Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/TIDrHyRApKvbm6vcA3m2eGov7LY.roa
File:                     TIDrHyRApKvbm6vcA3m2eGov7LY.roa (raw, json)
Hash identifier:          ZElyjb4loszhBBKwuWFBuIqaC+8qM2utMViFQLgh0/k=
Subject key identifier:   4C:80:EB:1F:24:40:A4:AB:DB:9B:AB:DC:03:79:B6:78:6A:2F:EC:B6
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348964BA7356F02212B1C212C5F1FCF
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/TIDrHyRApKvbm6vcA3m2eGov7LY.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209300
IP address blocks:        2a05:1085::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:96:4b:a7:35:6f:02:21:2b:1c:21:2c:5f:1f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c80eb1f2440a4abdb9babdc0379b6786a2fecb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:48:bc:35:71:7e:01:d1:92:1d:21:9c:71:39:
                    e5:21:3c:96:dc:51:50:54:b4:d8:a9:c7:43:5a:98:
                    42:5e:58:62:af:b0:d4:48:e5:af:43:ce:b8:a8:aa:
                    99:ad:fe:10:0c:8b:12:e4:12:e3:39:ab:85:fe:07:
                    c1:49:77:b0:33:28:d7:19:f5:01:6b:c6:18:66:77:
                    28:0b:04:1a:da:4c:95:8b:5b:8a:43:b5:70:c3:22:
                    94:21:d0:d3:5c:d6:82:08:d6:5e:ac:a6:42:74:e0:
                    60:3d:00:99:6a:85:e7:55:c4:65:94:6c:8a:41:92:
                    4b:98:1e:56:da:93:ed:cf:5e:d1:2c:3b:ff:4e:3d:
                    bc:08:82:d9:44:e1:d9:46:ca:36:1c:1a:ae:c6:16:
                    09:55:4f:01:ab:98:6d:af:e7:0e:3f:b8:41:14:e6:
                    d2:65:33:18:ac:4f:4b:cf:71:2f:ff:78:8e:4b:4f:
                    00:a3:a3:54:aa:c9:7f:8e:a8:8c:a9:1f:23:ba:74:
                    7a:fd:98:38:cf:8c:9b:cc:77:af:18:5a:16:03:48:
                    bb:25:9b:9d:71:f9:06:e8:b3:db:db:d5:b7:68:3c:
                    73:f2:a0:23:92:27:e4:a4:2e:cc:5c:ec:cc:68:39:
                    5c:1d:eb:91:48:6f:a1:92:68:44:5c:62:1a:39:94:
                    9b:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:80:EB:1F:24:40:A4:AB:DB:9B:AB:DC:03:79:B6:78:6A:2F:EC:B6
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/TIDrHyRApKvbm6vcA3m2eGov7LY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1085::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:98:95:f6:3d:c0:ea:f3:3e:9f:06:2e:4a:e3:71:10:0e:ca:
         16:84:6d:9e:c9:b8:36:86:f2:53:9f:76:e3:17:11:30:d9:69:
         76:d9:96:22:e3:e4:76:5a:ba:f7:44:a6:19:95:dd:78:af:72:
         3c:c1:5b:99:aa:9b:22:ab:6c:6a:6a:84:60:e0:4b:4a:d5:51:
         ea:5a:46:9f:b1:bd:62:c7:23:7b:aa:71:4a:2b:d8:51:1c:25:
         b2:fa:17:48:99:fa:dc:0b:83:58:7f:5e:14:a5:e2:23:c6:63:
         ad:9d:4d:fd:a6:47:47:f7:4a:c5:5e:59:c7:b1:2c:53:bf:47:
         55:bc:67:46:ed:78:27:d8:d0:2b:91:47:9a:c5:09:04:95:35:
         1a:e0:48:a2:c4:4c:bb:2e:0f:83:84:ac:7f:23:85:e2:8c:95:
         49:c2:bf:40:eb:19:c3:f9:a7:a7:4c:54:e1:fd:30:e4:56:33:
         6c:65:f9:81:8f:63:69:a5:c3:6a:a2:a4:25:fb:b3:0f:ef:ec:
         1a:50:d7:99:3e:9e:71:37:a8:4d:3a:f3:1d:41:9c:52:0f:8a:
         97:d7:7d:96:35:ed:97:c3:45:e7:40:3d:de:4a:2a:10:b5:c4:
         85:3d:a4:d0:bc:a8:0f:54:2f:dc:03:98:91:84:84:5e:cc:01:
         09:7e:5b:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJZLpzVvAiErHCEsXx/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzgwZWIxZjI0NDBhNGFiZGI5YmFiZGMwMzc5YjY3ODZhMmZlY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0i8NXF+AdGSHSGccTnlITyW3FFQ
VLTYqcdDWphCXlhir7DUSOWvQ864qKqZrf4QDIsS5BLjOauF/gfBSXewMyjXGfUB
a8YYZncoCwQa2kyVi1uKQ7VwwyKUIdDTXNaCCNZerKZCdOBgPQCZaoXnVcRllGyK
QZJLmB5W2pPtz17RLDv/Tj28CILZROHZRso2HBquxhYJVU8Bq5htr+cOP7hBFObS
ZTMYrE9Lz3Ev/3iOS08Ao6NUqsl/jqiMqR8junR6/Zg4z4ybzHevGFoWA0i7JZud
cfkG6LPb29W3aDxz8qAjkifkpC7MXOzMaDlcHeuRSG+hkmhEXGIaOZSbeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEyA6x8kQKSr25ur3AN5tnhqL+y2MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvVElEckh5UkFwS3ZibTZ2Y0EzbTJlR292N0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQhTAN
BgkqhkiG9w0BAQsFAAOCAQEAH5iV9j3A6vM+nwYuSuNxEA7KFoRtnsm4NobyU592
4xcRMNlpdtmWIuPkdlq690SmGZXdeK9yPMFbmaqbIqtsamqEYOBLStVR6lpGn7G9
Yscje6pxSivYURwlsvoXSJn63AuDWH9eFKXiI8ZjrZ1N/aZHR/dKxV5Zx7EsU79H
VbxnRu14J9jQK5FHmsUJBJU1GuBIosRMuy4Pg4SsfyOF4oyVScK/QOsZw/mnp0xU
4f0w5FYzbGX5gY9jaaXDaqKkJfuzD+/sGlDXmT6ecTeoTTrzHUGcUg+Kl9d9ljXt
l8NF50A93koqELXEhT2k0LyoD1Qv3AOYkYSEXswBCX5baQ==
-----END CERTIFICATE-----