Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/KNunyHSe4TW2lAFpTyK81XnawZE.roa
File:                     KNunyHSe4TW2lAFpTyK81XnawZE.roa (raw, json)
Hash identifier:          rOcteUgtlHgBz1xYlZun68X7kqqALroKY63C/cyJCU4=
Subject key identifier:   28:DB:A7:C8:74:9E:E1:35:B6:94:01:69:4F:22:BC:D5:79:DA:C1:91
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD296546C834504800725E0276EFE
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/KNunyHSe4TW2lAFpTyK81XnawZE.roa
Signing time:             Tue 02 Jan 2024 10:34:04 +0000
ROA not before:           Tue 02 Jan 2024 10:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41668
IP address blocks:        2a02:2698:2800::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d2:96:54:6c:83:45:04:80:07:25:e0:27:6e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28dba7c8749ee135b69401694f22bcd579dac191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:14:3d:a6:94:df:c0:3c:77:d1:1e:16:c3:f1:
                    ac:fe:bd:85:fc:cf:69:0b:b2:da:3a:49:c1:82:cd:
                    c7:1f:7a:81:7f:d9:af:2d:bc:14:05:07:a4:89:c9:
                    7e:51:d0:0b:e6:da:28:16:98:d8:32:a2:6b:0e:ba:
                    fd:5d:47:5d:2c:3e:a2:95:82:26:33:f3:76:e5:4b:
                    ff:88:18:80:f7:73:27:9a:7b:38:9c:38:ba:f2:c7:
                    fe:01:bf:a7:b9:d5:7d:fb:a9:c6:18:e0:fb:6e:39:
                    7d:d4:df:f7:f9:42:fd:5a:7a:87:65:eb:7f:de:7e:
                    8d:84:35:68:28:bf:a8:69:4d:29:7d:eb:38:a8:06:
                    da:63:74:b2:19:9f:c0:b6:fd:c5:18:c6:eb:6c:0f:
                    c0:a6:6a:0a:b2:98:ab:6d:03:cd:2b:d3:56:c2:8b:
                    42:f7:13:0a:a9:a5:8a:e2:e1:ff:37:5b:99:7e:fc:
                    dd:5e:62:7a:25:7e:ae:0a:47:4d:4d:c3:77:fe:f1:
                    f7:b4:e4:da:2b:1a:94:06:2c:fb:9a:1d:ff:1a:30:
                    d8:61:12:cd:89:89:68:9a:9d:ab:db:f0:bd:b1:16:
                    e8:6f:76:8c:c6:0f:c8:5a:fb:4b:f6:72:7b:b6:56:
                    d3:1d:db:f7:4e:72:30:47:6f:b0:3b:cc:bf:96:d2:
                    e0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:DB:A7:C8:74:9E:E1:35:B6:94:01:69:4F:22:BC:D5:79:DA:C1:91
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/KNunyHSe4TW2lAFpTyK81XnawZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:2800::/38

    Signature Algorithm: sha256WithRSAEncryption
         15:94:5e:0f:d3:38:ac:33:d3:36:c4:04:d1:8f:fe:f3:98:a7:
         98:37:84:de:9a:6f:b8:44:23:93:fd:3c:d4:6d:be:c8:fb:40:
         9f:23:a7:dd:ae:0d:9e:1c:b7:e2:e4:fb:2d:5d:2f:00:52:8f:
         5e:e1:ab:bb:b0:92:fe:9c:ae:63:6c:eb:6b:02:a0:e3:55:92:
         10:99:9b:ac:98:97:bc:11:5c:54:6a:b0:c5:ab:89:d7:04:2e:
         d8:47:ca:fa:ba:a1:07:b9:75:f1:59:3e:c4:d8:f4:d8:49:53:
         d6:3b:ef:80:5f:be:e3:78:b3:be:4c:e3:69:ee:ae:6e:e0:93:
         08:3e:47:85:8f:d4:be:b4:58:a9:f1:bf:f2:6e:2e:f1:56:9d:
         be:76:8b:88:90:6e:cd:61:49:27:ba:b8:6b:68:7f:f9:fe:8e:
         46:8f:fa:71:df:d2:92:8a:9a:2e:5a:03:96:4f:0c:b6:1f:e3:
         ce:39:52:7b:5d:fa:27:6a:1f:91:9c:9e:8f:bf:63:29:28:c6:
         70:df:d7:b7:f9:4f:bc:da:ee:9f:09:2c:3d:8f:a5:bb:42:0f:
         ab:d5:ce:f5:f5:c6:3c:36:bb:6a:53:73:d7:9f:af:d5:eb:7a:
         54:7f:ce:f0:20:8a:f7:d0:0c:a7:1c:6a:3d:37:ad:70:90:1d:
         48:7a:57:5d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNKWVGyDRQSAByXgJ27+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGRiYTdjODc0OWVlMTM1YjY5NDAxNjk0ZjIyYmNkNTc5ZGFjMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxQ9ppTfwDx30R4Ww/Gs/r2F/M9p
C7LaOknBgs3HH3qBf9mvLbwUBQekicl+UdAL5tooFpjYMqJrDrr9XUddLD6ilYIm
M/N25Uv/iBiA93Mnmns4nDi68sf+Ab+nudV9+6nGGOD7bjl91N/3+UL9WnqHZet/
3n6NhDVoKL+oaU0pfes4qAbaY3SyGZ/Atv3FGMbrbA/ApmoKspirbQPNK9NWwotC
9xMKqaWK4uH/N1uZfvzdXmJ6JX6uCkdNTcN3/vH3tOTaKxqUBiz7mh3/GjDYYRLN
iYlomp2r2/C9sRbob3aMxg/IWvtL9nJ7tlbTHdv3TnIwR2+wO8y/ltLgOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCjbp8h0nuE1tpQBaU8ivNV52sGRMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvS051bnlIU2U0VFcybEFGcFR5SzgxWG5hd1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmCgw
DQYJKoZIhvcNAQELBQADggEBABWUXg/TOKwz0zbEBNGP/vOYp5g3hN6ab7hEI5P9
PNRtvsj7QJ8jp92uDZ4ct+Lk+y1dLwBSj17hq7uwkv6crmNs62sCoONVkhCZm6yY
l7wRXFRqsMWridcELthHyvq6oQe5dfFZPsTY9NhJU9Y774BfvuN4s75M42nurm7g
kwg+R4WP1L60WKnxv/JuLvFWnb52i4iQbs1hSSe6uGtof/n+jkaP+nHf0pKKmi5a
A5ZPDLYf4845Untd+idqH5Gcno+/YykoxnDf17f5T7za7p8JLD2PpbtCD6vVzvX1
xjw2u2pTc9efr9XrelR/zvAgivfQDKccaj03rXCQHUh6V10=
-----END CERTIFICATE-----