Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/UlNP0XVpQL8yx9t0WY07DOo9clg.roa
File:                     UlNP0XVpQL8yx9t0WY07DOo9clg.roa (raw, json)
Hash identifier:          6z2hqxnhcAqrW+0qirQsneZFJdEzE2mKi/+NVqPRUwI=
Subject key identifier:   52:53:4F:D1:75:69:40:BF:32:C7:DB:74:59:8D:3B:0C:EA:3D:72:58
Certificate issuer:       /CN=83286fa6da7d252e7828f84923f55919142b007f
Certificate serial:       018F53938D0495DEC0420B4A1A2A9028C4B8
Authority key identifier: 83:28:6F:A6:DA:7D:25:2E:78:28:F8:49:23:F5:59:19:14:2B:00:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gyhvptp9JS54KPhJI_VZGRQrAH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/UlNP0XVpQL8yx9t0WY07DOo9clg.roa
Signing time:             Tue 07 May 2024 15:02:09 +0000
ROA not before:           Tue 07 May 2024 15:02:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205112
IP address blocks:        2a05:400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/gyhvptp9JS54KPhJI_VZGRQrAH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/gyhvptp9JS54KPhJI_VZGRQrAH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gyhvptp9JS54KPhJI_VZGRQrAH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:93:8d:04:95:de:c0:42:0b:4a:1a:2a:90:28:c4:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83286fa6da7d252e7828f84923f55919142b007f
        Validity
            Not Before: May  7 15:02:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52534fd1756940bf32c7db74598d3b0cea3d7258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:21:7c:7b:6b:ad:e9:12:a0:4a:ca:99:f9:4f:
                    56:89:38:46:ef:5b:37:75:94:02:35:b8:a2:bc:71:
                    af:70:b3:f7:a2:f8:41:b0:0d:e7:df:24:ad:f9:ca:
                    ef:bb:3d:d5:fd:46:62:04:5d:24:57:88:52:b5:1a:
                    bd:f6:ed:b8:a5:43:2d:1a:f0:94:69:9f:6b:b9:e0:
                    48:27:4e:be:92:6e:6e:f6:40:2f:89:cf:d1:e7:05:
                    8d:29:9e:a8:29:b3:61:89:cb:26:a6:d1:2d:f0:5a:
                    5e:18:0d:6e:64:4c:e1:a8:cc:31:f9:82:ca:cc:77:
                    24:31:bb:a0:42:28:6e:3f:40:a6:54:64:bf:80:c6:
                    a3:b7:f0:25:0d:a8:ad:d0:6f:a0:52:9b:16:d4:37:
                    86:d8:70:ba:b8:f6:4e:22:07:ec:48:dd:a8:31:d4:
                    52:6c:26:11:12:0d:13:2e:0f:17:92:c6:25:94:14:
                    df:00:1b:31:5c:0f:dd:a9:0f:92:c1:8e:b7:2f:af:
                    7c:c5:8f:1e:83:54:12:ce:2f:8a:81:45:bd:f3:0f:
                    5d:f1:1a:ba:e5:e8:54:bd:db:27:e6:26:08:e9:bb:
                    8f:9b:96:72:d9:ea:53:74:b9:ea:23:3c:df:ca:3c:
                    8a:21:5a:4a:1c:be:51:0a:f1:35:91:35:f8:cc:77:
                    73:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:53:4F:D1:75:69:40:BF:32:C7:DB:74:59:8D:3B:0C:EA:3D:72:58
            X509v3 Authority Key Identifier:
                keyid:83:28:6F:A6:DA:7D:25:2E:78:28:F8:49:23:F5:59:19:14:2B:00:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gyhvptp9JS54KPhJI_VZGRQrAH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/UlNP0XVpQL8yx9t0WY07DOo9clg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec583d-1aba-4798-8817-d6c9c6e86923/1/gyhvptp9JS54KPhJI_VZGRQrAH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:400::/29

    Signature Algorithm: sha256WithRSAEncryption
         c1:f2:b0:32:39:40:b9:5a:3a:c6:29:51:4a:aa:2d:ce:9a:7d:
         22:b9:84:48:b4:db:31:07:f6:57:a3:22:99:6d:a6:41:63:61:
         71:93:07:20:53:bf:ba:07:99:63:b6:25:ff:f2:1a:41:fb:3d:
         e3:a5:21:f2:3d:68:63:97:8b:8c:ee:d5:64:6a:0e:de:cc:63:
         d5:a8:41:6a:75:a8:ec:9c:75:0a:e5:20:b4:71:a6:6e:16:91:
         f5:57:c8:76:47:b9:01:a9:a8:e8:e5:4e:63:26:67:e3:56:d6:
         33:5b:8a:59:36:37:d1:8b:29:0c:89:c5:1c:73:dd:28:d0:21:
         33:f6:d4:78:e1:af:87:bb:58:6f:86:a5:53:d5:fe:d3:4b:c0:
         b3:f0:41:03:7e:ec:6a:3c:99:aa:7f:5f:2b:38:42:57:48:6e:
         01:be:f4:68:5e:95:28:98:d0:88:40:6c:02:81:c3:87:ab:10:
         64:0d:7e:c0:b1:a7:cb:0d:24:b5:0c:82:99:2b:23:4c:f7:50:
         b4:80:a0:13:e3:4d:da:97:d6:bc:90:99:68:aa:fd:1f:16:0a:
         31:d5:2a:ce:2f:31:57:72:1e:6e:c6:17:35:10:62:ee:c2:cb:
         3a:9e:38:4f:83:95:a5:9a:62:fb:fd:db:81:e3:6f:68:d8:62:
         ef:c3:40:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9Tk40Eld7AQgtKGiqQKMS4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMjg2ZmE2ZGE3ZDI1MmU3ODI4Zjg0OTIzZjU1OTE5MTQy
YjAwN2YwHhcNMjQwNTA3MTUwMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjUzNGZkMTc1Njk0MGJmMzJjN2RiNzQ1OThkM2IwY2VhM2Q3MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SF8e2ut6RKgSsqZ+U9WiThG71s3
dZQCNbiivHGvcLP3ovhBsA3n3ySt+crvuz3V/UZiBF0kV4hStRq99u24pUMtGvCU
aZ9rueBIJ06+km5u9kAvic/R5wWNKZ6oKbNhicsmptEt8FpeGA1uZEzhqMwx+YLK
zHckMbugQihuP0CmVGS/gMajt/AlDait0G+gUpsW1DeG2HC6uPZOIgfsSN2oMdRS
bCYREg0TLg8XksYllBTfABsxXA/dqQ+SwY63L698xY8eg1QSzi+KgUW98w9d8Rq6
5ehUvdsn5iYI6buPm5Zy2epTdLnqIzzfyjyKIVpKHL5RCvE1kTX4zHdzhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFJTT9F1aUC/MsfbdFmNOwzqPXJYMB8GA1UdIwQY
MBaAFIMob6bafSUueCj4SSP1WRkUKwB/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3lodnB0cDlKUzU0S1BoSklfVlpHUlFyQUg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lYzU4M2QtMWFiYS00Nzk4LTg4MTct
ZDZjOWM2ZTg2OTIzLzEvVWxOUDBYVnBRTDh5eDl0MFdZMDdET285Y2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lYzU4M2QtMWFiYS00Nzk4LTg4MTctZDZjOWM2ZTg2OTIz
LzEvZ3lodnB0cDlKUzU0S1BoSklfVlpHUlFyQUg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgUEADAN
BgkqhkiG9w0BAQsFAAOCAQEAwfKwMjlAuVo6xilRSqotzpp9IrmESLTbMQf2V6Mi
mW2mQWNhcZMHIFO/ugeZY7Yl//IaQfs946Uh8j1oY5eLjO7VZGoO3sxj1ahBanWo
7Jx1CuUgtHGmbhaR9VfIdke5Aamo6OVOYyZn41bWM1uKWTY30YspDInFHHPdKNAh
M/bUeOGvh7tYb4alU9X+00vAs/BBA37sajyZqn9fKzhCV0huAb70aF6VKJjQiEBs
AoHDh6sQZA1+wLGnyw0ktQyCmSsjTPdQtICgE+NN2pfWvJCZaKr9HxYKMdUqzi8x
V3IebsYXNRBi7sLLOp44T4OVpZpi+/3bgeNvaNhi78NAaw==
-----END CERTIFICATE-----