Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/HeofTdaalWRQwsd9Jm51bRjWavk.roa
File:                     HeofTdaalWRQwsd9Jm51bRjWavk.roa (raw, json)
Hash identifier:          FgBDeQLQkdxJ6oWa8US3mU3UqvXUsaUmksc65FJ6CiU=
Subject key identifier:   1D:EA:1F:4D:D6:9A:95:64:50:C2:C7:7D:26:6E:75:6D:18:D6:6A:F9
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB24BF3153EB375CD0DF485D9A12C
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/HeofTdaalWRQwsd9Jm51bRjWavk.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202564
IP address blocks:        2a07:3d80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b2:4b:f3:15:3e:b3:75:cd:0d:f4:85:d9:a1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dea1f4dd69a956450c2c77d266e756d18d66af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:28:e8:b6:17:5d:05:74:e4:37:e8:70:41:e9:
                    1a:b3:f2:1b:39:f2:5a:a3:0a:d5:4f:72:a5:fd:99:
                    e3:c8:49:24:44:aa:85:f9:90:8b:c8:9c:50:16:e3:
                    3d:54:fb:2e:26:b5:a7:8e:47:e8:cd:e4:b1:aa:af:
                    68:3c:87:2b:2d:11:87:44:67:54:b9:3f:46:5e:fd:
                    52:31:36:0f:9a:c7:8f:94:3a:5e:6b:97:80:93:da:
                    38:6e:a3:5c:95:6a:32:85:3f:1f:38:6a:e6:ef:88:
                    f4:4f:ad:64:c4:3a:31:67:d6:94:00:6b:62:bc:b0:
                    48:a7:f5:24:ce:46:70:aa:f4:f5:9e:21:90:47:5d:
                    11:38:f9:0a:b0:9a:59:1e:bd:0d:de:df:d1:e8:38:
                    69:90:dd:11:63:da:dd:d0:e7:f6:3d:b5:63:c3:85:
                    ee:74:64:00:f1:8d:ed:fd:7f:00:7e:f8:97:b1:89:
                    c9:79:b3:68:3c:64:2c:2b:d4:20:72:dd:9c:94:9c:
                    ef:a2:b9:56:aa:e6:c9:01:f9:86:1a:ac:5d:84:d2:
                    0a:23:73:cf:48:0d:ce:8b:c7:85:3a:6b:a6:9c:95:
                    90:eb:dc:33:99:21:48:d2:a0:0f:e8:77:ce:54:9e:
                    af:ff:9d:38:31:aa:5a:3d:ed:77:95:a0:be:f8:24:
                    32:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EA:1F:4D:D6:9A:95:64:50:C2:C7:7D:26:6E:75:6D:18:D6:6A:F9
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/HeofTdaalWRQwsd9Jm51bRjWavk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:3b:8c:78:81:ec:ca:d4:7d:e0:ce:36:c6:cb:27:d3:c7:d1:
         45:e8:78:00:16:85:f9:71:86:cf:0e:8c:05:22:87:04:94:8a:
         92:2e:0f:fb:ff:0b:dc:21:1a:44:b9:67:83:70:57:c2:b5:11:
         ab:67:4e:a4:f2:9a:c9:de:26:a2:83:c9:4d:02:b8:83:a8:9e:
         56:69:7a:65:08:a1:f9:44:2d:83:08:ac:44:31:82:b9:fb:34:
         2e:5e:0e:c2:b3:69:c3:c1:37:df:6e:8f:ac:4b:87:f1:2f:07:
         47:d4:86:29:3e:71:1b:b4:95:29:30:54:14:93:2f:cf:f6:84:
         7b:0d:9c:50:1a:b0:7e:8f:97:9c:a0:52:16:0f:55:e6:0f:fb:
         c1:5d:2c:00:f1:6c:73:91:ed:b2:83:ff:96:84:2f:80:e1:10:
         4c:ac:bd:93:89:f1:f8:d6:9f:89:71:e6:47:4b:ea:ed:8c:0d:
         a1:50:a5:59:b3:47:0e:5a:d0:25:9e:57:fe:60:49:f8:17:80:
         23:1e:d9:fc:76:e1:e2:b1:0a:29:d9:3a:7f:02:af:1a:a0:98:
         7d:bf:25:f9:80:17:4f:00:e6:8b:6d:9d:3d:1e:d9:31:e7:9f:
         36:e7:0e:c0:e2:83:63:a5:b4:f2:b3:27:cc:d3:ac:3c:c6:a2:
         fb:e0:e4:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb7JL8xU+s3XNDfSF2aEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGVhMWY0ZGQ2OWE5NTY0NTBjMmM3N2QyNjZlNzU2ZDE4ZDY2YWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSjothddBXTkN+hwQekas/IbOfJa
owrVT3Kl/ZnjyEkkRKqF+ZCLyJxQFuM9VPsuJrWnjkfozeSxqq9oPIcrLRGHRGdU
uT9GXv1SMTYPmsePlDpea5eAk9o4bqNclWoyhT8fOGrm74j0T61kxDoxZ9aUAGti
vLBIp/UkzkZwqvT1niGQR10ROPkKsJpZHr0N3t/R6DhpkN0RY9rd0Of2PbVjw4Xu
dGQA8Y3t/X8AfviXsYnJebNoPGQsK9Qgct2clJzvorlWqubJAfmGGqxdhNIKI3PP
SA3Oi8eFOmumnJWQ69wzmSFI0qAP6HfOVJ6v/504MapaPe13laC++CQy5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB3qH03WmpVkUMLHfSZudW0Y1mr5MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvSGVvZlRkYWFsV1JRd3NkOUptNTFiUmpXYXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgc9gDAN
BgkqhkiG9w0BAQsFAAOCAQEAXDuMeIHsytR94M42xssn08fRReh4ABaF+XGGzw6M
BSKHBJSKki4P+/8L3CEaRLlng3BXwrURq2dOpPKayd4mooPJTQK4g6ieVml6ZQih
+UQtgwisRDGCufs0Ll4OwrNpw8E3326PrEuH8S8HR9SGKT5xG7SVKTBUFJMvz/aE
ew2cUBqwfo+XnKBSFg9V5g/7wV0sAPFsc5HtsoP/loQvgOEQTKy9k4nx+NafiXHm
R0vq7YwNoVClWbNHDlrQJZ5X/mBJ+BeAIx7Z/Hbh4rEKKdk6fwKvGqCYfb8l+YAX
TwDmi22dPR7ZMeefNucOwOKDY6W08rMnzNOsPMai++Dkiw==
-----END CERTIFICATE-----