Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/9WW2XhOlMhIWb9KdjA0Z_z62qhw.roa
File:                     9WW2XhOlMhIWb9KdjA0Z_z62qhw.roa (raw, json)
Hash identifier:          0A6Bib9zXM9NjPVQp+sOy6LR/h30USlr5q4N09sXt9k=
Subject key identifier:   F5:65:B6:5E:13:A5:32:12:16:6F:D2:9D:8C:0D:19:FF:3E:B6:AA:1C
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018CC8013840FB7AE0256967845FED0F5CE8
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/9WW2XhOlMhIWb9KdjA0Z_z62qhw.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197619
IP address blocks:        2a05:f300::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:38:40:fb:7a:e0:25:69:67:84:5f:ed:0f:5c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f565b65e13a53212166fd29d8c0d19ff3eb6aa1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b6:a2:72:1d:c1:00:b1:bd:0a:5e:36:3a:ce:
                    6c:08:0f:a4:33:c6:d1:6d:10:a7:4d:e6:cd:e9:77:
                    9e:17:35:77:4f:98:13:ef:88:ff:fd:e7:56:ea:90:
                    33:c1:9e:dc:74:c3:7c:66:f9:40:db:d9:9b:72:05:
                    ba:0a:55:df:e4:7a:77:63:95:e7:89:27:3e:69:24:
                    6c:5e:61:69:20:f8:6f:75:8f:87:a2:a5:24:e0:fe:
                    1b:66:be:73:97:c8:c3:ba:08:dc:5f:4e:49:07:b9:
                    45:23:54:98:4e:d1:23:60:b9:bf:46:e0:18:c8:7b:
                    b3:e4:ae:47:2e:e8:05:f0:14:1c:83:91:8b:8f:a9:
                    3c:c6:19:4f:b6:2f:cf:b8:32:64:fd:4d:b9:74:65:
                    50:22:45:97:77:66:85:e5:1e:95:83:a3:5a:a4:9f:
                    3d:82:a0:a9:b8:05:73:97:4c:10:55:cc:51:fe:75:
                    a1:cb:59:a0:84:f6:06:b8:1d:9f:56:ad:04:97:05:
                    ca:28:82:e3:94:36:00:f9:7e:7a:5a:4f:62:9b:16:
                    8d:52:b6:ce:23:e4:64:ef:2e:82:b1:c7:49:f7:43:
                    c4:27:3e:dc:78:8f:89:c0:ae:b1:fe:c1:10:2f:26:
                    2e:4f:11:85:ef:c7:5c:2f:52:e3:85:7f:6d:35:a1:
                    4a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:65:B6:5E:13:A5:32:12:16:6F:D2:9D:8C:0D:19:FF:3E:B6:AA:1C
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/9WW2XhOlMhIWb9KdjA0Z_z62qhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:f300::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:62:c9:2a:b3:1b:f7:17:fa:74:19:28:dc:c0:da:29:28:f2:
         03:28:23:ab:06:18:55:db:9f:0b:60:db:07:99:74:ac:39:e1:
         d1:3f:ad:76:1b:19:57:3e:87:47:93:e4:19:04:5a:f4:72:f4:
         bc:25:bb:ac:38:09:9e:c6:d0:f1:4c:e0:3d:04:c5:01:ee:76:
         33:38:c8:96:80:c4:b0:0d:da:c4:81:e0:1f:89:06:02:20:20:
         81:1e:d4:e9:61:a4:5f:5b:e8:3e:00:4b:6a:c8:ae:1e:ab:38:
         1a:46:db:5e:bb:8c:da:4c:ab:45:43:85:d5:fb:88:3d:a9:52:
         06:67:c7:4f:fd:a6:a7:68:e7:13:b2:66:8b:23:2a:c0:61:0d:
         a5:0c:4c:95:e4:b1:2c:2a:55:27:02:38:83:a4:3d:05:e3:87:
         88:d0:16:ce:5a:64:f5:4c:79:6c:97:44:9a:a9:13:86:4a:8d:
         26:a4:9c:1c:a4:0d:70:33:63:33:69:f9:ee:d3:d1:61:2c:22:
         f3:00:c4:37:1a:e0:c4:1f:b1:b5:b4:f1:85:44:7c:17:24:30:
         5b:c4:6e:a6:dd:2e:1b:c9:ad:e1:c0:e3:10:2d:fb:a3:df:93:
         5a:f1:35:99:ad:0d:b0:04:b9:e0:77:8d:8a:7d:81:d2:05:01:
         9a:a2:92:24
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAThA+3rgJWlnhF/tD1zoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTY1YjY1ZTEzYTUzMjEyMTY2ZmQyOWQ4YzBkMTlmZjNlYjZhYTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbaich3BALG9Cl42Os5sCA+kM8bR
bRCnTebN6XeeFzV3T5gT74j//edW6pAzwZ7cdMN8ZvlA29mbcgW6ClXf5Hp3Y5Xn
iSc+aSRsXmFpIPhvdY+HoqUk4P4bZr5zl8jDugjcX05JB7lFI1SYTtEjYLm/RuAY
yHuz5K5HLugF8BQcg5GLj6k8xhlPti/PuDJk/U25dGVQIkWXd2aF5R6Vg6NapJ89
gqCpuAVzl0wQVcxR/nWhy1mghPYGuB2fVq0ElwXKKILjlDYA+X56Wk9imxaNUrbO
I+Rk7y6CscdJ90PEJz7ceI+JwK6x/sEQLyYuTxGF78dcL1LjhX9tNaFKcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPVltl4TpTISFm/SnYwNGf8+tqocMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvOVdXMlhoT2xNaElXYjlLZGpBMFpfejYycWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgXzADAN
BgkqhkiG9w0BAQsFAAOCAQEAH2LJKrMb9xf6dBko3MDaKSjyAygjqwYYVdufC2Db
B5l0rDnh0T+tdhsZVz6HR5PkGQRa9HL0vCW7rDgJnsbQ8UzgPQTFAe52MzjIloDE
sA3axIHgH4kGAiAggR7U6WGkX1voPgBLasiuHqs4GkbbXruM2kyrRUOF1fuIPalS
BmfHT/2mp2jnE7JmiyMqwGENpQxMleSxLCpVJwI4g6Q9BeOHiNAWzlpk9Ux5bJdE
mqkThkqNJqScHKQNcDNjM2n57tPRYSwi8wDENxrgxB+xtbTxhUR8FyQwW8Rupt0u
G8mt4cDjEC37o9+TWvE1ma0NsAS54HeNin2B0gUBmqKSJA==
-----END CERTIFICATE-----