Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/z_OSxH5iGsT8eyHBWAB4PlAaBdg.roa
File:                     z_OSxH5iGsT8eyHBWAB4PlAaBdg.roa (raw, json)
Hash identifier:          B/qNXskgn5/9s9mRL5WbSNv4Af6gElvNCX0khONc9Tk=
Subject key identifier:   CF:F3:92:C4:7E:62:1A:C4:FC:7B:21:C1:58:00:78:3E:50:1A:05:D8
Certificate issuer:       /CN=807709e7b0efba127025c83e5d3194c71ba428c3
Certificate serial:       018CC492957AA37994B22160849B3ECE5D2D
Authority key identifier: 80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/z_OSxH5iGsT8eyHBWAB4PlAaBdg.roa
Signing time:             Mon 01 Jan 2024 10:29:49 +0000
ROA not before:           Mon 01 Jan 2024 10:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a0f:6040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:95:7a:a3:79:94:b2:21:60:84:9b:3e:ce:5d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=807709e7b0efba127025c83e5d3194c71ba428c3
        Validity
            Not Before: Jan  1 10:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cff392c47e621ac4fc7b21c15800783e501a05d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:99:9f:1b:05:1e:0f:8d:16:55:ba:11:4a:1b:
                    f9:0c:5d:f0:1e:f1:24:5a:62:11:aa:10:29:be:54:
                    aa:c8:d2:e2:19:72:ee:3b:de:a9:34:b1:90:64:32:
                    da:44:14:53:ab:2b:06:70:b2:aa:aa:de:01:7b:60:
                    37:4d:79:bc:34:4c:15:54:08:0e:81:aa:74:2e:c1:
                    bb:bf:ee:4d:25:73:1c:1e:35:33:e5:99:47:04:21:
                    ba:6f:c8:16:be:14:68:25:7e:27:29:a4:df:70:a1:
                    96:06:0a:73:43:58:66:78:50:9d:c6:02:d1:21:fc:
                    8b:87:35:e0:b8:e8:7f:f1:0e:fc:33:5e:67:e0:f9:
                    64:81:c0:b5:67:e5:b8:da:77:db:69:61:03:68:42:
                    e8:22:f1:a1:c9:38:bb:e2:4f:62:14:f7:a2:6c:2f:
                    b6:c0:5c:d4:92:cf:cb:b0:21:4b:79:ba:2e:4b:c0:
                    61:cf:10:5e:80:58:04:cd:83:e7:22:cc:8a:52:39:
                    f8:e3:de:e8:8c:37:0a:19:e8:76:2b:85:8c:a6:2b:
                    ea:a4:39:2e:6c:d9:99:ed:95:de:32:6a:2d:c6:48:
                    ec:dd:93:d2:7d:d5:8b:e9:0b:b7:3e:fd:47:a2:5a:
                    74:ed:23:43:15:17:32:8f:ce:6a:bc:d1:5b:df:31:
                    59:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:F3:92:C4:7E:62:1A:C4:FC:7B:21:C1:58:00:78:3E:50:1A:05:D8
            X509v3 Authority Key Identifier:
                keyid:80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/z_OSxH5iGsT8eyHBWAB4PlAaBdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6040::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:32:21:ae:cd:34:e2:90:33:f6:3b:02:f7:5c:73:56:6a:b6:
         db:75:b3:04:9e:cc:a4:94:f0:b3:0b:65:c5:b6:25:e7:7f:3f:
         8d:34:3d:25:9d:ef:2d:c8:1f:aa:7c:69:6d:3f:19:bf:e2:7c:
         9c:b3:33:4a:f0:4f:ae:99:4f:9e:0d:4d:7a:7e:77:1a:9c:28:
         1d:0d:83:44:9c:79:e0:cb:9c:f1:c4:43:11:e0:d3:cf:b5:9c:
         26:29:99:c6:02:7f:48:f7:d4:4e:13:ac:fd:0b:be:ef:7a:6a:
         c0:9e:9e:be:e3:48:12:70:ac:91:95:71:fb:8c:64:ba:d8:cb:
         0e:d2:ed:d6:b5:a5:13:7e:87:8e:40:64:56:c4:fc:32:69:3a:
         47:00:69:63:42:6b:e0:ff:78:0a:88:fb:00:1b:fb:c7:08:d8:
         5c:57:25:11:58:1c:e4:d2:f1:71:0f:84:e8:20:49:d3:3b:8c:
         13:65:af:15:41:cd:e2:e1:94:b6:30:0a:98:4d:d5:ba:bb:f7:
         ab:41:08:48:db:7a:74:f4:95:5c:34:d2:ea:da:db:17:31:d2:
         65:7f:25:6c:fc:39:16:c4:7b:17:ba:07:fd:fe:73:f8:0c:bc:
         88:55:69:34:82:64:f1:8d:b6:8f:57:d8:65:53:24:0c:05:55:
         03:c8:dc:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkpV6o3mUsiFghJs+zl0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNzcwOWU3YjBlZmJhMTI3MDI1YzgzZTVkMzE5NGM3MWJh
NDI4YzMwHhcNMjQwMTAxMTAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmYzOTJjNDdlNjIxYWM0ZmM3YjIxYzE1ODAwNzgzZTUwMWEwNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJmfGwUeD40WVboRShv5DF3wHvEk
WmIRqhApvlSqyNLiGXLuO96pNLGQZDLaRBRTqysGcLKqqt4Be2A3TXm8NEwVVAgO
gap0LsG7v+5NJXMcHjUz5ZlHBCG6b8gWvhRoJX4nKaTfcKGWBgpzQ1hmeFCdxgLR
IfyLhzXguOh/8Q78M15n4PlkgcC1Z+W42nfbaWEDaELoIvGhyTi74k9iFPeibC+2
wFzUks/LsCFLebouS8BhzxBegFgEzYPnIsyKUjn4497ojDcKGeh2K4WMpivqpDku
bNmZ7ZXeMmotxkjs3ZPSfdWL6Qu3Pv1Holp07SNDFRcyj85qvNFb3zFZPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM/zksR+YhrE/HshwVgAeD5QGgXYMB8GA1UdIwQY
MBaAFIB3Ceew77oScCXIPl0xlMcbpCjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgt
YmU5YWQyYmY3MjVmLzEvel9PU3hINWlHc1Q4ZXlIQldBQjRQbEFhQmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgtYmU5YWQyYmY3MjVm
LzEvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg9gQDAN
BgkqhkiG9w0BAQsFAAOCAQEAjDIhrs004pAz9jsC91xzVmq223WzBJ7MpJTwswtl
xbYl538/jTQ9JZ3vLcgfqnxpbT8Zv+J8nLMzSvBPrplPng1Nen53GpwoHQ2DRJx5
4Muc8cRDEeDTz7WcJimZxgJ/SPfUThOs/Qu+73pqwJ6evuNIEnCskZVx+4xkutjL
DtLt1rWlE36HjkBkVsT8Mmk6RwBpY0Jr4P94Coj7ABv7xwjYXFclEVgc5NLxcQ+E
6CBJ0zuME2WvFUHN4uGUtjAKmE3Vurv3q0EISNt6dPSVXDTS6trbFzHSZX8lbPw5
FsR7F7oH/f5z+Ay8iFVpNIJk8Y22j1fYZVMkDAVVA8jcBQ==
-----END CERTIFICATE-----