Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/PzCEDVVQM0jV3R9673QD9zL5hm4.roa
File:                     PzCEDVVQM0jV3R9673QD9zL5hm4.roa (raw, json)
Hash identifier:          lYdWLRU+F1cNeQ/EQokR1DQF+RO63nAHXzLyOhnuAz0=
Subject key identifier:   3F:30:84:0D:55:50:33:48:D5:DD:1F:7A:EF:74:03:F7:32:F9:86:6E
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       018CC64B8449B7C35E4E700C16A2FF45472D
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/PzCEDVVQM0jV3R9673QD9zL5hm4.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50716
IP address blocks:        2a00:d8c0:100::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:84:49:b7:c3:5e:4e:70:0c:16:a2:ff:45:47:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f30840d55503348d5dd1f7aef7403f732f9866e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c0:66:c3:19:2c:f9:56:ea:2d:12:02:59:92:
                    0d:98:6a:f9:de:da:8f:ab:24:be:bb:91:00:59:00:
                    7c:66:32:17:96:e7:cc:16:e1:c2:98:94:6f:3e:09:
                    65:ab:79:58:27:9c:80:a0:11:0d:8a:e8:86:54:36:
                    e7:cd:1b:00:ce:48:98:40:a4:25:59:7b:6d:8d:00:
                    28:5d:fd:5f:36:6a:67:67:80:05:87:10:0d:61:6f:
                    ea:f9:dc:ca:ad:ab:e8:1a:0f:0b:2b:f5:b6:99:e9:
                    18:c8:be:b2:80:c9:29:0a:e9:77:46:08:1c:89:60:
                    fd:7a:e6:a1:e1:95:5b:4c:47:6f:8a:4e:7a:21:6f:
                    b7:da:46:47:e8:b4:68:84:19:a4:20:e4:14:20:08:
                    1a:a0:d1:d0:e6:ed:b7:ba:8b:a8:01:4c:65:c2:93:
                    ba:0f:ed:12:8a:67:ff:c1:62:89:69:25:68:bf:df:
                    8e:d4:23:a3:0e:3c:17:28:63:27:f7:4f:85:dd:28:
                    dd:04:04:76:5a:d4:91:47:bb:c3:83:f3:e1:2e:ac:
                    43:d6:2f:bd:00:20:d3:b0:bf:dc:57:13:ad:70:ac:
                    36:a9:f7:33:bb:97:da:52:bf:e9:0b:de:22:9b:b7:
                    96:d1:86:ff:24:51:20:7a:86:e5:10:22:ba:fd:fc:
                    c6:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:30:84:0D:55:50:33:48:D5:DD:1F:7A:EF:74:03:F7:32:F9:86:6E
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/PzCEDVVQM0jV3R9673QD9zL5hm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:d8c0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:44:17:cf:41:16:75:31:12:8e:cb:cd:b6:f0:8e:9a:2b:d9:
         79:91:16:e3:9b:1b:6d:16:29:a3:e5:cb:b0:80:a8:ef:d4:19:
         42:1e:1d:ef:cc:d2:6f:f9:a6:8a:4f:bb:61:f5:fc:26:5a:b9:
         33:31:23:c3:8c:41:a2:e7:5d:76:a5:7b:d6:97:97:03:ea:9f:
         e5:47:29:4d:4f:59:52:cd:fc:f6:76:0c:73:da:e9:b5:b2:f3:
         67:27:9f:f5:e5:93:52:77:40:53:d5:9f:67:85:8d:37:6b:8b:
         cc:16:da:8a:8e:8d:05:0d:4c:29:2e:8b:d2:6a:b3:55:56:4d:
         be:3b:15:84:39:ae:84:89:9b:cb:71:b6:64:dc:31:4f:8f:95:
         af:14:c2:52:3f:f2:b0:68:ff:c9:79:3a:42:a1:4a:71:10:b8:
         3a:53:48:9a:98:3c:32:7a:c1:f6:ae:6c:3d:33:81:eb:76:1b:
         17:59:db:96:44:a3:d0:1d:da:df:fb:48:9e:69:05:e2:35:80:
         39:7e:16:96:03:da:44:42:0d:1f:8b:3f:b5:ed:c0:83:ea:c3:
         02:10:be:c1:dc:9a:7e:c9:57:c6:72:6a:5a:a6:db:5b:55:8f:
         84:69:a3:55:60:f8:81:81:ab:99:b9:c2:de:d5:a4:22:f4:ea:
         cd:fd:5a:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS4RJt8NeTnAMFqL/RUctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjMwODQwZDU1NTAzMzQ4ZDVkZDFmN2FlZjc0MDNmNzMyZjk4NjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksBmwxks+VbqLRICWZINmGr53tqP
qyS+u5EAWQB8ZjIXlufMFuHCmJRvPgllq3lYJ5yAoBENiuiGVDbnzRsAzkiYQKQl
WXttjQAoXf1fNmpnZ4AFhxANYW/q+dzKravoGg8LK/W2mekYyL6ygMkpCul3Rggc
iWD9euah4ZVbTEdvik56IW+32kZH6LRohBmkIOQUIAgaoNHQ5u23uouoAUxlwpO6
D+0Simf/wWKJaSVov9+O1COjDjwXKGMn90+F3SjdBAR2WtSRR7vDg/PhLqxD1i+9
ACDTsL/cVxOtcKw2qfczu5faUr/pC94im7eW0Yb/JFEgeoblECK6/fzGkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD8whA1VUDNI1d0feu90A/cy+YZuMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvUHpDRURWVlFNMGpWM1I5NjczUUQ5ekw1aG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgDYwAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBXRBfPQRZ1MRKOy8228I6aK9l5kRbjmxttFimj
5cuwgKjv1BlCHh3vzNJv+aaKT7th9fwmWrkzMSPDjEGi5112pXvWl5cD6p/lRylN
T1lSzfz2dgxz2um1svNnJ5/15ZNSd0BT1Z9nhY03a4vMFtqKjo0FDUwpLovSarNV
Vk2+OxWEOa6EiZvLcbZk3DFPj5WvFMJSP/KwaP/JeTpCoUpxELg6U0iamDwyesH2
rmw9M4HrdhsXWduWRKPQHdrf+0ieaQXiNYA5fhaWA9pEQg0fiz+17cCD6sMCEL7B
3Jp+yVfGcmpapttbVY+EaaNVYPiBgauZucLe1aQi9OrN/VrX
-----END CERTIFICATE-----