Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/pdqLrqgRL24mh8gZZzFfHny66mI.roa
File:                     pdqLrqgRL24mh8gZZzFfHny66mI.roa (raw, json)
Hash identifier:          xcA1J9l3oepZnKM/x+eu05EUKQwzSuGNeUMLtg3ppus=
Subject key identifier:   A5:DA:8B:AE:A8:11:2F:6E:26:87:C8:19:67:31:5F:1E:7C:BA:EA:62
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348934D5C3823FBA000AB8FFF77BEEF
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/pdqLrqgRL24mh8gZZzFfHny66mI.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199467
IP address blocks:        2a05:1081::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:4d:5c:38:23:fb:a0:00:ab:8f:ff:77:be:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5da8baea8112f6e2687c81967315f1e7cbaea62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:22:3e:bc:c3:c4:28:1a:80:4c:31:e2:65:5b:
                    58:9e:2e:06:7d:25:b8:ef:2a:ca:e1:10:d9:20:5c:
                    1f:1d:5b:1f:52:a2:b2:38:ae:78:4b:5d:38:82:29:
                    45:aa:b7:25:bb:01:a3:ca:45:8b:37:2a:d3:a6:52:
                    ea:65:4b:d7:de:0f:3b:93:31:34:0e:84:0e:cf:65:
                    6c:d2:9f:0e:fd:d7:50:77:18:27:cf:b4:20:9d:9b:
                    9e:db:99:d5:3f:29:87:be:76:cf:f4:9b:a5:81:f7:
                    6f:46:86:0e:a4:81:65:6e:4f:62:e6:9c:3b:9b:4a:
                    c5:bf:64:94:4b:d6:02:ca:5a:da:01:6e:41:a0:be:
                    13:0a:0e:77:23:c2:e7:b2:ed:c3:6c:6a:30:e8:30:
                    61:d9:1e:e2:69:ff:11:61:b9:25:76:0a:fc:d4:fd:
                    0e:65:bd:fb:a5:4d:d2:77:ba:f3:0f:84:e7:1c:13:
                    08:c8:a5:e0:8e:2d:e6:40:b8:bb:41:18:05:7e:5b:
                    c5:8a:e8:69:5f:cc:7b:54:9a:ee:62:a6:07:43:e1:
                    a9:00:64:56:e7:6e:95:83:33:9a:ed:10:fd:30:84:
                    7b:95:0d:9e:3a:86:4c:3a:4c:58:5b:a6:94:60:ad:
                    f8:87:96:04:3e:29:b4:a9:92:09:6a:8b:dd:99:8a:
                    1e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:DA:8B:AE:A8:11:2F:6E:26:87:C8:19:67:31:5F:1E:7C:BA:EA:62
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/pdqLrqgRL24mh8gZZzFfHny66mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1081::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:12:44:7e:72:60:07:20:69:ab:d2:59:cf:bb:15:9c:93:70:
         f9:c8:cc:38:9a:1d:4b:78:74:ec:8a:74:d2:09:31:53:80:db:
         bf:ac:bd:fa:fc:6e:44:65:f6:ba:6e:54:00:7d:40:f9:71:e7:
         0f:fd:30:bb:0a:c2:ad:8a:f4:1b:4f:62:ca:60:fa:64:3d:42:
         1d:74:b9:45:16:05:2e:dd:76:5b:43:ba:ae:6a:b2:f9:40:cf:
         e6:e4:c2:a1:4f:30:c4:4a:51:1c:00:2a:b1:65:30:9b:c3:22:
         d6:39:97:71:1d:02:e7:f2:b7:f5:9a:a3:ac:15:eb:95:33:b0:
         b5:f3:2d:b4:51:6b:0b:d1:24:4e:53:b8:91:c9:5a:05:ae:d1:
         23:de:f3:a2:dc:bf:f5:76:a9:17:f5:96:77:4d:fd:83:41:ec:
         39:fa:8a:b1:e1:fd:49:62:93:74:29:f5:e2:f0:3d:2b:45:1c:
         b1:00:02:cf:ee:c2:6f:9a:b9:f1:90:78:47:69:7a:ab:70:e9:
         c6:de:c7:78:1b:f8:f0:d2:e7:00:01:2c:e1:30:a9:7e:3d:72:
         d4:6e:02:c2:d3:5d:49:d6:85:e7:3b:fa:08:c2:df:68:e9:88:
         60:95:0e:f9:98:4b:44:c9:21:27:50:a6:6d:e2:0e:16:71:73:
         f4:83:25:a8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJNNXDgj+6AAq4//d77vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWRhOGJhZWE4MTEyZjZlMjY4N2M4MTk2NzMxNWYxZTdjYmFlYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSI+vMPEKBqATDHiZVtYni4GfSW4
7yrK4RDZIFwfHVsfUqKyOK54S104gilFqrcluwGjykWLNyrTplLqZUvX3g87kzE0
DoQOz2Vs0p8O/ddQdxgnz7QgnZue25nVPymHvnbP9JulgfdvRoYOpIFlbk9i5pw7
m0rFv2SUS9YCylraAW5BoL4TCg53I8Lnsu3DbGow6DBh2R7iaf8RYbkldgr81P0O
Zb37pU3Sd7rzD4TnHBMIyKXgji3mQLi7QRgFflvFiuhpX8x7VJruYqYHQ+GpAGRW
526VgzOa7RD9MIR7lQ2eOoZMOkxYW6aUYK34h5YEPim0qZIJaovdmYoeNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKXai66oES9uJofIGWcxXx58uupiMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvcGRxTHJxZ1JMMjRtaDhnWlp6RmZIbnk2Nm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQgTAN
BgkqhkiG9w0BAQsFAAOCAQEAQhJEfnJgByBpq9JZz7sVnJNw+cjMOJodS3h07Ip0
0gkxU4Dbv6y9+vxuRGX2um5UAH1A+XHnD/0wuwrCrYr0G09iymD6ZD1CHXS5RRYF
Lt12W0O6rmqy+UDP5uTCoU8wxEpRHAAqsWUwm8Mi1jmXcR0C5/K39ZqjrBXrlTOw
tfMttFFrC9EkTlO4kclaBa7RI97zoty/9XapF/WWd039g0HsOfqKseH9SWKTdCn1
4vA9K0UcsQACz+7Cb5q58ZB4R2l6q3Dpxt7HeBv48NLnAAEs4TCpfj1y1G4CwtNd
SdaF5zv6CMLfaOmIYJUO+ZhLRMkhJ1CmbeIOFnFz9IMlqA==
-----END CERTIFICATE-----