Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/bWi0plzwqv0v7xYAxMKLXsrQZ7U.roa
File:                     bWi0plzwqv0v7xYAxMKLXsrQZ7U.roa (raw, json)
Hash identifier:          L8SSPHl6CrvJh7Odrb1ki3f2ZcjsZS8PEM+TUDWJ5aM=
Subject key identifier:   6D:68:B4:A6:5C:F0:AA:FD:2F:EF:16:00:C4:C2:8B:5E:CA:D0:67:B5
Certificate issuer:       /CN=2f0342e0d23ef7e06b1dff5cc6ee4fa17af8bd98
Certificate serial:       018CC7258C41BBE208C61FC24EF09861B60B
Authority key identifier: 2F:03:42:E0:D2:3E:F7:E0:6B:1D:FF:5C:C6:EE:4F:A1:7A:F8:BD:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LwNC4NI-9-BrHf9cxu5PoXr4vZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/bWi0plzwqv0v7xYAxMKLXsrQZ7U.roa
Signing time:             Mon 01 Jan 2024 22:29:35 +0000
ROA not before:           Mon 01 Jan 2024 22:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4002
IP address blocks:        2a02:970:2006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/LwNC4NI-9-BrHf9cxu5PoXr4vZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/LwNC4NI-9-BrHf9cxu5PoXr4vZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LwNC4NI-9-BrHf9cxu5PoXr4vZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:8c:41:bb:e2:08:c6:1f:c2:4e:f0:98:61:b6:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f0342e0d23ef7e06b1dff5cc6ee4fa17af8bd98
        Validity
            Not Before: Jan  1 22:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d68b4a65cf0aafd2fef1600c4c28b5ecad067b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5d:4c:2e:f1:c1:4a:0b:c1:97:a8:b6:20:cb:
                    63:0b:58:3a:7c:e7:38:d9:90:e0:b3:d2:3b:e0:2a:
                    ea:cd:69:6a:27:bd:6f:2b:26:89:1f:38:8d:4d:58:
                    c6:df:4f:05:a5:01:9c:3e:ce:1b:0c:c6:d0:6a:1e:
                    47:fd:59:13:07:0d:50:9c:d9:c6:11:f2:f1:b7:df:
                    a8:d8:b6:36:5c:24:ee:7f:ad:35:75:fa:ee:07:70:
                    f1:e8:f8:52:2c:08:98:ea:a9:24:a0:35:b4:f7:07:
                    39:9f:a7:38:02:0c:1b:93:69:84:be:6b:75:c3:77:
                    01:1c:59:71:c9:51:cd:21:70:67:32:79:65:4a:a7:
                    38:f5:58:e6:2b:22:ac:f5:a2:13:d7:a1:18:0f:06:
                    62:1b:b0:ea:0d:bb:6e:3b:86:cb:20:f6:73:c2:e7:
                    dc:2f:28:8c:0b:a0:e5:b3:6b:71:50:2e:a6:01:c3:
                    0a:3c:aa:43:f9:b3:4d:0e:2f:35:b4:a7:ec:fc:98:
                    d1:ae:7a:b8:5f:ef:1a:bd:36:73:fc:4b:9e:5a:69:
                    e3:37:4f:ad:b3:03:cc:af:5e:2a:26:51:ab:6c:a3:
                    07:57:92:da:59:78:6e:40:93:98:28:c9:4e:01:63:
                    a8:b2:07:df:9d:94:96:64:b4:27:af:02:1a:7a:de:
                    88:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:68:B4:A6:5C:F0:AA:FD:2F:EF:16:00:C4:C2:8B:5E:CA:D0:67:B5
            X509v3 Authority Key Identifier:
                keyid:2F:03:42:E0:D2:3E:F7:E0:6B:1D:FF:5C:C6:EE:4F:A1:7A:F8:BD:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LwNC4NI-9-BrHf9cxu5PoXr4vZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/bWi0plzwqv0v7xYAxMKLXsrQZ7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d1fd48-916b-4d83-96cc-c910af93e426/1/LwNC4NI-9-BrHf9cxu5PoXr4vZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:970:2006::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:18:49:9d:e6:4b:d7:38:be:2c:f3:fb:67:a2:05:30:4b:78:
         24:9a:91:43:e5:d2:e1:1d:20:df:73:21:b0:25:78:e8:f9:49:
         e6:32:97:68:85:40:ac:d6:02:99:b6:59:a6:cc:ba:d4:c3:23:
         9e:31:57:33:1b:be:33:c9:98:75:c9:a2:3f:0d:bf:03:fa:5d:
         0a:ac:c7:a3:93:ec:df:18:79:90:4a:a8:15:73:66:d5:04:7c:
         49:f5:63:42:9f:27:d0:9d:1c:7a:a1:bc:1b:be:f9:b5:23:2d:
         0f:b0:bf:32:a4:87:82:ba:46:bd:c2:d1:89:10:8a:2e:ef:0e:
         6b:c5:e0:15:4b:e1:01:f4:fc:b8:79:69:7b:a1:cd:ec:2b:82:
         56:a9:6d:2f:d5:be:13:45:fe:2d:5f:1f:a6:bb:1d:a5:3c:81:
         1d:4e:08:95:34:1b:de:2b:3b:ed:75:17:61:9d:1e:d7:63:0c:
         f9:2d:f8:8c:1c:69:f3:28:43:a4:42:bf:52:52:20:44:ef:69:
         71:71:03:0d:ea:e8:f3:3d:62:fb:b2:74:a3:08:23:6f:7f:82:
         b0:db:99:15:67:5e:0c:af:15:1b:d6:74:f5:09:6f:e2:0f:c5:
         c5:61:e7:47:9d:df:b1:72:c5:f5:11:39:60:26:5c:0e:25:34:
         bf:93:f1:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJYxBu+IIxh/CTvCYYbYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMDM0MmUwZDIzZWY3ZTA2YjFkZmY1Y2M2ZWU0ZmExN2Fm
OGJkOTgwHhcNMjQwMTAxMjIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDY4YjRhNjVjZjBhYWZkMmZlZjE2MDBjNGMyOGI1ZWNhZDA2N2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF1MLvHBSgvBl6i2IMtjC1g6fOc4
2ZDgs9I74CrqzWlqJ71vKyaJHziNTVjG308FpQGcPs4bDMbQah5H/VkTBw1QnNnG
EfLxt9+o2LY2XCTuf601dfruB3Dx6PhSLAiY6qkkoDW09wc5n6c4Agwbk2mEvmt1
w3cBHFlxyVHNIXBnMnllSqc49VjmKyKs9aIT16EYDwZiG7DqDbtuO4bLIPZzwufc
LyiMC6Dls2txUC6mAcMKPKpD+bNNDi81tKfs/JjRrnq4X+8avTZz/EueWmnjN0+t
swPMr14qJlGrbKMHV5LaWXhuQJOYKMlOAWOosgffnZSWZLQnrwIaet6IUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG1otKZc8Kr9L+8WAMTCi17K0Ge1MB8GA1UdIwQY
MBaAFC8DQuDSPvfgax3/XMbuT6F6+L2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHdOQzROSS05LUJySGY5Y3h1NVBvWHI0dlpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kMWZkNDgtOTE2Yi00ZDgzLTk2Y2Mt
YzkxMGFmOTNlNDI2LzEvYldpMHBsendxdjB2N3hZQXhNS0xYc3JRWjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kMWZkNDgtOTE2Yi00ZDgzLTk2Y2MtYzkxMGFmOTNlNDI2
LzEvTHdOQzROSS05LUJySGY5Y3h1NVBvWHI0dlpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIJcCAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBsGEmd5kvXOL4s8/tnogUwS3gkmpFD5dLhHSDf
cyGwJXjo+UnmMpdohUCs1gKZtlmmzLrUwyOeMVczG74zyZh1yaI/Db8D+l0KrMej
k+zfGHmQSqgVc2bVBHxJ9WNCnyfQnRx6obwbvvm1Iy0PsL8ypIeCuka9wtGJEIou
7w5rxeAVS+EB9Py4eWl7oc3sK4JWqW0v1b4TRf4tXx+mux2lPIEdTgiVNBveKzvt
dRdhnR7XYwz5LfiMHGnzKEOkQr9SUiBE72lxcQMN6ujzPWL7snSjCCNvf4Kw25kV
Z14MrxUb1nT1CW/iD8XFYedHnd+xcsX1ETlgJlwOJTS/k/HP
-----END CERTIFICATE-----