Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/To4vD-m1o8vBoWLYx5nt4YtOq_Y.roa
File:                     To4vD-m1o8vBoWLYx5nt4YtOq_Y.roa (raw, json)
Hash identifier:          lK86af65+E4tS0Rrtcc3q0r71IWQgKx5iOTP1GCPfUw=
Subject key identifier:   4E:8E:2F:0F:E9:B5:A3:CB:C1:A1:62:D8:C7:99:ED:E1:8B:4E:AB:F6
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       018CC6B8FD98B6B82F47B2444375536E1E32
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/To4vD-m1o8vBoWLYx5nt4YtOq_Y.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20594
IP address blocks:        2a01:8180:2000::/36 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fd:98:b6:b8:2f:47:b2:44:43:75:53:6e:1e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e8e2f0fe9b5a3cbc1a162d8c799ede18b4eabf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1f:54:80:8e:40:a1:2d:95:89:b8:0b:2c:07:
                    ff:2e:fe:12:83:e8:0c:c6:67:8f:ef:ae:fd:84:78:
                    0b:ab:7d:08:c5:4a:0f:7b:7c:e1:b1:20:c9:26:b3:
                    9f:6c:f8:ba:72:94:51:93:86:eb:15:cb:79:9e:67:
                    49:da:8e:bd:c8:82:64:73:ca:5a:1b:02:4c:ab:a3:
                    7a:10:c0:b1:0b:31:f4:da:9e:64:ad:ca:ea:6f:de:
                    0d:89:98:6d:d3:dd:b8:db:fb:75:f8:51:55:a3:2a:
                    5c:19:e7:b8:9b:9d:27:b4:14:d2:69:25:7d:17:cd:
                    28:a5:7c:fd:b2:0e:89:8e:ff:6f:8f:be:02:d7:e9:
                    29:f1:dd:9e:66:e4:24:f8:c5:cf:91:61:ce:d4:13:
                    80:4f:88:c7:e4:ba:21:db:95:d6:88:fe:4b:95:18:
                    3c:f5:31:f4:69:5c:c5:0e:8c:7b:91:67:22:d0:f2:
                    00:47:40:bf:d0:bd:5b:5b:9e:d4:32:14:03:3e:a3:
                    2f:4f:81:24:f8:f4:28:1b:18:f4:3a:5b:46:1f:7a:
                    89:bf:ae:55:72:7e:8c:05:57:4a:dc:03:c4:f8:c9:
                    43:a1:62:5b:1e:81:41:4f:67:41:3c:6c:ec:8a:e1:
                    a1:f6:f1:6b:99:fc:e1:b4:17:de:8a:82:cd:38:d7:
                    ac:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8E:2F:0F:E9:B5:A3:CB:C1:A1:62:D8:C7:99:ED:E1:8B:4E:AB:F6
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/To4vD-m1o8vBoWLYx5nt4YtOq_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8180:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         87:c3:3b:35:91:0b:50:02:8c:78:ca:8b:ea:77:5c:98:0b:e3:
         9e:28:7a:9d:ea:08:af:f7:3f:14:bb:e2:d3:76:31:0b:50:ec:
         df:62:16:41:f8:72:30:f5:5c:12:a5:5d:3d:aa:32:62:1f:1f:
         b3:cb:eb:fa:c9:96:79:38:bd:6c:27:97:ba:e3:da:33:b4:cb:
         9b:53:61:09:b2:a0:10:a5:79:af:20:ea:be:20:c1:ba:57:a4:
         db:ab:89:76:4a:1c:29:0f:48:d1:a0:52:6e:f0:57:e2:44:0d:
         ea:4b:72:d1:68:bb:5d:82:12:cd:a0:6f:0e:66:5a:16:88:07:
         4d:cb:5d:fe:66:20:39:c1:0d:e0:0a:07:20:69:ec:37:3b:ae:
         9e:92:d3:01:f7:6e:21:1f:2c:3e:a5:63:37:e7:d8:42:50:86:
         09:98:f2:39:c4:d3:8b:d2:ef:da:65:70:87:8e:ba:4b:c0:34:
         36:5c:10:04:32:cb:db:ae:34:25:cf:de:7d:3f:b9:17:6b:05:
         0f:b9:b3:56:38:0f:7e:66:f0:4c:a3:e5:15:c3:3e:1a:23:d9:
         08:ff:11:b4:f4:a3:52:a5:1b:ba:7f:82:fa:2a:89:bc:af:71:
         33:d1:3e:a4:a3:6f:82:c2:d5:27:b5:0a:06:0d:99:7f:e0:f2:
         f9:b9:ac:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuP2YtrgvR7JEQ3VTbh4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThlMmYwZmU5YjVhM2NiYzFhMTYyZDhjNzk5ZWRlMThiNGVhYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh9UgI5AoS2VibgLLAf/Lv4Sg+gM
xmeP7679hHgLq30IxUoPe3zhsSDJJrOfbPi6cpRRk4brFct5nmdJ2o69yIJkc8pa
GwJMq6N6EMCxCzH02p5krcrqb94NiZht09242/t1+FFVoypcGee4m50ntBTSaSV9
F80opXz9sg6Jjv9vj74C1+kp8d2eZuQk+MXPkWHO1BOAT4jH5Loh25XWiP5LlRg8
9TH0aVzFDox7kWci0PIAR0C/0L1bW57UMhQDPqMvT4Ek+PQoGxj0OltGH3qJv65V
cn6MBVdK3APE+MlDoWJbHoFBT2dBPGzsiuGh9vFrmfzhtBfeioLNONesUQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE6OLw/ptaPLwaFi2MeZ7eGLTqv2MB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvVG80dkQtbTFvOHZCb1dMWXg1bnQ0WXRPcV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgGBgCAw
DQYJKoZIhvcNAQELBQADggEBAIfDOzWRC1ACjHjKi+p3XJgL454oep3qCK/3PxS7
4tN2MQtQ7N9iFkH4cjD1XBKlXT2qMmIfH7PL6/rJlnk4vWwnl7rj2jO0y5tTYQmy
oBClea8g6r4gwbpXpNuriXZKHCkPSNGgUm7wV+JEDepLctFou12CEs2gbw5mWhaI
B03LXf5mIDnBDeAKByBp7Dc7rp6S0wH3biEfLD6lYzfn2EJQhgmY8jnE04vS79pl
cIeOukvANDZcEAQyy9uuNCXP3n0/uRdrBQ+5s1Y4D35m8Eyj5RXDPhoj2Qj/EbT0
o1KlG7p/gvoqibyvcTPRPqSjb4LC1Se1CgYNmX/g8vm5rDI=
-----END CERTIFICATE-----