Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/XcNyAtcSIj3VZNRuAXRr-c4msZE.roa
File:                     XcNyAtcSIj3VZNRuAXRr-c4msZE.roa (raw, json)
Hash identifier:          4bMziUezyBdIBevz1fCuHZyQ24umjEOHAhLAtBZqxqs=
Subject key identifier:   5D:C3:72:02:D7:12:22:3D:D5:64:D4:6E:01:74:6B:F9:CE:26:B1:91
Certificate issuer:       /CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
Certificate serial:       018CC349489956E6D3CB6895818DE6286A75
Authority key identifier: 0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/XcNyAtcSIj3VZNRuAXRr-c4msZE.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56849
IP address blocks:        2a0e:48c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:48:99:56:e6:d3:cb:68:95:81:8d:e6:28:6a:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dc37202d712223dd564d46e01746bf9ce26b191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c2:17:37:aa:92:84:31:54:30:db:1a:76:35:
                    eb:45:c4:77:20:3a:96:16:7b:0a:c4:af:5c:16:09:
                    e4:c9:a3:ca:02:93:10:5c:13:8f:62:ce:6d:35:13:
                    78:c9:6b:ec:b4:44:67:70:82:b2:3e:7b:ce:4d:3e:
                    4e:57:0f:ea:ff:b0:18:21:93:ee:a0:ec:36:91:33:
                    99:85:f3:0b:00:b5:71:eb:e9:83:80:7b:39:f1:88:
                    15:8d:aa:c8:4b:9f:9b:25:a9:30:73:87:46:a2:62:
                    44:d8:49:a7:02:9a:7b:01:20:59:c8:57:42:21:13:
                    f1:2a:4c:2e:c8:65:47:7f:f7:2a:1e:22:ae:9c:ef:
                    6d:67:4f:8b:50:56:a9:24:02:9f:15:14:e9:91:40:
                    30:76:59:eb:20:46:25:1d:e3:35:48:a6:ad:1d:d6:
                    22:5f:6f:90:35:34:90:cc:7e:8c:87:e3:91:15:15:
                    cd:ff:c8:ca:3a:b1:3f:58:74:43:e2:6b:6a:7b:f8:
                    0e:b0:aa:f7:1c:91:15:18:9c:40:22:d5:9d:19:f0:
                    4d:9e:77:15:aa:02:17:1d:9b:04:4d:fa:56:06:1f:
                    a8:d1:4d:e4:17:1b:7f:30:e3:b6:54:71:87:6b:7d:
                    e1:d4:4c:41:cc:7e:fe:f6:ff:80:cc:61:ca:b2:0c:
                    99:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C3:72:02:D7:12:22:3D:D5:64:D4:6E:01:74:6B:F9:CE:26:B1:91
            X509v3 Authority Key Identifier:
                keyid:0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/XcNyAtcSIj3VZNRuAXRr-c4msZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:1b:ca:a2:4c:bb:4b:87:5d:99:11:87:c2:a0:f1:de:be:3b:
         b7:ec:9b:29:fc:c0:3f:37:de:05:2c:38:3b:96:ec:5d:d6:b3:
         05:4b:67:e7:40:69:53:87:91:94:fa:3c:bb:b2:aa:a4:bf:f6:
         1a:de:af:7f:44:2f:ab:6a:f8:b6:d4:87:7c:bf:8c:40:5d:52:
         82:5b:70:38:06:b7:d0:3d:1d:9d:f2:0d:e5:92:b0:52:e9:7b:
         02:8c:8c:25:e4:e9:a9:c0:4e:13:11:c4:7d:c2:89:78:18:2c:
         b6:c6:12:06:5f:0d:ee:0d:d7:60:a5:d8:da:88:8e:d1:57:5d:
         e9:a4:d8:64:d6:65:cc:df:7a:14:74:b9:9b:3f:6b:16:f2:dd:
         dd:5f:63:dd:08:98:99:25:1e:d3:b4:50:23:06:25:fa:e0:f6:
         c4:14:4d:d7:81:84:1a:9b:d6:ca:8e:37:5d:ca:15:c9:ad:26:
         4c:2a:c9:c4:0f:af:ba:89:90:c4:89:62:3b:94:0b:6c:04:38:
         c7:20:82:9f:c3:d2:6d:7a:1a:23:9c:9e:c6:0c:b5:99:03:80:
         4f:98:04:23:78:93:92:2e:ef:cc:e4:eb:fe:59:01:4a:b5:9c:
         77:0e:72:37:1b:64:16:55:31:c4:2d:c5:fe:14:67:89:11:df:
         ed:a8:b0:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSUiZVubTy2iVgY3mKGp1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYjNlNzNhYThiN2YwYWYzYmQ4NDAwNTcyZGFlNzJiMGQ0
NmY1NWMwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGMzNzIwMmQ3MTIyMjNkZDU2NGQ0NmUwMTc0NmJmOWNlMjZiMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8IXN6qShDFUMNsadjXrRcR3IDqW
FnsKxK9cFgnkyaPKApMQXBOPYs5tNRN4yWvstERncIKyPnvOTT5OVw/q/7AYIZPu
oOw2kTOZhfMLALVx6+mDgHs58YgVjarIS5+bJakwc4dGomJE2EmnApp7ASBZyFdC
IRPxKkwuyGVHf/cqHiKunO9tZ0+LUFapJAKfFRTpkUAwdlnrIEYlHeM1SKatHdYi
X2+QNTSQzH6Mh+ORFRXN/8jKOrE/WHRD4mtqe/gOsKr3HJEVGJxAItWdGfBNnncV
qgIXHZsETfpWBh+o0U3kFxt/MOO2VHGHa33h1ExBzH7+9v+AzGHKsgyZzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF3DcgLXEiI91WTUbgF0a/nOJrGRMB8GA1UdIwQY
MBaAFAuz5zqot/CvO9hABXLa5ysNRvVcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzIt
YWQyOGZhOTY2YjUxLzEvWGNOeUF0Y1NJajNWWk5SdUFYUnItYzRtc1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzItYWQyOGZhOTY2YjUx
LzEvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5IwDAN
BgkqhkiG9w0BAQsFAAOCAQEAuRvKoky7S4ddmRGHwqDx3r47t+ybKfzAPzfeBSw4
O5bsXdazBUtn50BpU4eRlPo8u7KqpL/2Gt6vf0Qvq2r4ttSHfL+MQF1SgltwOAa3
0D0dnfIN5ZKwUul7AoyMJeTpqcBOExHEfcKJeBgstsYSBl8N7g3XYKXY2oiO0Vdd
6aTYZNZlzN96FHS5mz9rFvLd3V9j3QiYmSUe07RQIwYl+uD2xBRN14GEGpvWyo43
XcoVya0mTCrJxA+vuomQxIliO5QLbAQ4xyCCn8PSbXoaI5yexgy1mQOAT5gEI3iT
ki7vzOTr/lkBSrWcdw5yNxtkFlUxxC3F/hRniRHf7aiwjg==
-----END CERTIFICATE-----