Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/twy4DH5KOj6ndHW9ts0yYZ8i7MA.roa
File:                     twy4DH5KOj6ndHW9ts0yYZ8i7MA.roa (raw, json)
Hash identifier:          gpqHW2FmraRjh0+mLj9LmJ4NXifMW0Wv+a6zthp/TNo=
Subject key identifier:   B7:0C:B8:0C:7E:4A:3A:3E:A7:74:75:BD:B6:CD:32:61:9F:22:EC:C0
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018CCA99EC9A7391895140F848AFFDB4262D
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/twy4DH5KOj6ndHW9ts0yYZ8i7MA.roa
Signing time:             Tue 02 Jan 2024 14:35:34 +0000
ROA not before:           Tue 02 Jan 2024 14:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139833
IP address blocks:        2a0e:800:6666::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ec:9a:73:91:89:51:40:f8:48:af:fd:b4:26:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 14:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b70cb80c7e4a3a3ea77475bdb6cd32619f22ecc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b1:44:78:18:d4:45:8e:52:21:97:71:75:05:
                    c2:f5:27:87:7b:78:9d:66:8e:4a:da:ed:f7:44:e5:
                    70:96:da:58:5f:59:5c:21:91:03:a4:61:c7:77:de:
                    41:0a:fa:49:60:12:20:4b:37:bd:cd:39:98:2d:0a:
                    5e:49:fb:63:c7:14:1a:e3:0c:62:41:b1:f7:40:7f:
                    2d:50:41:4b:65:92:a7:5f:c7:a4:99:38:f6:62:02:
                    96:ad:e6:5d:7e:03:7d:c0:5d:97:08:67:7f:38:47:
                    5a:d5:51:96:52:d2:92:5a:57:7e:ce:c8:13:49:72:
                    15:59:cb:64:6c:ca:06:76:05:5a:55:89:5a:99:98:
                    7c:66:22:e3:15:37:f8:4a:6c:d4:c3:9a:27:fe:61:
                    04:18:17:37:11:f6:2a:2a:69:bf:e9:16:22:3c:fa:
                    0c:af:ba:32:d0:e1:64:a2:bf:ed:ec:cf:92:78:c6:
                    c8:74:ca:94:8b:b3:f4:ba:d9:59:24:1d:7f:7e:de:
                    20:11:3c:d7:3e:ec:12:f0:7b:b2:a0:96:19:bc:7b:
                    b1:5a:2f:df:6f:72:d7:c1:a1:e2:73:1c:91:a7:12:
                    c3:59:30:1f:a8:ed:fd:c1:6f:4b:b6:7a:1a:cd:66:
                    15:07:08:41:bf:50:7f:4e:95:fb:32:ef:3f:d4:69:
                    a4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:0C:B8:0C:7E:4A:3A:3E:A7:74:75:BD:B6:CD:32:61:9F:22:EC:C0
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/twy4DH5KOj6ndHW9ts0yYZ8i7MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:6666::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:bb:df:d0:4a:52:60:f7:c8:50:ee:3d:59:94:ef:33:6c:3d:
         ad:5f:83:a5:36:01:cb:75:0c:fd:82:f0:7f:8b:25:d2:c9:a3:
         77:a4:17:de:89:30:ef:1b:53:ca:cd:55:ff:29:57:97:5f:2d:
         ab:07:2e:87:81:76:1e:93:18:bd:a1:86:15:f1:0d:1f:75:4d:
         36:86:26:dc:bb:c2:93:94:08:3b:99:cb:f4:27:7f:df:d8:4e:
         33:e6:85:28:d1:f2:f2:ab:13:cc:1c:20:15:ae:98:19:7c:9f:
         82:7e:7b:fd:ef:2f:59:42:84:49:d6:cb:a4:6e:79:93:ca:bb:
         25:15:aa:41:3e:0f:f6:4b:dd:33:63:81:f0:60:60:b7:a0:b8:
         6d:2d:60:90:40:1a:0d:4b:3f:23:ca:3b:11:3f:00:51:46:de:
         c2:cb:05:69:c3:be:b7:df:ea:63:72:2c:1e:69:c9:8a:48:2e:
         67:d9:91:a8:c5:5a:2a:97:96:77:bd:1c:8e:5e:1f:e8:3e:f2:
         31:41:44:00:b5:f9:cf:7b:3e:d8:05:e2:38:18:8a:eb:8c:cd:
         cd:ef:0e:9f:4d:fa:ad:61:c4:67:54:2a:de:79:1a:c0:a9:14:
         a0:14:27:7c:05:12:30:15:32:76:ff:7a:63:75:af:2c:18:ac:
         c0:45:c7:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKmeyac5GJUUD4SK/9tCYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTAyMTQzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzBjYjgwYzdlNGEzYTNlYTc3NDc1YmRiNmNkMzI2MTlmMjJlY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrFEeBjURY5SIZdxdQXC9SeHe3id
Zo5K2u33ROVwltpYX1lcIZEDpGHHd95BCvpJYBIgSze9zTmYLQpeSftjxxQa4wxi
QbH3QH8tUEFLZZKnX8ekmTj2YgKWreZdfgN9wF2XCGd/OEda1VGWUtKSWld+zsgT
SXIVWctkbMoGdgVaVYlamZh8ZiLjFTf4SmzUw5on/mEEGBc3EfYqKmm/6RYiPPoM
r7oy0OFkor/t7M+SeMbIdMqUi7P0utlZJB1/ft4gETzXPuwS8HuyoJYZvHuxWi/f
b3LXwaHicxyRpxLDWTAfqO39wW9LtnoazWYVBwhBv1B/TpX7Mu8/1GmkvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLcMuAx+Sjo+p3R1vbbNMmGfIuzAMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvdHd5NERINUtPajZuZEhXOXRzMHlZWjhpN01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4IAGZm
MA0GCSqGSIb3DQEBCwUAA4IBAQB5u9/QSlJg98hQ7j1ZlO8zbD2tX4OlNgHLdQz9
gvB/iyXSyaN3pBfeiTDvG1PKzVX/KVeXXy2rBy6HgXYekxi9oYYV8Q0fdU02hibc
u8KTlAg7mcv0J3/f2E4z5oUo0fLyqxPMHCAVrpgZfJ+Cfnv97y9ZQoRJ1sukbnmT
yrslFapBPg/2S90zY4HwYGC3oLhtLWCQQBoNSz8jyjsRPwBRRt7CywVpw7633+pj
ciweacmKSC5n2ZGoxVoql5Z3vRyOXh/oPvIxQUQAtfnPez7YBeI4GIrrjM3N7w6f
TfqtYcRnVCreeRrAqRSgFCd8BRIwFTJ2/3pjda8sGKzARce7
-----END CERTIFICATE-----