Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/gZ9oLZODQExa-1h7FvLIwKjopto.roa
File:                     gZ9oLZODQExa-1h7FvLIwKjopto.roa (raw, json)
Hash identifier:          faxYqoNh5bC1mvxLiwnWiTTCqDEzQLlz/I3gocs6WJQ=
Subject key identifier:   81:9F:68:2D:93:83:40:4C:5A:FB:58:7B:16:F2:C8:C0:A8:E8:A6:DA
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       018D34C6AB63E4DDEF06CB12BC79AB037E0B
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/gZ9oLZODQExa-1h7FvLIwKjopto.roa
Signing time:             Tue 23 Jan 2024 05:24:11 +0000
ROA not before:           Tue 23 Jan 2024 05:24:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47705
IP address blocks:        2a02:2000:3c7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:34:c6:ab:63:e4:dd:ef:06:cb:12:bc:79:ab:03:7e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan 23 05:24:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=819f682d9383404c5afb587b16f2c8c0a8e8a6da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:99:5d:94:3d:65:bf:e7:ff:36:d2:be:e0:6b:
                    5c:ce:3d:9e:e9:af:ec:7a:d8:e9:6d:b4:90:b9:89:
                    3e:59:11:db:f0:12:17:3c:a0:91:51:51:31:ae:0d:
                    aa:19:74:0d:90:e8:ae:7f:80:3b:4a:13:01:1b:d5:
                    d7:5e:da:cb:80:50:67:51:97:dc:71:9e:c9:e4:c6:
                    90:75:84:aa:8f:b2:70:54:c3:e3:b0:14:11:da:33:
                    85:f9:3f:37:7e:8f:ed:5c:00:48:84:dc:7c:7a:25:
                    08:6b:08:99:63:45:ae:0e:62:43:3b:37:a9:2a:ee:
                    2e:5a:00:35:a4:64:72:3e:bf:4e:0b:28:9d:7a:8e:
                    70:d7:d7:2b:0b:83:21:dc:fd:df:92:7a:e8:10:48:
                    cf:9a:3b:95:e8:93:c5:33:33:76:49:d7:25:67:e7:
                    16:3a:4f:be:98:d1:95:30:c0:5e:30:0f:91:3f:05:
                    8a:d4:6c:04:cd:a8:51:21:8c:21:3a:50:51:40:69:
                    de:5c:a0:48:8e:c8:ba:d8:98:21:52:f9:c4:19:91:
                    da:f1:37:54:ea:b1:21:ec:12:d5:33:42:11:95:c8:
                    ff:6f:54:14:44:00:c6:56:18:c9:af:f4:00:7b:ec:
                    3e:f4:9e:97:9d:b1:d9:6d:89:34:35:79:22:db:a9:
                    c4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:9F:68:2D:93:83:40:4C:5A:FB:58:7B:16:F2:C8:C0:A8:E8:A6:DA
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/gZ9oLZODQExa-1h7FvLIwKjopto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2000:3c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:16:63:b0:6f:04:35:7f:e5:3e:a7:47:a7:c9:7a:26:41:b3:
         34:33:79:97:10:0a:56:b2:54:80:14:82:01:20:3a:7e:41:78:
         28:a1:73:7b:a1:cf:f4:68:91:39:cf:c3:f0:28:5d:25:61:08:
         84:df:c9:03:80:16:29:e1:e9:77:8d:10:03:42:8e:93:98:ff:
         d7:d9:3f:bf:f7:45:a5:2d:6f:29:8b:e8:c5:33:32:b5:c9:9f:
         b4:8a:67:11:d5:33:bf:e3:dd:01:91:08:b6:b2:cd:29:1a:c0:
         3f:b6:35:46:68:b5:ee:2a:98:a6:d6:85:a8:9f:83:05:20:5b:
         95:2e:1b:30:db:94:a1:65:ec:ca:5e:89:c2:e4:9a:4c:c9:c9:
         62:99:d8:75:79:39:f9:51:ad:2b:46:09:6e:6d:f3:82:33:14:
         c5:f2:74:de:8f:9b:d2:f7:77:05:d2:74:1b:9f:83:ef:95:3f:
         9f:eb:48:b7:e8:b3:9d:ab:b0:49:f9:84:5f:70:1e:2b:01:2b:
         f3:6a:a2:a4:22:b4:37:89:7e:d1:6c:11:a2:ba:31:b0:7b:e4:
         87:33:4f:2c:22:08:f2:44:00:c2:1a:e3:59:74:a8:db:23:31:
         ca:fc:2b:c3:1f:d7:8b:08:85:99:ec:60:07:c3:d4:08:f9:da:
         f2:b1:e3:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY00xqtj5N3vBssSvHmrA34LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjQwMTIzMDUyNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTlmNjgyZDkzODM0MDRjNWFmYjU4N2IxNmYyYzhjMGE4ZThhNmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupldlD1lv+f/NtK+4Gtczj2e6a/s
etjpbbSQuYk+WRHb8BIXPKCRUVExrg2qGXQNkOiuf4A7ShMBG9XXXtrLgFBnUZfc
cZ7J5MaQdYSqj7JwVMPjsBQR2jOF+T83fo/tXABIhNx8eiUIawiZY0WuDmJDOzep
Ku4uWgA1pGRyPr9OCyideo5w19crC4Mh3P3fknroEEjPmjuV6JPFMzN2SdclZ+cW
Ok++mNGVMMBeMA+RPwWK1GwEzahRIYwhOlBRQGneXKBIjsi62JghUvnEGZHa8TdU
6rEh7BLVM0IRlcj/b1QURADGVhjJr/QAe+w+9J6XnbHZbYk0NXki26nEwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIGfaC2Tg0BMWvtYexbyyMCo6KbaMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvZ1o5b0xaT0RRRXhhLTFoN0Z2TEl3S2pvcHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgAAPH
MA0GCSqGSIb3DQEBCwUAA4IBAQClFmOwbwQ1f+U+p0enyXomQbM0M3mXEApWslSA
FIIBIDp+QXgooXN7oc/0aJE5z8PwKF0lYQiE38kDgBYp4el3jRADQo6TmP/X2T+/
90WlLW8pi+jFMzK1yZ+0imcR1TO/490BkQi2ss0pGsA/tjVGaLXuKpim1oWon4MF
IFuVLhsw25ShZezKXonC5JpMyclimdh1eTn5Ua0rRglubfOCMxTF8nTej5vS93cF
0nQbn4PvlT+f60i36LOdq7BJ+YRfcB4rASvzaqKkIrQ3iX7RbBGiujGwe+SHM08s
IgjyRADCGuNZdKjbIzHK/CvDH9eLCIWZ7GAHw9QI+dryseNY
-----END CERTIFICATE-----