Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bBlxMTmA0lJ_wYdHAAvQyb-dMQE.roa
File:                     bBlxMTmA0lJ_wYdHAAvQyb-dMQE.roa (raw, json)
Hash identifier:          BTcGSqAB3Qxi25lGNc5+HYwf56aJucXERa2THZHrTCs=
Subject key identifier:   6C:19:71:31:39:80:D2:52:7F:C1:87:47:00:0B:D0:C9:BF:9D:31:01
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       018E80B31A2287FF566FA2E600F62B9CF943
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bBlxMTmA0lJ_wYdHAAvQyb-dMQE.roa
Signing time:             Wed 27 Mar 2024 16:16:45 +0000
ROA not before:           Wed 27 Mar 2024 16:16:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a04:30c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:b3:1a:22:87:ff:56:6f:a2:e6:00:f6:2b:9c:f9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Mar 27 16:16:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c1971313980d2527fc18747000bd0c9bf9d3101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ca:4f:64:04:03:b7:72:84:41:61:1b:24:42:
                    e9:f0:89:e1:7b:6e:b9:c3:89:2f:1e:c3:0d:29:c5:
                    d9:5a:15:ec:96:92:5a:2b:9a:00:b6:09:c6:d3:24:
                    cf:9e:ff:12:f7:cc:d5:22:cc:44:d5:97:d0:6b:e4:
                    fe:de:b9:7c:5f:37:fd:70:7f:31:d8:15:7a:8e:75:
                    49:75:e9:34:86:ee:b6:a9:61:1d:49:c7:c3:9b:bc:
                    e1:2c:fe:d5:b1:15:fd:40:ca:04:57:fa:b4:01:da:
                    93:0a:77:5a:03:75:0b:37:88:91:aa:d2:6f:09:dd:
                    df:4a:f8:69:a3:dc:41:6f:c1:36:ac:8b:7e:5f:8e:
                    bd:b7:c3:c6:38:d3:a4:04:4d:0a:98:2c:3b:24:dd:
                    df:fe:23:e2:32:d5:64:64:ed:fd:7a:7f:cb:32:5e:
                    a5:b9:23:e6:4e:27:52:5d:64:9c:a5:12:0a:da:8a:
                    1d:f8:f0:5e:3d:f0:7c:b8:af:17:da:d8:d2:a8:c2:
                    3b:2c:b9:7c:5d:9b:93:f8:bb:63:05:9d:6f:0d:ec:
                    eb:72:2d:43:de:05:3a:83:a0:c5:ae:d0:d8:7b:91:
                    73:f7:44:d0:10:28:33:bd:56:b9:e0:25:d3:30:f0:
                    a7:3e:ac:f8:42:d5:15:79:76:cd:78:18:a2:f4:74:
                    ac:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:19:71:31:39:80:D2:52:7F:C1:87:47:00:0B:D0:C9:BF:9D:31:01
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bBlxMTmA0lJ_wYdHAAvQyb-dMQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:30c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:25:4e:d9:c0:16:a2:0d:d6:cb:66:25:b0:c5:d9:5d:b9:f7:
         64:51:73:80:d7:80:7f:8a:50:16:d5:88:81:54:ee:1d:95:85:
         52:ab:c3:d6:42:62:0a:fd:82:f2:ed:61:46:f2:d7:06:5b:df:
         8c:3f:48:40:00:e0:84:df:49:16:b5:4a:e3:ce:25:21:6a:d4:
         6c:be:48:55:0f:dd:d9:6a:aa:59:72:fb:6e:7a:c0:a9:76:ef:
         8f:e7:86:92:21:06:c7:3b:e6:32:7f:45:e7:4e:8c:67:0f:94:
         bd:ff:a4:96:4d:b3:57:e2:d5:2e:d1:e3:7b:77:0d:6b:13:5c:
         e7:06:77:82:10:6a:18:15:b6:bd:92:f9:4c:d8:a4:71:35:71:
         48:7a:c8:ef:76:86:ff:3a:89:d1:ff:34:42:28:58:ca:2c:28:
         85:bb:fa:5d:9a:e0:5b:fc:49:f5:0d:62:aa:29:76:b9:ef:f2:
         ff:42:78:cf:91:76:38:50:49:b3:e0:2c:36:4c:66:bf:9d:f6:
         54:41:af:9e:4e:d9:ee:78:1f:b4:da:9a:94:fc:b3:b3:26:6f:
         71:a8:f0:68:2e:5c:6e:c9:f5:2d:7b:7d:1f:9b:aa:27:1f:80:
         ea:0d:e4:e1:62:52:62:71:fa:45:b6:f4:15:de:65:d2:9d:fb:
         0f:4e:1d:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6Asxoih/9Wb6LmAPYrnPlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwMzI3MTYxNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE5NzEzMTM5ODBkMjUyN2ZjMTg3NDcwMDBiZDBjOWJmOWQzMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3spPZAQDt3KEQWEbJELp8Inhe265
w4kvHsMNKcXZWhXslpJaK5oAtgnG0yTPnv8S98zVIsxE1ZfQa+T+3rl8Xzf9cH8x
2BV6jnVJdek0hu62qWEdScfDm7zhLP7VsRX9QMoEV/q0AdqTCndaA3ULN4iRqtJv
Cd3fSvhpo9xBb8E2rIt+X469t8PGONOkBE0KmCw7JN3f/iPiMtVkZO39en/LMl6l
uSPmTidSXWScpRIK2ood+PBePfB8uK8X2tjSqMI7LLl8XZuT+LtjBZ1vDezrci1D
3gU6g6DFrtDYe5Fz90TQECgzvVa54CXTMPCnPqz4QtUVeXbNeBii9HSsMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGwZcTE5gNJSf8GHRwAL0Mm/nTEBMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvYkJseE1UbUEwbEpfd1lkSEFBdlF5Yi1kTVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgQwwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMSVO2cAWog3Wy2YlsMXZXbn3ZFFzgNeAf4pQFtWI
gVTuHZWFUqvD1kJiCv2C8u1hRvLXBlvfjD9IQADghN9JFrVK484lIWrUbL5IVQ/d
2WqqWXL7bnrAqXbvj+eGkiEGxzvmMn9F506MZw+Uvf+klk2zV+LVLtHje3cNaxNc
5wZ3ghBqGBW2vZL5TNikcTVxSHrI73aG/zqJ0f80QihYyiwohbv6XZrgW/xJ9Q1i
qil2ue/y/0J4z5F2OFBJs+AsNkxmv532VEGvnk7Z7ngftNqalPyzsyZvcajwaC5c
bsn1LXt9H5uqJx+A6g3k4WJSYnH6Rbb0Fd5l0p37D04dWA==
-----END CERTIFICATE-----