Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/d-0MWdhC-xTWKyP25VCeFZSFjs4.roa
File:                     d-0MWdhC-xTWKyP25VCeFZSFjs4.roa (raw, json)
Hash identifier:          VNHIq0Dyk5SMeisZYGQ6ZHxQbLq9wdmNTqz3Dd8AJOc=
Subject key identifier:   77:ED:0C:59:D8:42:FB:14:D6:2B:23:F6:E5:50:9E:15:94:85:8E:CE
Certificate issuer:       /CN=a934b8dec1281bc54317c7fed0e9acbc7b97cac7
Certificate serial:       018CE4DDC452906B8967041C60A4AF7BB7F4
Authority key identifier: A9:34:B8:DE:C1:28:1B:C5:43:17:C7:FE:D0:E9:AC:BC:7B:97:CA:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/d-0MWdhC-xTWKyP25VCeFZSFjs4.roa
Signing time:             Sun 07 Jan 2024 16:59:48 +0000
ROA not before:           Sun 07 Jan 2024 16:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202685
IP address blocks:        2a00:8ac0::/32 maxlen: 32
                          2a04:3c40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 22:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e4:dd:c4:52:90:6b:89:67:04:1c:60:a4:af:7b:b7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a934b8dec1281bc54317c7fed0e9acbc7b97cac7
        Validity
            Not Before: Jan  7 16:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77ed0c59d842fb14d62b23f6e5509e1594858ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:21:34:68:e6:a6:15:15:9f:64:90:a4:73:98:
                    87:72:70:6c:7f:fd:02:ca:97:9f:a2:da:27:56:69:
                    df:04:67:05:75:25:48:31:9a:e5:05:e4:78:eb:df:
                    ab:a1:47:5a:fc:44:2e:9d:05:8f:ed:74:94:ec:bd:
                    9a:19:3c:53:25:f8:13:c8:9c:af:97:d3:c9:c3:ee:
                    b5:e1:5e:2b:c6:9d:70:1d:05:54:e1:00:5d:a6:d1:
                    0c:31:36:f7:0e:ff:21:0b:4f:31:95:d3:38:42:02:
                    d5:05:6d:d1:cf:22:65:a7:a3:10:05:b8:4c:ee:15:
                    d2:04:00:72:60:39:ce:d4:01:03:1d:36:10:1a:38:
                    35:92:36:5a:06:37:d2:9a:b2:d5:6f:21:3f:14:52:
                    73:34:ab:aa:93:f8:84:7e:e2:8d:c8:0a:b3:7d:7f:
                    25:4a:45:e4:72:34:6a:8b:76:78:93:a8:b9:09:4c:
                    47:6c:c8:c0:76:35:78:29:fb:5c:04:c0:cb:c3:b8:
                    11:7c:40:46:f8:b6:bf:bf:18:bd:a3:1d:32:ab:0c:
                    ec:17:9b:3b:fa:53:f7:ec:6f:64:49:12:e8:00:2b:
                    61:b2:05:75:6b:a6:32:6c:87:ad:0d:50:df:1f:20:
                    35:fd:ee:64:32:56:ce:f6:22:05:0a:8f:1c:b6:58:
                    63:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:ED:0C:59:D8:42:FB:14:D6:2B:23:F6:E5:50:9E:15:94:85:8E:CE
            X509v3 Authority Key Identifier:
                keyid:A9:34:B8:DE:C1:28:1B:C5:43:17:C7:FE:D0:E9:AC:BC:7B:97:CA:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/d-0MWdhC-xTWKyP25VCeFZSFjs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8ac0::/32
                  2a04:3c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:c8:15:a9:0e:e7:72:57:bc:01:9a:28:8e:26:b3:2d:c6:98:
         57:06:9d:db:6d:4c:56:fb:fa:2e:d6:20:61:9d:72:3d:4d:24:
         ab:40:38:23:d9:fa:d5:ab:c3:af:5e:65:f2:1e:f8:cc:81:d5:
         9d:85:eb:d7:88:1c:05:3c:f7:62:d9:c8:d6:57:da:6d:bf:04:
         7d:ce:e3:b2:13:e6:cd:58:e2:10:0f:89:4c:6e:49:ff:00:fd:
         fa:04:00:38:08:66:fb:91:d4:25:6e:e2:45:f8:8f:f9:c0:7f:
         ad:e1:a5:c3:e1:bc:a3:fb:c6:90:69:1e:4e:ad:6f:ef:45:9e:
         69:6a:cc:e1:4f:02:45:a1:3a:e8:43:a4:3a:86:a3:48:26:98:
         aa:03:b9:5a:0f:07:8e:99:ab:1a:28:cc:5d:6d:a4:b4:39:70:
         85:1b:6c:49:37:3e:80:4a:75:50:e2:bd:27:5c:dc:ff:5f:b7:
         e0:9d:11:db:a7:ce:80:99:a3:5c:40:79:f0:5f:ab:82:8e:02:
         a1:60:22:89:4f:a1:26:fe:7b:2f:85:cd:2c:8b:1f:c1:c7:b2:
         85:f1:d6:2a:fb:20:45:42:f8:01:f2:20:e4:0c:4c:37:18:c0:
         d5:e4:b8:68:81:97:7c:68:b2:81:67:8b:60:f4:4a:ed:69:20:
         9e:55:93:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzk3cRSkGuJZwQcYKSve7f0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzRiOGRlYzEyODFiYzU0MzE3YzdmZWQwZTlhY2JjN2I5
N2NhYzcwHhcNMjQwMTA3MTY1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VkMGM1OWQ4NDJmYjE0ZDYyYjIzZjZlNTUwOWUxNTk0ODU4ZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCE0aOamFRWfZJCkc5iHcnBsf/0C
ypefotonVmnfBGcFdSVIMZrlBeR469+roUda/EQunQWP7XSU7L2aGTxTJfgTyJyv
l9PJw+614V4rxp1wHQVU4QBdptEMMTb3Dv8hC08xldM4QgLVBW3RzyJlp6MQBbhM
7hXSBAByYDnO1AEDHTYQGjg1kjZaBjfSmrLVbyE/FFJzNKuqk/iEfuKNyAqzfX8l
SkXkcjRqi3Z4k6i5CUxHbMjAdjV4KftcBMDLw7gRfEBG+La/vxi9ox0yqwzsF5s7
+lP37G9kSRLoACthsgV1a6YybIetDVDfHyA1/e5kMlbO9iIFCo8ctlhjPwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHftDFnYQvsU1isj9uVQnhWUhY7OMB8GA1UdIwQY
MBaAFKk0uN7BKBvFQxfH/tDprLx7l8rHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRTNDNzRW9HOFZERjhmLTBPbXN2SHVYeXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC84N2I1NjItY2I3ZC00YTkzLWJkNDMt
MjdlZTQyZDkyNWFkLzEvZC0wTVdkaEMteFRXS3lQMjVWQ2VGWlNGanM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC84N2I1NjItY2I3ZC00YTkzLWJkNDMtMjdlZTQyZDkyNWFk
LzEvcVRTNDNzRW9HOFZERjhmLTBPbXN2SHVYeXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgCKwAMF
AyoEPEAwDQYJKoZIhvcNAQELBQADggEBAAbIFakO53JXvAGaKI4msy3GmFcGndtt
TFb7+i7WIGGdcj1NJKtAOCPZ+tWrw69eZfIe+MyB1Z2F69eIHAU892LZyNZX2m2/
BH3O47IT5s1Y4hAPiUxuSf8A/foEADgIZvuR1CVu4kX4j/nAf63hpcPhvKP7xpBp
Hk6tb+9FnmlqzOFPAkWhOuhDpDqGo0gmmKoDuVoPB46ZqxoozF1tpLQ5cIUbbEk3
PoBKdVDivSdc3P9ft+CdEdunzoCZo1xAefBfq4KOAqFgIolPoSb+ey+FzSyLH8HH
soXx1ir7IEVC+AHyIOQMTDcYwNXkuGiBl3xosoFni2D0Su1pIJ5Vkys=
-----END CERTIFICATE-----