Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/20q5ylf1YJsm8RXiEl85HQxbM0g.roa
File:                     20q5ylf1YJsm8RXiEl85HQxbM0g.roa (raw, json)
Hash identifier:          PLHieY+cBGvE+qmRqwBONLcwgkYlaPVnIJ0MzjRIXVY=
Subject key identifier:   DB:4A:B9:CA:57:F5:60:9B:26:F1:15:E2:12:5F:39:1D:0C:5B:33:48
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCFB993F25EE7097FA66979AD02626
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/20q5ylf1YJsm8RXiEl85HQxbM0g.roa
Signing time:             Mon 01 Jan 2024 16:30:43 +0000
ROA not before:           Mon 01 Jan 2024 16:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212425
IP address blocks:        2a0f:607:1100::/44 maxlen: 48
                          2a0f:607:1052::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 01:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fb:99:3f:25:ee:70:97:fa:66:97:9a:d0:26:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db4ab9ca57f5609b26f115e2125f391d0c5b3348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f8:33:d6:41:04:e6:ad:25:3f:6f:68:2e:ea:
                    b4:d1:02:38:c4:2b:52:66:13:33:5c:d6:6e:e5:2e:
                    ea:37:6f:a2:68:3c:16:af:fb:53:c6:89:d3:bb:1b:
                    3d:89:cb:e1:e6:3a:df:d3:df:25:82:37:65:20:c2:
                    ab:83:7a:e4:28:c0:d1:0f:1c:6a:da:32:99:2c:21:
                    42:e9:4e:d2:ad:cc:3c:04:84:89:76:4f:7c:59:fd:
                    a3:68:45:9e:b9:64:6e:3d:4b:06:df:5e:e9:f3:0a:
                    7f:3d:df:a0:07:00:91:7d:b1:e6:ff:09:62:ca:38:
                    64:41:7c:d7:f6:fe:b4:99:1d:b4:e4:32:77:06:1a:
                    02:b7:ec:0b:62:91:3c:1a:ab:64:d5:ef:88:1a:9b:
                    7a:7a:a0:dc:ab:8c:90:ca:d1:7d:e1:53:ea:b3:c3:
                    72:b6:75:fe:81:e3:fc:9f:36:b4:ab:44:fa:b8:d9:
                    b3:5b:aa:39:d0:bd:e0:3a:b5:6b:db:4d:f8:d3:de:
                    1b:5c:77:d0:7d:90:48:93:3d:90:c5:ba:52:0f:1a:
                    c7:dd:80:6b:84:40:b1:7c:65:30:44:bf:90:70:78:
                    72:0a:dc:62:b1:0c:f9:f0:a3:a3:bb:2b:b7:ce:8a:
                    e0:cf:49:bf:57:9d:e0:b6:39:fc:e2:88:3d:f2:0f:
                    45:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:4A:B9:CA:57:F5:60:9B:26:F1:15:E2:12:5F:39:1D:0C:5B:33:48
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/20q5ylf1YJsm8RXiEl85HQxbM0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1052::/48
                  2a0f:607:1100::/44

    Signature Algorithm: sha256WithRSAEncryption
         01:bb:f1:e5:13:89:83:36:04:90:7e:df:07:96:27:66:c6:d2:
         28:b1:55:06:20:f3:52:a1:98:58:a1:81:be:2c:ef:03:92:53:
         9c:3b:c0:6f:9b:c8:c7:62:59:50:d1:0c:62:aa:b2:71:7b:b5:
         c8:65:bb:3d:26:98:37:a1:0e:37:90:70:7c:9b:1c:28:c2:e5:
         0b:71:2a:8c:14:ab:98:47:80:d1:ac:23:f7:4d:a6:5c:28:52:
         25:d5:14:45:52:2d:af:e3:2c:14:86:0d:56:b7:ca:cc:f1:ea:
         0f:b4:69:ea:8e:07:9a:fa:ea:a0:95:c7:f2:6e:09:a1:14:e3:
         3f:b1:30:04:38:a8:8f:57:f0:11:2e:e0:f7:12:c5:47:ee:d3:
         d7:e0:4a:49:26:0a:bb:ba:62:1a:ce:5c:a5:aa:0e:db:c1:85:
         9d:34:b2:af:0b:ad:34:95:ad:e8:54:95:68:db:1b:50:7e:c8:
         b5:b7:bd:03:d3:61:90:01:0c:70:f7:41:69:3a:a6:7f:13:dc:
         4a:0d:48:22:f2:46:8d:b4:83:2a:49:26:69:48:b6:8a:e9:7e:
         ae:9f:f9:23:c1:f2:3a:ca:9f:58:da:d9:2c:81:aa:0d:96:2c:
         ec:c3:3d:3e:e9:7a:f5:c5:33:72:e8:c0:de:b8:a1:fb:f6:16:
         cf:0f:a3:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3PuZPyXucJf6Zpea0CYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjRhYjljYTU3ZjU2MDliMjZmMTE1ZTIxMjVmMzkxZDBjNWIzMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPgz1kEE5q0lP29oLuq00QI4xCtS
ZhMzXNZu5S7qN2+iaDwWr/tTxonTuxs9icvh5jrf098lgjdlIMKrg3rkKMDRDxxq
2jKZLCFC6U7Srcw8BISJdk98Wf2jaEWeuWRuPUsG317p8wp/Pd+gBwCRfbHm/wli
yjhkQXzX9v60mR205DJ3BhoCt+wLYpE8Gqtk1e+IGpt6eqDcq4yQytF94VPqs8Ny
tnX+geP8nza0q0T6uNmzW6o50L3gOrVr2034094bXHfQfZBIkz2QxbpSDxrH3YBr
hECxfGUwRL+QcHhyCtxisQz58KOjuyu3zorgz0m/V53gtjn84og98g9FCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNtKucpX9WCbJvEV4hJfOR0MWzNIMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvMjBxNXlsZjFZSnNtOFJYaUVsODVIUXhiTTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg8GBxBS
AwcEKg8GBxEAMA0GCSqGSIb3DQEBCwUAA4IBAQABu/HlE4mDNgSQft8HlidmxtIo
sVUGIPNSoZhYoYG+LO8DklOcO8Bvm8jHYllQ0QxiqrJxe7XIZbs9Jpg3oQ43kHB8
mxwowuULcSqMFKuYR4DRrCP3TaZcKFIl1RRFUi2v4ywUhg1Wt8rM8eoPtGnqjgea
+uqglcfybgmhFOM/sTAEOKiPV/ARLuD3EsVH7tPX4EpJJgq7umIazlylqg7bwYWd
NLKvC600la3oVJVo2xtQfsi1t70D02GQAQxw90FpOqZ/E9xKDUgi8kaNtIMqSSZp
SLaK6X6un/kjwfI6yp9Y2tksgaoNlizswz0+6Xr1xTNy6MDeuKH79hbPD6OA
-----END CERTIFICATE-----