Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/pUDP-uy5fC2F5rFBWxEcR2HPjDM.roa
File:                     pUDP-uy5fC2F5rFBWxEcR2HPjDM.roa (raw, json)
Hash identifier:          33KdVwqlL4VWfELs1SLHvYt0f/Bj/5sb9xaCB5GSppI=
Subject key identifier:   A5:40:CF:FA:EC:B9:7C:2D:85:E6:B1:41:5B:11:1C:47:61:CF:8C:33
Certificate issuer:       /CN=fce2fd8df1a266ce13457fbe0f938b9abe3aa761
Certificate serial:       018CC726682715588C98BC0D7062EFA57C72
Authority key identifier: FC:E2:FD:8D:F1:A2:66:CE:13:45:7F:BE:0F:93:8B:9A:BE:3A:A7:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_OL9jfGiZs4TRX--D5OLmr46p2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/pUDP-uy5fC2F5rFBWxEcR2HPjDM.roa
Signing time:             Mon 01 Jan 2024 22:30:32 +0000
ROA not before:           Mon 01 Jan 2024 22:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        2a03:e500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/_OL9jfGiZs4TRX--D5OLmr46p2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/_OL9jfGiZs4TRX--D5OLmr46p2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_OL9jfGiZs4TRX--D5OLmr46p2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:68:27:15:58:8c:98:bc:0d:70:62:ef:a5:7c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fce2fd8df1a266ce13457fbe0f938b9abe3aa761
        Validity
            Not Before: Jan  1 22:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a540cffaecb97c2d85e6b1415b111c4761cf8c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7c:0f:be:9a:b0:9d:ed:d5:31:8f:5a:4b:59:
                    55:4b:35:32:82:ea:e8:f5:3f:30:94:c0:26:3a:e2:
                    e1:12:d4:a1:f5:0f:5b:d1:ee:a4:bb:dd:48:26:c0:
                    e8:f9:dc:a6:ad:09:09:a6:f2:35:1e:29:70:d6:5b:
                    6f:2d:43:11:ab:ed:13:6c:2a:94:0a:21:f9:9f:fa:
                    b4:c3:af:98:9a:39:73:f4:b8:fc:f3:c9:2c:14:ed:
                    f4:0b:09:e4:3c:5e:3d:fd:41:45:03:6c:b3:f2:e5:
                    55:1c:18:59:2d:da:51:2c:6e:87:be:88:b4:e4:4b:
                    c9:52:65:38:10:f4:c6:98:c4:7e:e9:1b:a8:d8:09:
                    0c:77:70:c0:9d:32:4b:87:0a:9b:51:fb:53:b3:df:
                    bd:46:3e:a6:8b:9a:fd:f0:01:c3:f7:cc:5e:40:5c:
                    ba:46:49:ee:c6:4c:2e:8e:d4:16:f3:3d:8e:5b:cd:
                    36:8c:e4:64:fe:67:e7:fd:6b:5c:01:7d:53:8b:e5:
                    55:d0:55:3d:33:db:e6:fd:e7:7a:a4:5b:a5:72:91:
                    14:36:a7:19:be:12:82:9e:e6:9d:9d:83:0a:07:db:
                    e2:20:a2:8a:ad:db:40:4a:82:33:c9:5f:da:cc:24:
                    a7:f4:f3:68:e0:0d:bb:9d:70:4f:d8:53:e9:df:9e:
                    44:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:40:CF:FA:EC:B9:7C:2D:85:E6:B1:41:5B:11:1C:47:61:CF:8C:33
            X509v3 Authority Key Identifier:
                keyid:FC:E2:FD:8D:F1:A2:66:CE:13:45:7F:BE:0F:93:8B:9A:BE:3A:A7:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OL9jfGiZs4TRX--D5OLmr46p2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/pUDP-uy5fC2F5rFBWxEcR2HPjDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/91641b-fc66-4e6d-b9dc-7ef54afc4372/1/_OL9jfGiZs4TRX--D5OLmr46p2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e500::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:47:0a:32:36:55:d2:69:ba:a8:04:5b:33:29:24:dc:61:80:
         ea:07:e3:a6:3d:14:2b:79:6b:92:54:97:d0:2d:58:7a:19:bb:
         51:1c:6e:64:bc:22:25:e7:9b:cf:33:8c:5c:36:3e:59:dc:69:
         fd:ca:a8:12:95:8b:c7:3d:57:9a:c5:9e:0c:78:26:6a:b8:29:
         19:9a:07:64:96:48:c9:88:42:34:19:f8:33:42:60:98:7f:65:
         84:46:87:aa:b4:52:1e:f9:90:34:02:86:6c:b6:93:6d:70:14:
         3e:48:58:00:34:0e:8b:5f:c0:52:36:56:ce:6e:50:3c:c7:d3:
         5e:5b:f7:39:ff:fc:40:6f:bc:dc:c1:8d:60:59:64:82:ff:51:
         06:f3:ea:87:d8:dd:31:d5:02:7a:95:16:16:dd:f2:88:57:13:
         49:3a:4a:ba:7b:41:34:e8:17:89:50:58:a5:87:a4:92:79:21:
         4e:c0:c9:fd:6a:49:dd:0f:b9:36:22:9a:8b:08:ca:bc:e7:51:
         e7:6f:ce:e5:05:3b:c3:53:23:68:ff:50:4a:13:04:0c:02:93:
         27:0d:56:a0:8b:cf:d7:b1:30:f3:fa:8e:81:8e:8a:b3:1a:cb:
         f7:27:35:7e:39:77:90:65:77:58:f3:ac:9b:ee:48:bf:a6:46:
         20:c8:97:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJmgnFViMmLwNcGLvpXxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTJmZDhkZjFhMjY2Y2UxMzQ1N2ZiZTBmOTM4YjlhYmUz
YWE3NjEwHhcNMjQwMTAxMjIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQwY2ZmYWVjYjk3YzJkODVlNmIxNDE1YjExMWM0NzYxY2Y4YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3wPvpqwne3VMY9aS1lVSzUyguro
9T8wlMAmOuLhEtSh9Q9b0e6ku91IJsDo+dymrQkJpvI1Hilw1ltvLUMRq+0TbCqU
CiH5n/q0w6+Ymjlz9Lj888ksFO30CwnkPF49/UFFA2yz8uVVHBhZLdpRLG6Hvoi0
5EvJUmU4EPTGmMR+6Ruo2AkMd3DAnTJLhwqbUftTs9+9Rj6mi5r98AHD98xeQFy6
RknuxkwujtQW8z2OW802jORk/mfn/WtcAX1Ti+VV0FU9M9vm/ed6pFulcpEUNqcZ
vhKCnuadnYMKB9viIKKKrdtASoIzyV/azCSn9PNo4A27nXBP2FPp355EkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKVAz/rsuXwtheaxQVsRHEdhz4wzMB8GA1UdIwQY
MBaAFPzi/Y3xombOE0V/vg+Ti5q+OqdhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09MOWpmR2laczRUUlgtLUQ1T0xtcjQ2cDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85MTY0MWItZmM2Ni00ZTZkLWI5ZGMt
N2VmNTRhZmM0MzcyLzEvcFVEUC11eTVmQzJGNXJGQld4RWNSMkhQakRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85MTY0MWItZmM2Ni00ZTZkLWI5ZGMtN2VmNTRhZmM0Mzcy
LzEvX09MOWpmR2laczRUUlgtLUQ1T0xtcjQ2cDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgPlADAN
BgkqhkiG9w0BAQsFAAOCAQEAO0cKMjZV0mm6qARbMykk3GGA6gfjpj0UK3lrklSX
0C1Yehm7URxuZLwiJeebzzOMXDY+Wdxp/cqoEpWLxz1XmsWeDHgmargpGZoHZJZI
yYhCNBn4M0JgmH9lhEaHqrRSHvmQNAKGbLaTbXAUPkhYADQOi1/AUjZWzm5QPMfT
Xlv3Of/8QG+83MGNYFlkgv9RBvPqh9jdMdUCepUWFt3yiFcTSTpKuntBNOgXiVBY
pYekknkhTsDJ/WpJ3Q+5NiKaiwjKvOdR52/O5QU7w1MjaP9QShMEDAKTJw1WoIvP
17Ew8/qOgY6KsxrL9yc1fjl3kGV3WPOsm+5Iv6ZGIMiX2Q==
-----END CERTIFICATE-----