Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/l7IlR1DeKDBgMdzXroAqSH9LkCg.roa
File:                     l7IlR1DeKDBgMdzXroAqSH9LkCg.roa (raw, json)
Hash identifier:          rSsu8fDAHSVlx9DwiQwF93j+Fz+wTO/h3Bm+MaN+Jsg=
Subject key identifier:   97:B2:25:47:50:DE:28:30:60:31:DC:D7:AE:80:2A:48:7F:4B:90:28
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B45BB0A8247F5F8A754E47BAAABBB
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/l7IlR1DeKDBgMdzXroAqSH9LkCg.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150296
IP address blocks:        2a0f:7880:202::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:45:bb:0a:82:47:f5:f8:a7:54:e4:7b:aa:ab:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97b2254750de28306031dcd7ae802a487f4b9028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ce:3c:11:8e:82:af:6c:e6:66:a2:4a:a3:0a:
                    36:f9:02:a1:53:3c:9e:66:76:5b:3e:d1:1c:90:9f:
                    b9:da:3e:48:b2:b6:f1:ab:11:56:8f:81:a8:ff:b3:
                    48:5c:87:0d:1c:80:40:d0:11:ba:84:0a:c9:6a:e0:
                    1b:23:d3:96:73:d1:10:e5:81:a6:4e:46:7b:d8:e2:
                    aa:48:05:60:18:c3:a6:9f:90:28:df:fc:7e:ab:cb:
                    82:5b:89:ad:79:3a:b9:04:96:9f:16:45:0d:75:a0:
                    a0:c8:c7:6c:b1:0a:31:9b:ee:d7:b7:d9:38:7c:84:
                    20:3c:2f:00:2a:70:f8:1f:55:19:8a:ff:7f:da:7c:
                    db:85:db:01:8b:a1:a4:af:6f:56:50:ab:69:5c:12:
                    52:16:61:fc:b9:e8:b5:ed:81:a7:f0:f4:9d:72:fe:
                    c1:94:49:fa:f7:19:ea:fe:30:53:65:8e:17:d9:e9:
                    c0:1e:6d:34:f9:b6:7d:7c:d0:2f:a5:6e:2f:a7:f2:
                    82:48:9f:82:5b:e3:0e:c5:44:a7:3f:83:b8:22:b5:
                    98:40:aa:2f:72:b5:10:4f:1f:8e:aa:c1:2d:5c:e1:
                    06:3d:98:d0:12:9f:46:61:0b:65:94:99:26:9a:6e:
                    1e:3f:04:79:b9:00:f2:f6:64:14:0a:be:91:22:37:
                    69:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B2:25:47:50:DE:28:30:60:31:DC:D7:AE:80:2A:48:7F:4B:90:28
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/l7IlR1DeKDBgMdzXroAqSH9LkCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7880:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:4f:91:dc:31:1c:dd:d2:33:89:c2:12:80:49:79:d7:a9:90:
         b3:d0:7a:bb:9f:d6:16:a5:f8:5e:63:36:dc:ac:63:46:29:18:
         b8:fd:37:70:0e:ab:40:54:c0:31:97:ce:f0:da:f8:81:ca:43:
         98:1b:91:43:36:fb:c8:63:6a:e0:5f:6c:8e:a5:24:b0:5b:76:
         c7:6b:a7:ab:6c:39:94:42:71:12:88:8b:d3:d8:61:bb:bc:c9:
         69:da:29:47:9b:0a:c3:be:bd:e5:c9:02:a2:01:ef:df:6c:29:
         76:f5:b1:52:5a:7d:8e:4b:eb:0d:08:fd:38:12:1c:ca:70:06:
         3f:11:0a:3a:2c:df:0c:a3:ef:79:b8:2b:6e:8b:48:87:16:30:
         45:91:7f:e9:01:80:3c:a8:30:37:00:0a:0e:35:02:7e:cb:d5:
         34:0f:b7:75:7d:26:ec:b7:b9:66:e7:c1:45:e8:eb:86:c9:12:
         9a:6e:50:f0:a8:07:99:81:c7:aa:57:b5:d6:7e:3b:d8:04:bb:
         ed:95:d0:d8:8b:18:3b:eb:5c:fb:98:0f:77:c4:d7:9f:3a:73:
         11:0c:6d:c2:0d:d8:26:f4:3b:0d:a0:88:35:11:74:48:f0:fb:
         50:5a:7d:2c:b6:4a:50:26:3f:6b:ed:0f:ce:af:47:6c:ca:dd:
         1c:d3:13:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK0W7CoJH9finVOR7qqu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2IyMjU0NzUwZGUyODMwNjAzMWRjZDdhZTgwMmE0ODdmNGI5MDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwM48EY6Cr2zmZqJKowo2+QKhUzye
ZnZbPtEckJ+52j5IsrbxqxFWj4Go/7NIXIcNHIBA0BG6hArJauAbI9OWc9EQ5YGm
TkZ72OKqSAVgGMOmn5Ao3/x+q8uCW4mteTq5BJafFkUNdaCgyMdssQoxm+7Xt9k4
fIQgPC8AKnD4H1UZiv9/2nzbhdsBi6Gkr29WUKtpXBJSFmH8uei17YGn8PSdcv7B
lEn69xnq/jBTZY4X2enAHm00+bZ9fNAvpW4vp/KCSJ+CW+MOxUSnP4O4IrWYQKov
crUQTx+OqsEtXOEGPZjQEp9GYQtllJkmmm4ePwR5uQDy9mQUCr6RIjdpmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJeyJUdQ3igwYDHc166AKkh/S5AoMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvbDdJbFIxRGVLREJnTWR6WHJvQXFTSDlMa0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94gAIC
MA0GCSqGSIb3DQEBCwUAA4IBAQAZT5HcMRzd0jOJwhKASXnXqZCz0Hq7n9YWpfhe
YzbcrGNGKRi4/TdwDqtAVMAxl87w2viBykOYG5FDNvvIY2rgX2yOpSSwW3bHa6er
bDmUQnESiIvT2GG7vMlp2ilHmwrDvr3lyQKiAe/fbCl29bFSWn2OS+sNCP04EhzK
cAY/EQo6LN8Mo+95uCtui0iHFjBFkX/pAYA8qDA3AAoONQJ+y9U0D7d1fSbst7lm
58FF6OuGyRKablDwqAeZgceqV7XWfjvYBLvtldDYixg761z7mA93xNefOnMRDG3C
Ddgm9DsNoIg1EXRI8PtQWn0stkpQJj9r7Q/Or0dsyt0c0xMh
-----END CERTIFICATE-----