Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/DEl6YMQu4z5UVl7zDopf4R62HaI.roa
File:                     DEl6YMQu4z5UVl7zDopf4R62HaI.roa (raw, json)
Hash identifier:          IVMD8qydCgz2dV6ycl1Scsu//MMGYy81gF2S6eeIPFs=
Subject key identifier:   0C:49:7A:60:C4:2E:E3:3E:54:56:5E:F3:0E:8A:5F:E1:1E:B6:1D:A2
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D058F8DC8A5A5ADFCA994F6A0EC3C
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/DEl6YMQu4z5UVl7zDopf4R62HaI.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200105
IP address blocks:        2a0a:280:1300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:05:8f:8d:c8:a5:a5:ad:fc:a9:94:f6:a0:ec:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c497a60c42ee33e54565ef30e8a5fe11eb61da2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:cc:f7:61:d0:3a:ab:41:24:bf:86:3b:30:ec:
                    76:64:49:a4:28:4d:38:03:88:c8:82:f9:95:bd:7c:
                    c1:00:5a:d6:02:5d:cf:98:fb:52:c0:d2:9c:82:32:
                    60:30:99:0a:43:2b:e4:3b:23:b6:6a:6a:7a:a9:4e:
                    69:6e:57:e6:d3:fe:88:b4:f9:6b:7d:96:10:fd:02:
                    4e:e2:37:77:cd:ad:67:ab:dd:3f:70:5d:e6:a9:7e:
                    a9:f7:12:83:75:3a:93:9f:c6:b3:bd:7c:33:fb:3c:
                    36:6d:88:84:5b:a4:5a:d1:1a:4e:8b:73:5a:12:34:
                    2c:94:c8:87:01:a4:af:76:81:df:db:21:45:59:5f:
                    64:3d:fb:7c:e8:4b:8c:8d:81:52:78:96:6a:f5:8d:
                    ea:ba:41:96:de:4c:9f:26:92:5a:77:44:12:a8:00:
                    28:d8:78:fb:41:fd:24:93:5b:a7:e9:e8:d9:92:3c:
                    db:7b:9e:3d:b5:66:eb:bb:8f:36:c8:43:26:b0:4e:
                    16:00:69:9b:b3:48:a0:b7:c7:6a:27:76:41:ec:b3:
                    05:74:d1:30:b8:48:82:ab:84:0a:48:dc:e6:4e:a5:
                    8f:0d:f6:97:8e:1b:df:cc:5d:31:6e:77:c4:0c:6b:
                    75:28:7f:5d:a6:d0:f1:16:48:e1:36:5b:dd:b0:dc:
                    b1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:49:7A:60:C4:2E:E3:3E:54:56:5E:F3:0E:8A:5F:E1:1E:B6:1D:A2
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/DEl6YMQu4z5UVl7zDopf4R62HaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:87:73:a4:2a:38:05:ba:f1:6c:b9:d0:b9:87:db:f0:aa:b3:
         f8:ed:0c:1d:14:b3:61:9f:8d:93:eb:ce:b0:3c:fc:78:2b:c7:
         56:17:ff:80:c8:a6:ac:22:b0:35:a2:ff:48:a9:2d:5b:48:e1:
         b7:73:15:a8:a3:45:a6:1f:c9:0c:79:ed:5d:a9:c4:9c:3d:df:
         54:bf:ae:bd:c3:a6:67:32:68:3b:37:1e:18:63:82:27:94:6b:
         57:6b:08:7c:66:6c:a3:9f:50:ae:0d:f2:70:fd:27:e8:08:62:
         e2:7c:1c:f2:7e:c5:65:05:fa:45:ac:df:01:e3:48:90:67:e8:
         5c:1c:38:a5:90:41:b6:c0:ea:cf:63:77:d8:31:17:0f:c5:1b:
         ba:87:ce:96:fc:5d:88:11:a3:51:f8:4d:c9:f3:2f:f9:71:41:
         1f:02:38:ab:79:eb:96:57:3a:cb:96:a3:34:c5:7a:a4:d3:79:
         8a:9f:83:5a:22:08:23:45:bb:1f:6c:d6:91:b3:86:a0:19:ce:
         53:2f:26:1e:56:db:e5:87:b6:19:82:d4:4d:39:14:39:fe:8e:
         58:a4:70:3e:5e:c1:47:9a:12:84:da:4f:fb:74:b3:a1:09:68:
         c8:c5:11:67:4d:7b:c4:c5:98:81:1a:ff:ce:23:a0:43:7a:03:
         c3:d8:bb:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQWPjcilpa38qZT2oOw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQ5N2E2MGM0MmVlMzNlNTQ1NjVlZjMwZThhNWZlMTFlYjYxZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8z3YdA6q0Ekv4Y7MOx2ZEmkKE04
A4jIgvmVvXzBAFrWAl3PmPtSwNKcgjJgMJkKQyvkOyO2amp6qU5pblfm0/6ItPlr
fZYQ/QJO4jd3za1nq90/cF3mqX6p9xKDdTqTn8azvXwz+zw2bYiEW6Ra0RpOi3Na
EjQslMiHAaSvdoHf2yFFWV9kPft86EuMjYFSeJZq9Y3qukGW3kyfJpJad0QSqAAo
2Hj7Qf0kk1un6ejZkjzbe549tWbru482yEMmsE4WAGmbs0igt8dqJ3ZB7LMFdNEw
uEiCq4QKSNzmTqWPDfaXjhvfzF0xbnfEDGt1KH9dptDxFkjhNlvdsNyxWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAxJemDELuM+VFZe8w6KX+Eeth2iMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvREVsNllNUXU0ejVVVmw3ekRvcGY0UjYySGFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBMw
DQYJKoZIhvcNAQELBQADggEBAHaHc6QqOAW68Wy50LmH2/Cqs/jtDB0Us2GfjZPr
zrA8/Hgrx1YX/4DIpqwisDWi/0ipLVtI4bdzFaijRaYfyQx57V2pxJw931S/rr3D
pmcyaDs3HhhjgieUa1drCHxmbKOfUK4N8nD9J+gIYuJ8HPJ+xWUF+kWs3wHjSJBn
6FwcOKWQQbbA6s9jd9gxFw/FG7qHzpb8XYgRo1H4TcnzL/lxQR8COKt565ZXOsuW
ozTFeqTTeYqfg1oiCCNFux9s1pGzhqAZzlMvJh5W2+WHthmC1E05FDn+jlikcD5e
wUeaEoTaT/t0s6EJaMjFEWdNe8TFmIEa/84joEN6A8PYuyU=
-----END CERTIFICATE-----