Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/rnddRaMcCslvH6cnJKCpKa12JaE.roa
File:                     rnddRaMcCslvH6cnJKCpKa12JaE.roa (raw, json)
Hash identifier:          yf3qJRgPNuUcG9fpenZXdbuhIXD/VHv5xpv9cxwtpMs=
Subject key identifier:   AE:77:5D:45:A3:1C:0A:C9:6F:1F:A7:27:24:A0:A9:29:AD:76:25:A1
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCCDEC6426186505C3772C23DF508B
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/rnddRaMcCslvH6cnJKCpKa12JaE.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12768
IP address blocks:        2a02:2698::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:cd:ec:64:26:18:65:05:c3:77:2c:23:df:50:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae775d45a31c0ac96f1fa72724a0a929ad7625a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f9:4d:50:9f:d7:bf:44:64:e5:80:18:39:73:
                    0d:02:c3:cf:64:13:5b:5e:51:19:bd:0c:7b:e5:ef:
                    d7:ec:81:8d:e2:7a:8d:a6:6a:54:dd:74:1a:29:c7:
                    9a:a4:db:c6:f0:7c:37:ca:96:dd:38:27:eb:0a:15:
                    82:1c:92:fc:c0:ac:76:a0:81:59:ec:c6:06:ed:29:
                    57:0c:a0:6d:0d:9c:d3:71:81:bb:0d:1d:a1:68:0a:
                    a6:c4:79:af:14:f6:58:48:ce:3c:c3:b4:b9:bd:54:
                    53:d3:47:fe:f7:94:d6:4b:7e:83:cd:c8:ad:3b:06:
                    6a:8c:e3:3c:50:8d:48:71:38:5a:9c:3e:c7:c7:4e:
                    87:8d:c3:9a:c7:7a:34:08:e6:8b:f3:91:fc:8a:29:
                    57:4a:cb:4b:a2:79:3c:fd:da:80:d8:d8:c6:e0:40:
                    b3:20:a3:7e:3f:e6:48:ff:f8:6e:73:74:87:c6:50:
                    29:e4:cc:09:f5:93:2e:e8:10:e9:cf:f7:4d:a8:c5:
                    2c:a5:1b:ca:2a:73:f4:ed:cd:b8:c8:52:05:59:df:
                    dc:c1:f9:67:e7:df:62:b2:5c:d8:95:22:14:d6:62:
                    3f:0f:1e:44:61:eb:53:d3:21:bb:b2:a0:1f:90:ee:
                    05:23:e1:98:29:2b:ca:c9:78:e8:ad:13:1a:12:1e:
                    6f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:77:5D:45:A3:1C:0A:C9:6F:1F:A7:27:24:A0:A9:29:AD:76:25:A1
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/rnddRaMcCslvH6cnJKCpKa12JaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698::/38

    Signature Algorithm: sha256WithRSAEncryption
         6e:31:bf:9b:e6:81:23:4c:fc:3e:18:26:39:78:20:56:fd:b3:
         72:b6:23:5d:54:64:35:ec:d0:27:39:30:8b:ec:97:23:33:61:
         ad:a0:4e:ad:db:b3:0f:86:27:fb:6b:8a:ce:10:6c:3c:44:a8:
         74:95:3b:17:a5:50:6f:ab:f8:89:41:dd:fe:42:1e:76:14:d6:
         ea:30:6e:58:c8:e9:8e:3a:55:a4:32:40:7a:e5:43:53:fe:e0:
         3a:8e:b4:96:3c:55:2f:ee:45:26:8a:1b:fc:6d:0f:84:3c:80:
         87:5d:68:c5:ff:36:1e:90:32:52:43:fc:0b:6c:74:a4:2a:3e:
         b2:54:b0:13:dd:e4:43:b8:ae:5a:84:7c:6d:7c:d9:7f:90:d5:
         16:ab:2f:6f:6e:f4:f8:68:b8:2b:ad:34:0f:f9:74:ad:6b:9d:
         fc:44:14:f5:e7:47:58:a3:66:55:03:f4:e5:3f:16:00:fe:a7:
         21:00:98:bc:d5:cb:87:b9:34:3a:18:1b:bc:b1:46:19:d0:e7:
         ac:07:90:d7:6d:3a:d9:8a:a3:0b:da:22:f1:17:71:1b:8b:1e:
         ab:57:b2:ae:61:a3:b5:82:b9:f2:84:d5:fc:82:f2:c0:05:ba:
         94:c4:9a:b0:22:47:95:bf:2c:91:da:3d:64:82:8b:24:72:90:
         a3:57:a0:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvM3sZCYYZQXDdywj31CLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTc3NWQ0NWEzMWMwYWM5NmYxZmE3MjcyNGEwYTkyOWFkNzYyNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPlNUJ/Xv0Rk5YAYOXMNAsPPZBNb
XlEZvQx75e/X7IGN4nqNpmpU3XQaKceapNvG8Hw3ypbdOCfrChWCHJL8wKx2oIFZ
7MYG7SlXDKBtDZzTcYG7DR2haAqmxHmvFPZYSM48w7S5vVRT00f+95TWS36Dzcit
OwZqjOM8UI1IcThanD7Hx06HjcOax3o0COaL85H8iilXSstLonk8/dqA2NjG4ECz
IKN+P+ZI//huc3SHxlAp5MwJ9ZMu6BDpz/dNqMUspRvKKnP07c24yFIFWd/cwfln
599islzYlSIU1mI/Dx5EYetT0yG7sqAfkO4FI+GYKSvKyXjorRMaEh5vFQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK53XUWjHArJbx+nJySgqSmtdiWhMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvcm5kZFJhTWNDc2x2SDZjbkpLQ3BLYTEySmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmAAw
DQYJKoZIhvcNAQELBQADggEBAG4xv5vmgSNM/D4YJjl4IFb9s3K2I11UZDXs0Cc5
MIvslyMzYa2gTq3bsw+GJ/tris4QbDxEqHSVOxelUG+r+IlB3f5CHnYU1uowbljI
6Y46VaQyQHrlQ1P+4DqOtJY8VS/uRSaKG/xtD4Q8gIddaMX/Nh6QMlJD/AtsdKQq
PrJUsBPd5EO4rlqEfG182X+Q1RarL29u9PhouCutNA/5dK1rnfxEFPXnR1ijZlUD
9OU/FgD+pyEAmLzVy4e5NDoYG7yxRhnQ56wHkNdtOtmKowvaIvEXcRuLHqtXsq5h
o7WCufKE1fyC8sAFupTEmrAiR5W/LJHaPWSCiyRykKNXoBc=
-----END CERTIFICATE-----