Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/ddaqNnwzkA1UVhffHrdWE-QahMA.roa
File:                     ddaqNnwzkA1UVhffHrdWE-QahMA.roa (raw, json)
Hash identifier:          q8d1zIYgc9JeMgQqho+q2BFsy8ShX6RWpD5+PpGwVqA=
Subject key identifier:   75:D6:AA:36:7C:33:90:0D:54:56:17:DF:1E:B7:56:13:E4:1A:84:C0
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018CC94CC5F6B4A8C6F17E38E047790B5E28
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/ddaqNnwzkA1UVhffHrdWE-QahMA.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50113
IP address blocks:        2a07:57c0::/32 maxlen: 32
                          2a07:9b83::/32 maxlen: 32
                          2a0a:981::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c5:f6:b4:a8:c6:f1:7e:38:e0:47:79:0b:5e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75d6aa367c33900d545617df1eb75613e41a84c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:27:7e:0c:18:eb:a6:a8:29:52:dc:72:78:59:
                    9e:2b:e2:74:17:68:88:9c:89:d6:fa:32:b3:03:42:
                    e5:50:fc:06:9e:11:7b:46:46:ce:58:98:82:c4:db:
                    7d:60:93:cd:a2:1d:bd:7e:aa:d4:93:fd:48:7c:42:
                    65:b7:4e:e0:55:31:e9:0e:94:d9:7f:23:68:4a:1e:
                    24:4e:29:23:b9:46:f9:cb:cc:18:48:7e:21:fd:3f:
                    3c:f1:01:c2:34:93:18:0b:e6:45:a3:27:d9:74:25:
                    11:a3:9c:0b:67:59:48:04:02:3b:96:e4:fd:e5:bf:
                    9c:9e:2b:de:d5:6b:ce:39:3e:fd:17:2d:a8:f9:d1:
                    fe:0f:67:e1:e6:92:18:50:71:52:4f:cd:1e:4f:ac:
                    e1:bb:de:83:58:ad:48:98:6a:a9:1c:4d:5d:54:94:
                    e6:5b:a6:ca:47:06:25:c6:60:13:27:95:73:60:3b:
                    79:60:52:fd:c9:be:bc:4d:21:6e:07:a2:58:d7:2c:
                    23:18:bc:a6:db:43:a6:97:71:9d:ab:4b:67:b9:61:
                    30:4a:3c:87:0b:cb:03:e5:03:12:10:52:60:52:0e:
                    d4:14:05:d5:30:f8:06:d5:0b:20:35:d2:c1:fc:d6:
                    2c:04:88:a0:9c:65:bf:3f:0a:e7:f1:12:4c:d8:ee:
                    e3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:D6:AA:36:7C:33:90:0D:54:56:17:DF:1E:B7:56:13:E4:1A:84:C0
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/ddaqNnwzkA1UVhffHrdWE-QahMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:57c0::/32
                  2a07:9b83::/32
                  2a0a:981::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:aa:bd:ef:5e:65:87:da:40:97:e5:90:25:fb:54:69:9f:1c:
         37:b6:36:82:d6:7e:bb:07:e2:d2:55:6f:15:29:31:5c:25:7c:
         56:8c:c1:75:82:03:3b:c9:1a:8b:61:54:28:e5:84:f1:27:cf:
         21:57:a2:4c:99:be:5e:ef:ac:e8:6d:94:26:bb:1c:49:e5:aa:
         51:ae:53:d8:80:72:70:45:a2:54:b3:bd:29:b1:9e:2a:c7:e3:
         cf:1e:4f:c6:ca:13:22:a1:22:0a:48:de:48:44:c5:57:e1:1f:
         df:5b:a9:1e:6a:8c:12:59:15:8f:3b:9a:5d:7e:33:ef:f3:1d:
         46:a3:c6:61:09:0c:43:42:48:c1:25:47:59:8a:b3:67:a0:dc:
         42:43:8f:f4:a1:7c:16:78:00:aa:f3:5b:83:28:02:17:01:4f:
         0e:08:44:72:8b:2d:53:b4:a5:5e:fb:1b:b6:b4:ef:41:b8:4f:
         9c:1c:8a:f7:77:9d:c6:d2:89:d4:d8:89:f2:e5:d2:a7:f7:92:
         4d:54:b5:ce:9e:5e:b8:9d:21:b0:92:2d:4b:d8:6a:31:e5:d2:
         db:b8:91:05:43:45:4b:07:c8:16:50:1d:f8:53:37:d9:da:40:
         26:03:da:b2:c5:29:3f:b8:65:60:fc:43:ef:89:97:f9:41:f6:
         ce:87:83:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTMX2tKjG8X444Ed5C14oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWQ2YWEzNjdjMzM5MDBkNTQ1NjE3ZGYxZWI3NTYxM2U0MWE4NGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSd+DBjrpqgpUtxyeFmeK+J0F2iI
nInW+jKzA0LlUPwGnhF7RkbOWJiCxNt9YJPNoh29fqrUk/1IfEJlt07gVTHpDpTZ
fyNoSh4kTikjuUb5y8wYSH4h/T888QHCNJMYC+ZFoyfZdCURo5wLZ1lIBAI7luT9
5b+cnive1WvOOT79Fy2o+dH+D2fh5pIYUHFST80eT6zhu96DWK1ImGqpHE1dVJTm
W6bKRwYlxmATJ5VzYDt5YFL9yb68TSFuB6JY1ywjGLym20Oml3Gdq0tnuWEwSjyH
C8sD5QMSEFJgUg7UFAXVMPgG1QsgNdLB/NYsBIignGW/Pwrn8RJM2O7jhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHXWqjZ8M5ANVFYX3x63VhPkGoTAMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvZGRhcU5ud3prQTFVVmhmZkhyZFdFLVFhaE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgdXwAMF
ACoHm4MDBQAqCgmBMA0GCSqGSIb3DQEBCwUAA4IBAQAqqr3vXmWH2kCX5ZAl+1Rp
nxw3tjaC1n67B+LSVW8VKTFcJXxWjMF1ggM7yRqLYVQo5YTxJ88hV6JMmb5e76zo
bZQmuxxJ5apRrlPYgHJwRaJUs70psZ4qx+PPHk/GyhMioSIKSN5IRMVX4R/fW6ke
aowSWRWPO5pdfjPv8x1Go8ZhCQxDQkjBJUdZirNnoNxCQ4/0oXwWeACq81uDKAIX
AU8OCERyiy1TtKVe+xu2tO9BuE+cHIr3d53G0onU2Iny5dKn95JNVLXOnl64nSGw
ki1L2Gox5dLbuJEFQ0VLB8gWUB34UzfZ2kAmA9qyxSk/uGVg/EPviZf5QfbOh4Op
-----END CERTIFICATE-----