjBkMmFhYTY5ZjliMzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx1pdkoy2NQBraw1Q606CQgYXpKV
GZZVU2YEN3W/0vPFjRT61liHhQKqMTTAubsjHuvHyYZcIAu6YGXAb0QwBlXOOMI/
6IkdqzI6u6A/uV0yfyGpbkjPqQiicpUJmHsZoksi59mUo3lRuAtU5Pi03XP2SNIi
bBQ75R/6dCHD1jyQP/va2ekYGRJqhWmmTgOLAlfqj6Ug1NoU7UtU7wBj0U5YH5yR
MeHAYpKqzcAFzc9DKOBQzxfDsc8yqSoaDrpjPtCSpztd/EHigVK+alvzVjeHCN4k
Vog4+rfl6qef1EFlUWBHX4JbSzdkUTIuBucTFja/NWgju2HGYLxdsKAIbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCeoNMNKcsHGs4iOnqINKqpp+bNiMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvSjZnMHcwcHl3Y2F6aUk2ZW9nMHFxbW41czJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgAAPI
MA0GCSqGSIb3DQEBCwUAA4IBAQCvAZortH/aH0leZYRvKcbCx94ePNmpCyidEeqZ
EPv4qimfC2b4ziOdILuyJ8ix2QQunp0BNtC+5mEBgaZoSMNQfYXKrMH8GgkNmqf9
PHK75pT5ey8unPyihdM/oiR+broE1Yvb/8i8n4sbu0MiKR6YQ653rA63CwwG+F8t
p/ucNOtvg+19SR715L6yXOFXSFobqYt+eczPgd1QZhxY99tEjxuXA61vy6CashIu
RfGJN0Fbw79pOXCVEvzuZyzzlh/pccCI8QCrEWYhDc6ldYfNpjpSNR6/U03BohxO
LBge/6pLbItVrAqo5RfK0KlL+efDDyBRwPQUVSgN+ClSFlQs
-----END CERTIFICATE-----