Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/zS0PqaSeNgKTpvmQNv6srvHhaN8.roa
File:                     zS0PqaSeNgKTpvmQNv6srvHhaN8.roa (raw, json)
Hash identifier:          RkE6xkpc8vTQ1fIrmMnlwCt/iw9X/hcI1A4bWxVhD74=
Subject key identifier:   CD:2D:0F:A9:A4:9E:36:02:93:A6:F9:90:36:FE:AC:AE:F1:E1:68:DF
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       018CC50094E2C1CAB9EFC0826898D8843DCE
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/zS0PqaSeNgKTpvmQNv6srvHhaN8.roa
Signing time:             Mon 01 Jan 2024 12:29:58 +0000
ROA not before:           Mon 01 Jan 2024 12:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        2a0f:f400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:94:e2:c1:ca:b9:ef:c0:82:68:98:d8:84:3d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Jan  1 12:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd2d0fa9a49e360293a6f99036feacaef1e168df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:26:c9:96:84:1a:ea:01:47:0d:6b:c9:9f:bd:
                    3c:58:98:b1:d5:63:56:a6:2e:05:14:67:ee:13:fc:
                    16:e0:14:ec:6b:f5:37:2a:04:d2:6b:c3:00:a5:c5:
                    aa:9b:58:66:2b:41:0a:a3:ab:c7:c6:1a:26:12:2c:
                    14:3e:53:8b:77:05:50:c7:26:2b:1c:d8:86:7e:a4:
                    41:ad:74:4c:df:5a:7e:a7:97:95:09:d9:5d:f7:9c:
                    72:20:8d:d2:39:61:bf:04:f0:ed:7d:fa:a1:59:c6:
                    b2:22:d8:b9:e9:85:e6:a5:c2:f8:55:75:5d:09:6d:
                    3e:86:bd:40:93:ed:05:4b:78:04:32:17:c9:19:ed:
                    78:71:39:2c:e4:a6:9b:c1:d8:54:1a:03:10:21:53:
                    93:4e:8f:75:02:db:4a:dd:2a:ee:cb:81:f7:be:85:
                    dc:e6:b3:2a:0f:7e:95:68:eb:da:8e:2e:e4:99:a1:
                    21:70:f1:a9:b4:7b:c1:28:6c:06:ce:f9:bc:4e:87:
                    3e:63:af:9c:c3:70:71:27:1a:34:97:e7:06:b0:ae:
                    fc:c0:8a:61:61:ee:11:f7:90:06:06:8c:e2:32:4a:
                    69:96:cc:74:9c:0d:00:c2:54:84:05:13:0a:c1:90:
                    aa:80:d0:fa:1d:5d:3f:9d:e0:63:b7:38:17:7f:62:
                    5b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2D:0F:A9:A4:9E:36:02:93:A6:F9:90:36:FE:AC:AE:F1:E1:68:DF
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/zS0PqaSeNgKTpvmQNv6srvHhaN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f400::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:76:bc:72:b6:4d:05:3e:79:ef:d8:5e:5a:e5:28:ca:98:47:
         ea:32:c3:f7:6e:7a:6b:ef:e7:84:3f:51:56:93:d1:4d:e4:81:
         64:89:a6:82:81:75:38:08:12:fd:0b:a3:9b:b4:80:74:af:be:
         33:f9:65:51:03:70:5c:c4:ad:32:b8:95:2c:31:12:55:04:66:
         9c:69:f2:c6:93:db:9b:0e:ac:17:1a:72:c5:31:11:85:e5:bb:
         6d:f8:07:b8:e8:f8:18:6f:01:ce:6e:2a:84:4f:32:8e:29:0c:
         08:49:38:62:16:fe:29:f2:63:6b:99:dc:7b:f9:05:61:40:9a:
         68:cc:47:ea:f9:49:75:0e:ba:b1:65:38:62:b0:79:9d:af:b4:
         7f:8c:cf:89:d8:e1:89:b5:5e:98:00:6e:8a:74:9c:09:4d:ee:
         f5:40:da:7b:b0:ef:56:99:26:9d:2f:58:6b:6a:5d:9b:53:91:
         f7:8e:c6:e9:6d:8b:4b:37:f5:35:a8:dd:ed:77:f6:e6:52:9e:
         1c:d7:db:50:50:30:c3:88:84:de:4c:06:b8:c5:f7:6d:97:79:
         74:f9:42:de:50:65:1e:4f:05:32:93:06:27:82:74:bf:32:6b:
         b3:4f:67:4f:c9:d4:00:52:d7:37:4b:6b:9b:1f:ac:93:e7:60:
         a4:04:c6:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAJTiwcq578CCaJjYhD3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwMTAxMTIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJkMGZhOWE0OWUzNjAyOTNhNmY5OTAzNmZlYWNhZWYxZTE2OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCbJloQa6gFHDWvJn708WJix1WNW
pi4FFGfuE/wW4BTsa/U3KgTSa8MApcWqm1hmK0EKo6vHxhomEiwUPlOLdwVQxyYr
HNiGfqRBrXRM31p+p5eVCdld95xyII3SOWG/BPDtffqhWcayIti56YXmpcL4VXVd
CW0+hr1Ak+0FS3gEMhfJGe14cTks5KabwdhUGgMQIVOTTo91AttK3Sruy4H3voXc
5rMqD36VaOvaji7kmaEhcPGptHvBKGwGzvm8Toc+Y6+cw3BxJxo0l+cGsK78wIph
Ye4R95AGBoziMkpplsx0nA0AwlSEBRMKwZCqgND6HV0/neBjtzgXf2JbZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM0tD6mknjYCk6b5kDb+rK7x4WjfMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvelMwUHFhU2VOZ0tUcHZtUU52NnNydkhoYU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/0ADAN
BgkqhkiG9w0BAQsFAAOCAQEADna8crZNBT5579heWuUoyphH6jLD9256a+/nhD9R
VpPRTeSBZImmgoF1OAgS/Qujm7SAdK++M/llUQNwXMStMriVLDESVQRmnGnyxpPb
mw6sFxpyxTERheW7bfgHuOj4GG8Bzm4qhE8yjikMCEk4Yhb+KfJja5nce/kFYUCa
aMxH6vlJdQ66sWU4YrB5na+0f4zPidjhibVemABuinScCU3u9UDae7DvVpkmnS9Y
a2pdm1OR947G6W2LSzf1Najd7Xf25lKeHNfbUFAww4iE3kwGuMX3bZd5dPlC3lBl
Hk8FMpMGJ4J0vzJrs09nT8nUAFLXN0trmx+sk+dgpATGKw==
-----END CERTIFICATE-----