Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/1cba9f-cd6e-4d12-a78d-f98c7fec194e/1/SL3tnMcbWHllCvaUCXkQPG5tIGI.roa
File:                     SL3tnMcbWHllCvaUCXkQPG5tIGI.roa (raw, json)
Hash identifier:          0joFu3n9RoJ/8XiPXiFB2FAX8Q/QGlpSJ5CpKyryaf8=
Subject key identifier:   48:BD:ED:9C:C7:1B:58:79:65:0A:F6:94:09:79:10:3C:6E:6D:20:62
Certificate issuer:       /CN=d055e0b86f3f5125054863cf9264e6346e09bbb7
Certificate serial:       018CC50005FF0CFC8FE32AD2FD61C6153001
Authority key identifier: D0:55:E0:B8:6F:3F:51:25:05:48:63:CF:92:64:E6:34:6E:09:BB:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0FXguG8_USUFSGPPkmTmNG4Ju7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/1cba9f-cd6e-4d12-a78d-f98c7fec194e/1/SL3tnMcbWHllCvaUCXkQPG5tIGI.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5606
IP address blocks:        2a07:4ec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/1cba9f-cd6e-4d12-a78d-f98c7fec194e/1/0FXguG8_USUFSGPPkmTmNG4Ju7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/1cba9f-cd6e-4d12-a78d-f98c7fec194e/1/0FXguG8_USUFSGPPkmTmNG4Ju7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0FXguG8_USUFSGPPkmTmNG4Ju7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:05:ff:0c:fc:8f:e3:2a:d2:fd:61:c6:15:30:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d055e0b86f3f5125054863cf9264e6346e09bbb7
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48bded9cc71b5879650af6940979103c6e6d2062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:fc:ec:39:b7:91:4b:4e:76:de:26:e3:fb:3b:
                    47:25:e2:6d:e8:b3:e5:a3:76:a1:c4:b0:b4:24:84:
                    f0:7f:68:9b:47:4b:73:70:96:b2:17:69:77:92:25:
                    c8:d3:9a:a0:91:cb:c8:13:24:48:90:55:26:f1:f1:
                    6f:00:a3:0c:73:df:9f:21:1f:e1:b4:34:7d:df:c2:
                    87:cb:66:ad:f6:dd:79:9b:61:2d:63:af:9b:6e:68:
                    c6:62:70:a0:3f:d2:f4:76:78:c7:f2:f4:af:eb:47:
                    cc:2a:63:3c:55:c5:a5:67:23:91:66:6b:98:9a:f4:
                    8f:25:c7:47:39:f3:16:07:e0:ef:20:9e:5d:b7:c7:
                    d5:00:69:c2:ee:83:14:bc:3b:f1:5c:c0:47:99:32:
                    d9:da:25:70:dc:89:0a:f1:5a:7b:c4:09:63:62:2f:
                    de:6b:58:16:b2:47:37:ff:7b:78:c3:f9:4f:89:44:
                    36:bb:fd:b6:cd:9b:78:57:02:a5:52:04:1f:d7:9c:
                    88:f1:ef:00:27:62:03:ea:de:35:cd:84:30:a9:e4:
                    ed:41:49:ed:6f:a5:eb:b4:00:4d:7e:39:76:a1:d6:
                    29:94:b4:00:f3:b8:d8:e9:2d:16:db:44:57:de:90:
                    2b:c4:98:5a:f6:63:ba:6a:97:a7:a8:fa:3d:e8:1d:
                    46:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BD:ED:9C:C7:1B:58:79:65:0A:F6:94:09:79:10:3C:6E:6D:20:62
            X509v3 Authority Key Identifier:
                keyid:D0:55:E0:B8:6F:3F:51:25:05:48:63:CF:92:64:E6:34:6E:09:BB:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0FXguG8_USUFSGPPkmTmNG4Ju7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/1cba9f-cd6e-4d12-a78d-f98c7fec194e/1/SL3tnMcbWHllCvaUCXkQPG5tIGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/1cba9f-cd6e-4d12-a78d-f98c7fec194e/1/0FXguG8_USUFSGPPkmTmNG4Ju7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:67:ad:35:3d:1b:3a:65:9d:74:fc:85:1c:f0:8f:8e:6e:10:
         32:29:18:d1:33:f2:bd:1d:51:54:60:a1:4d:2f:fd:42:be:79:
         27:1b:16:f1:b6:0f:f9:bd:a3:45:76:67:c5:53:54:3f:22:81:
         85:34:30:fb:b4:f8:62:51:bd:da:12:85:6a:d5:dd:a8:9f:27:
         71:af:d9:68:63:6b:c6:7f:09:55:bd:26:a5:44:da:76:4a:de:
         c0:54:fe:14:a0:66:70:7c:58:f9:ef:e2:1b:a2:1b:dd:e9:8e:
         76:5d:44:44:84:54:18:a2:4c:d8:97:73:6f:cf:9e:4d:0e:f3:
         97:9c:3a:f1:bb:4a:a1:d4:69:f8:b6:63:48:c5:1a:db:7f:c4:
         5c:7c:6e:bf:ad:31:d7:9a:81:4c:88:43:2d:0c:10:b5:af:a0:
         a5:5c:ff:bb:d5:a8:c3:49:8f:1d:34:83:ec:7a:0a:29:09:21:
         95:0d:84:29:b8:5e:bb:34:87:2a:bd:3d:99:9e:fe:89:8d:8c:
         81:bf:cd:dd:09:85:72:76:37:32:41:33:83:dd:b5:4d:a7:6f:
         74:4e:9b:33:e5:a5:a4:0b:ae:ca:b9:ba:96:36:83:7a:27:c6:
         6f:5d:07:1e:b7:ce:42:f5:df:2f:7e:a4:8c:3c:53:37:4c:84:
         16:7d:e1:c6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAAX/DPyP4yrS/WHGFTABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNTVlMGI4NmYzZjUxMjUwNTQ4NjNjZjkyNjRlNjM0NmUw
OWJiYjcwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGJkZWQ5Y2M3MWI1ODc5NjUwYWY2OTQwOTc5MTAzYzZlNmQyMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPzsObeRS0523ibj+ztHJeJt6LPl
o3ahxLC0JITwf2ibR0tzcJayF2l3kiXI05qgkcvIEyRIkFUm8fFvAKMMc9+fIR/h
tDR938KHy2at9t15m2EtY6+bbmjGYnCgP9L0dnjH8vSv60fMKmM8VcWlZyORZmuY
mvSPJcdHOfMWB+DvIJ5dt8fVAGnC7oMUvDvxXMBHmTLZ2iVw3IkK8Vp7xAljYi/e
a1gWskc3/3t4w/lPiUQ2u/22zZt4VwKlUgQf15yI8e8AJ2ID6t41zYQwqeTtQUnt
b6XrtABNfjl2odYplLQA87jY6S0W20RX3pArxJha9mO6apenqPo96B1GlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEi97ZzHG1h5ZQr2lAl5EDxubSBiMB8GA1UdIwQY
MBaAFNBV4LhvP1ElBUhjz5Jk5jRuCbu3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEZYZ3VHOF9VU1VGU0dQUGttVG1ORzRKdTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8xY2JhOWYtY2Q2ZS00ZDEyLWE3OGQt
Zjk4YzdmZWMxOTRlLzEvU0wzdG5NY2JXSGxsQ3ZhVUNYa1FQRzV0SUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8xY2JhOWYtY2Q2ZS00ZDEyLWE3OGQtZjk4YzdmZWMxOTRl
LzEvMEZYZ3VHOF9VU1VGU0dQUGttVG1ORzRKdTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdOwDAN
BgkqhkiG9w0BAQsFAAOCAQEAI2etNT0bOmWddPyFHPCPjm4QMikY0TPyvR1RVGCh
TS/9Qr55JxsW8bYP+b2jRXZnxVNUPyKBhTQw+7T4YlG92hKFatXdqJ8nca/ZaGNr
xn8JVb0mpUTadkrewFT+FKBmcHxY+e/iG6Ib3emOdl1ERIRUGKJM2Jdzb8+eTQ7z
l5w68btKodRp+LZjSMUa23/EXHxuv60x15qBTIhDLQwQta+gpVz/u9Wow0mPHTSD
7HoKKQkhlQ2EKbheuzSHKr09mZ7+iY2Mgb/N3QmFcnY3MkEzg921TadvdE6bM+Wl
pAuuyrm6ljaDeifGb10HHrfOQvXfL36kjDxTN0yEFn3hxg==
-----END CERTIFICATE-----