Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/vGkEDVUMglLHCeOfl48u2SD3O1Y.roa
File:                     vGkEDVUMglLHCeOfl48u2SD3O1Y.roa (raw, json)
Hash identifier:          lwlMx3N3RCbnqu9YVukfJmBGhmRFC8KhC5V8fRnHgsM=
Subject key identifier:   BC:69:04:0D:55:0C:82:52:C7:09:E3:9F:97:8F:2E:D9:20:F7:3B:56
Certificate issuer:       /CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
Certificate serial:       018CC8DF9F05EC4BCCDA22B2B770969457AB
Authority key identifier: B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/vGkEDVUMglLHCeOfl48u2SD3O1Y.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50384
IP address blocks:        2a00:1b30::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9f:05:ec:4b:cc:da:22:b2:b7:70:96:94:57:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc69040d550c8252c709e39f978f2ed920f73b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:89:bf:f0:f1:59:f6:e7:3b:d1:89:a4:63:58:
                    5e:a0:82:89:94:25:a5:70:bd:e3:17:a8:58:5a:be:
                    46:87:e7:f4:d7:01:27:14:b6:68:96:1d:e9:37:4f:
                    68:d5:ad:f6:34:68:ba:58:03:c2:3b:43:94:59:36:
                    d0:47:bf:93:a2:8d:8d:d7:b5:ea:78:70:68:f3:9c:
                    0d:90:5f:2d:03:6c:7a:43:47:7f:51:f2:79:f8:cc:
                    d1:74:47:b6:97:28:59:6f:9e:12:69:8d:af:eb:02:
                    f0:53:55:1a:9d:ac:17:1c:30:f5:21:9f:d8:9f:23:
                    07:03:09:68:99:e1:ae:17:c7:d2:71:9e:d4:55:0d:
                    57:98:f7:51:41:b4:c7:4f:8c:5a:e6:16:36:f5:35:
                    b8:c5:45:bc:90:0f:ed:1b:41:f6:8f:82:b1:05:37:
                    c8:af:5f:d5:9a:61:e4:b5:df:2f:a0:fb:aa:54:68:
                    bd:53:b1:09:be:28:63:81:eb:29:a4:d8:a0:67:b6:
                    0c:2a:ad:7e:83:31:38:03:21:ee:b8:93:01:f0:c9:
                    5b:f9:a6:0f:2c:88:d0:9e:f9:4d:82:67:7b:0c:c6:
                    79:05:e5:c6:69:d1:81:90:04:96:17:e4:64:3a:a0:
                    6d:5a:3b:c6:1a:f4:99:53:5e:41:70:7c:82:82:ed:
                    99:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:69:04:0D:55:0C:82:52:C7:09:E3:9F:97:8F:2E:D9:20:F7:3B:56
            X509v3 Authority Key Identifier:
                keyid:B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/vGkEDVUMglLHCeOfl48u2SD3O1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1b30::/33

    Signature Algorithm: sha256WithRSAEncryption
         0c:81:d5:aa:35:48:a8:d8:d6:67:4c:2b:87:4b:53:ee:f8:df:
         b5:8c:16:61:ca:79:5a:59:ac:74:3a:3d:a7:7d:33:1d:b7:32:
         4c:5b:71:c5:c7:14:72:d6:74:19:13:58:16:5a:ab:25:02:5e:
         0c:b1:6e:f0:5d:48:f5:86:c3:41:9a:eb:2c:66:9c:0d:a0:82:
         4f:22:53:d8:e2:f4:fb:19:88:b1:99:ef:1e:e6:63:c1:c2:82:
         ae:38:26:80:fd:67:60:bf:4a:ff:40:fd:06:59:7a:5b:52:13:
         2f:3c:ef:fb:9c:e0:31:cc:ea:d9:8a:0d:51:6c:9d:ad:76:f8:
         98:9d:43:27:f7:bf:8c:56:80:3c:95:4a:15:fe:2c:44:8b:7f:
         2f:95:32:d8:c3:69:0d:17:cc:33:cb:53:71:3f:76:3b:27:6d:
         1e:bd:a2:9d:d8:fe:25:88:ac:de:48:15:11:cd:12:b7:22:da:
         2a:e5:2a:ed:69:b2:7b:d4:16:e9:9c:f5:b4:f4:c5:cd:58:db:
         b6:b8:b7:cc:14:e2:6a:4c:2a:3a:42:95:dc:26:84:e1:6e:7d:
         33:b1:1c:87:f9:8f:07:d8:24:09:fd:19:32:78:02:91:26:48:
         d8:ab:7d:9a:22:f6:d2:f0:e8:e6:92:65:4a:94:4d:33:cb:3d:
         08:7f:0b:52
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI358F7EvM2iKyt3CWlFerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNDNmYTcwM2ZiZWUwNGJiZDkxY2U2M2EzMjE0OGIzNmI4
ZTU1YWEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzY5MDQwZDU1MGM4MjUyYzcwOWUzOWY5NzhmMmVkOTIwZjczYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIm/8PFZ9uc70YmkY1heoIKJlCWl
cL3jF6hYWr5Gh+f01wEnFLZolh3pN09o1a32NGi6WAPCO0OUWTbQR7+Too2N17Xq
eHBo85wNkF8tA2x6Q0d/UfJ5+MzRdEe2lyhZb54SaY2v6wLwU1UanawXHDD1IZ/Y
nyMHAwlomeGuF8fScZ7UVQ1XmPdRQbTHT4xa5hY29TW4xUW8kA/tG0H2j4KxBTfI
r1/VmmHktd8voPuqVGi9U7EJvihjgesppNigZ7YMKq1+gzE4AyHuuJMB8Mlb+aYP
LIjQnvlNgmd7DMZ5BeXGadGBkASWF+RkOqBtWjvGGvSZU15BcHyCgu2ZmQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLxpBA1VDIJSxwnjn5ePLtkg9ztWMB8GA1UdIwQY
MBaAFLFD+nA/vuBLvZHOY6MhSLNrjlWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VQNmNELS00RXU5a2M1am95RklzMnVPVmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iOTM0MmYtNTkxNi00NjQ0LWIxYWEt
MDBkMWU3YTE3MGEyLzEvdkdrRURWVU1nbExIQ2VPZmw0OHUyU0QzTzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iOTM0MmYtNTkxNi00NjQ0LWIxYWEtMDBkMWU3YTE3MGEy
LzEvc1VQNmNELS00RXU5a2M1am95RklzMnVPVmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgAbMAAw
DQYJKoZIhvcNAQELBQADggEBAAyB1ao1SKjY1mdMK4dLU+7437WMFmHKeVpZrHQ6
Pad9Mx23MkxbccXHFHLWdBkTWBZaqyUCXgyxbvBdSPWGw0Ga6yxmnA2ggk8iU9ji
9PsZiLGZ7x7mY8HCgq44JoD9Z2C/Sv9A/QZZeltSEy887/uc4DHM6tmKDVFsna12
+JidQyf3v4xWgDyVShX+LESLfy+VMtjDaQ0XzDPLU3E/djsnbR69op3Y/iWIrN5I
FRHNErci2irlKu1psnvUFumc9bT0xc1Y27a4t8wU4mpMKjpCldwmhOFufTOxHIf5
jwfYJAn9GTJ4ApEmSNirfZoi9tLw6OaSZUqUTTPLPQh/C1I=
-----END CERTIFICATE-----