Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/Ruu1TLcGrp1OPVmcuVssDSpm-eQ.roa
File:                     Ruu1TLcGrp1OPVmcuVssDSpm-eQ.roa (raw, json)
Hash identifier:          wGCz7lMt/W0+0Yv/16zD/cwY2N1HW0boZiaq2EYkt7U=
Subject key identifier:   46:EB:B5:4C:B7:06:AE:9D:4E:3D:59:9C:B9:5B:2C:0D:2A:66:F9:E4
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018CC7265F9D5933905BB7888156CF6C61F3
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/Ruu1TLcGrp1OPVmcuVssDSpm-eQ.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42167
IP address blocks:        2a0b:b840:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:5f:9d:59:33:90:5b:b7:88:81:56:cf:6c:61:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46ebb54cb706ae9d4e3d599cb95b2c0d2a66f9e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5b:86:b5:a7:ce:76:21:a5:97:f4:54:22:96:
                    0d:88:bb:81:95:04:f2:e4:d6:b4:01:13:af:af:ea:
                    da:83:7f:9d:7f:98:db:a5:9a:1f:24:4f:c2:8f:14:
                    1b:16:88:b9:7b:9d:d8:9f:87:35:30:2b:c9:18:00:
                    16:68:5d:55:95:12:d0:e5:53:9d:e8:ba:45:bc:4f:
                    18:63:89:ab:89:3e:b9:af:5c:0b:37:51:5f:34:76:
                    c7:de:c9:f5:c0:b1:f1:4a:62:f6:32:d7:64:f8:31:
                    9f:db:44:bf:14:d9:7d:57:82:25:a1:b8:ca:c9:e7:
                    51:be:67:85:f6:f9:5f:e4:03:45:55:2d:83:74:6f:
                    be:cb:c9:a4:28:f2:15:03:50:39:f8:ab:05:df:44:
                    a8:e8:76:94:00:d1:d9:ec:ef:d4:79:ae:f4:62:a1:
                    53:12:6d:7c:d2:f7:c9:1c:3c:a8:3d:8a:b6:0f:d3:
                    6f:3e:cb:c2:22:58:61:9b:e2:5d:36:64:9c:3a:ed:
                    48:37:60:34:07:b4:4f:e5:3c:47:51:da:81:b0:bb:
                    c8:4c:45:ed:9c:dc:62:2b:8d:91:b6:0b:8c:25:ea:
                    18:b4:d8:6a:49:37:af:f6:7b:c9:35:2a:41:bb:c6:
                    06:a3:06:ff:2f:ee:96:95:f5:7a:f9:c2:03:3d:d0:
                    04:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EB:B5:4C:B7:06:AE:9D:4E:3D:59:9C:B9:5B:2C:0D:2A:66:F9:E4
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/Ruu1TLcGrp1OPVmcuVssDSpm-eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b840:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:14:47:58:07:f6:ad:80:5f:e5:ee:cf:21:59:29:c9:6a:65:
         2e:24:a1:ee:d4:1c:02:df:8f:e2:f0:56:ac:50:9b:0c:f8:81:
         23:7e:6e:3f:59:ec:07:bb:d8:75:99:ec:30:1d:50:f0:d5:b0:
         24:4e:17:91:9c:34:a7:e7:7e:72:2b:4b:e7:dc:d0:6f:31:16:
         fd:19:30:2a:f3:46:61:4d:02:52:cd:0c:3c:10:d2:5e:80:79:
         ae:d8:6d:d8:23:67:0e:04:e7:a5:0e:09:7f:98:67:0b:27:3c:
         e4:b9:97:e1:19:c8:17:6f:d0:e8:6c:62:58:8e:0c:19:e3:41:
         e9:b4:55:fb:ea:12:76:10:fc:3f:bd:7a:c6:ae:2f:47:15:a7:
         85:5b:c6:29:e0:e5:c8:2e:f4:cc:33:18:a0:20:74:04:df:79:
         c6:0c:98:95:ff:51:2e:70:64:1f:9d:d9:3d:77:05:90:dd:ef:
         8d:92:dd:fd:34:48:8f:78:45:ba:0c:ba:d7:89:26:66:a1:dc:
         b0:3d:08:d4:a8:71:d0:c2:aa:21:42:8a:93:5a:c9:7b:53:7a:
         ec:6a:39:be:3d:e5:48:e9:18:5a:6e:12:f3:6b:44:ff:52:64:
         2a:f6:34:12:99:77:8c:db:67:26:12:35:2f:3d:b2:de:51:35:
         c1:4c:df:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJl+dWTOQW7eIgVbPbGHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmViYjU0Y2I3MDZhZTlkNGUzZDU5OWNiOTViMmMwZDJhNjZmOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1uGtafOdiGll/RUIpYNiLuBlQTy
5Na0AROvr+rag3+df5jbpZofJE/CjxQbFoi5e53Yn4c1MCvJGAAWaF1VlRLQ5VOd
6LpFvE8YY4mriT65r1wLN1FfNHbH3sn1wLHxSmL2Mtdk+DGf20S/FNl9V4IlobjK
yedRvmeF9vlf5ANFVS2DdG++y8mkKPIVA1A5+KsF30So6HaUANHZ7O/Uea70YqFT
Em180vfJHDyoPYq2D9NvPsvCIlhhm+JdNmScOu1IN2A0B7RP5TxHUdqBsLvITEXt
nNxiK42RtguMJeoYtNhqSTev9nvJNSpBu8YGowb/L+6WlfV6+cIDPdAEIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEbrtUy3Bq6dTj1ZnLlbLA0qZvnkMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvUnV1MVRMY0dycDFPUFZtY3VWc3NEU3BtLWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu4QAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAwFEdYB/atgF/l7s8hWSnJamUuJKHu1BwC34/i
8FasUJsM+IEjfm4/WewHu9h1mewwHVDw1bAkTheRnDSn535yK0vn3NBvMRb9GTAq
80ZhTQJSzQw8ENJegHmu2G3YI2cOBOelDgl/mGcLJzzkuZfhGcgXb9DobGJYjgwZ
40HptFX76hJ2EPw/vXrGri9HFaeFW8Yp4OXILvTMMxigIHQE33nGDJiV/1EucGQf
ndk9dwWQ3e+Nkt39NEiPeEW6DLrXiSZmodywPQjUqHHQwqohQoqTWsl7U3rsajm+
PeVI6RhabhLza0T/UmQq9jQSmXeM22cmEjUvPbLeUTXBTN8R
-----END CERTIFICATE-----