Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/4bba08-be36-47eb-ab2c-6359f92e1d2f/1/bURJCPXUjmqC73TKcl_5sTFRR1I.roa
File:                     bURJCPXUjmqC73TKcl_5sTFRR1I.roa (raw, json)
Hash identifier:          APDrEcI8XpyWD31MMmfSnI/M37FEy5A266AiNRGJX4w=
Subject key identifier:   6D:44:49:08:F5:D4:8E:6A:82:EF:74:CA:72:5F:F9:B1:31:51:47:52
Certificate issuer:       /CN=ccad68f7e8abadf4472623343a32561507224189
Certificate serial:       018E54AFB4A400F7C79A0B0FD48E2740EFF2
Authority key identifier: CC:AD:68:F7:E8:AB:AD:F4:47:26:23:34:3A:32:56:15:07:22:41:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zK1o9-irrfRHJiM0OjJWFQciQYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/4bba08-be36-47eb-ab2c-6359f92e1d2f/1/bURJCPXUjmqC73TKcl_5sTFRR1I.roa
Signing time:             Tue 19 Mar 2024 03:09:44 +0000
ROA not before:           Tue 19 Mar 2024 03:09:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216463
IP address blocks:        2a02:f680::/29 maxlen: 29
                          2a02:f680::/48 maxlen: 48
                          2a02:f680:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/4bba08-be36-47eb-ab2c-6359f92e1d2f/1/zK1o9-irrfRHJiM0OjJWFQciQYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/4bba08-be36-47eb-ab2c-6359f92e1d2f/1/zK1o9-irrfRHJiM0OjJWFQciQYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zK1o9-irrfRHJiM0OjJWFQciQYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:54:af:b4:a4:00:f7:c7:9a:0b:0f:d4:8e:27:40:ef:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccad68f7e8abadf4472623343a32561507224189
        Validity
            Not Before: Mar 19 03:09:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d444908f5d48e6a82ef74ca725ff9b131514752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:21:f8:dd:d1:31:da:51:16:1d:b6:5d:77:12:
                    b6:fe:50:05:35:1c:e7:bf:12:a0:5b:51:ed:4d:9a:
                    02:a2:20:69:9e:bc:01:d1:b8:7d:4b:1e:29:fd:dd:
                    50:35:96:59:07:3a:5e:fe:8f:69:7a:1f:f9:fd:6b:
                    09:20:c4:fa:6c:ae:3f:19:21:55:9d:f5:f7:87:6a:
                    40:6c:1c:82:bc:d6:eb:45:79:08:36:34:15:84:a3:
                    07:ba:c0:e9:81:5d:74:9d:4d:43:4e:87:83:05:0c:
                    cf:a0:8b:57:35:14:49:3a:71:3d:b4:b4:fa:21:c3:
                    dd:bb:99:2b:33:45:11:a5:ee:1d:45:fa:8f:fb:96:
                    2a:3c:96:2b:59:9c:39:f0:99:27:dd:b9:2b:f5:7a:
                    98:ab:64:d5:41:60:e5:57:3c:61:49:cf:91:54:15:
                    07:8e:6d:7e:67:9f:46:04:90:2f:1e:dd:19:2a:9a:
                    11:ac:01:ef:1a:be:c6:c3:f9:41:7e:40:3f:1d:ab:
                    28:01:02:9c:5f:c8:28:cb:35:13:c3:66:33:d4:81:
                    cf:34:f3:ce:d9:d1:48:62:f0:dc:ec:f8:cc:fb:5e:
                    2c:b7:43:62:35:75:d7:d9:66:e7:6d:8a:0f:d8:d7:
                    e0:e9:9c:eb:fc:f9:e9:ef:b7:cd:f8:52:c6:df:48:
                    a4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:44:49:08:F5:D4:8E:6A:82:EF:74:CA:72:5F:F9:B1:31:51:47:52
            X509v3 Authority Key Identifier:
                keyid:CC:AD:68:F7:E8:AB:AD:F4:47:26:23:34:3A:32:56:15:07:22:41:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zK1o9-irrfRHJiM0OjJWFQciQYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4bba08-be36-47eb-ab2c-6359f92e1d2f/1/bURJCPXUjmqC73TKcl_5sTFRR1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4bba08-be36-47eb-ab2c-6359f92e1d2f/1/zK1o9-irrfRHJiM0OjJWFQciQYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:f680::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:59:22:b8:f1:76:1c:5c:7f:f0:9d:bb:62:5f:05:36:70:5a:
         5f:0b:5c:77:61:b3:bc:0f:2e:f4:5d:68:8a:d6:5e:b7:5b:49:
         90:87:c3:9a:94:fe:86:0d:2c:8e:87:6d:15:fc:1c:04:a2:fc:
         eb:d4:f7:90:47:69:95:fc:b5:b1:5e:f1:5e:72:af:39:e9:64:
         a1:88:24:03:a5:8c:5c:00:cd:2a:a7:71:ba:06:77:63:7e:37:
         32:8a:8e:6d:c9:ba:75:87:e1:d3:d6:f6:b1:6f:d3:21:53:1a:
         ae:cc:58:64:b1:72:45:f6:6d:64:a9:fc:28:80:5b:84:e6:2a:
         62:17:89:2f:6f:15:e7:cf:fb:f6:64:7c:b7:7d:98:44:3c:5a:
         74:56:11:81:dc:51:46:60:29:02:35:4f:d3:e6:75:36:04:8b:
         31:55:bb:03:94:fa:e6:05:a9:04:91:83:c3:6a:eb:6a:c4:91:
         a0:4d:80:a0:b2:da:72:a2:ff:8b:0f:ca:0a:66:12:be:75:62:
         ac:a2:16:e3:18:b2:fd:69:44:e4:fc:14:03:72:6d:28:18:81:
         e8:af:2a:22:3a:18:8d:6b:16:1d:23:91:08:70:8b:42:7b:87:
         02:8a:3f:a9:d3:b0:8d:a2:e8:3f:80:50:fa:bd:78:3b:bd:1d:
         22:15:26:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5Ur7SkAPfHmgsP1I4nQO/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYWQ2OGY3ZThhYmFkZjQ0NzI2MjMzNDNhMzI1NjE1MDcy
MjQxODkwHhcNMjQwMzE5MDMwOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQ0NDkwOGY1ZDQ4ZTZhODJlZjc0Y2E3MjVmZjliMTMxNTE0NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCH43dEx2lEWHbZddxK2/lAFNRzn
vxKgW1HtTZoCoiBpnrwB0bh9Sx4p/d1QNZZZBzpe/o9peh/5/WsJIMT6bK4/GSFV
nfX3h2pAbByCvNbrRXkINjQVhKMHusDpgV10nU1DToeDBQzPoItXNRRJOnE9tLT6
IcPdu5krM0URpe4dRfqP+5YqPJYrWZw58Jkn3bkr9XqYq2TVQWDlVzxhSc+RVBUH
jm1+Z59GBJAvHt0ZKpoRrAHvGr7Gw/lBfkA/HasoAQKcX8goyzUTw2Yz1IHPNPPO
2dFIYvDc7PjM+14st0NiNXXX2WbnbYoP2Nfg6Zzr/Pnp77fN+FLG30ikuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG1ESQj11I5qgu90ynJf+bExUUdSMB8GA1UdIwQY
MBaAFMytaPfoq630RyYjNDoyVhUHIkGJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveksxbzktaXJyZlJISmlNME9qSldGUWNpUVlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80YmJhMDgtYmUzNi00N2ViLWFiMmMt
NjM1OWY5MmUxZDJmLzEvYlVSSkNQWFVqbXFDNzNUS2NsXzVzVEZSUjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80YmJhMDgtYmUzNi00N2ViLWFiMmMtNjM1OWY5MmUxZDJm
LzEveksxbzktaXJyZlJISmlNME9qSldGUWNpUVlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgL2gDAN
BgkqhkiG9w0BAQsFAAOCAQEABVkiuPF2HFx/8J27Yl8FNnBaXwtcd2GzvA8u9F1o
itZet1tJkIfDmpT+hg0sjodtFfwcBKL869T3kEdplfy1sV7xXnKvOelkoYgkA6WM
XADNKqdxugZ3Y343MoqObcm6dYfh09b2sW/TIVMarsxYZLFyRfZtZKn8KIBbhOYq
YheJL28V58/79mR8t32YRDxadFYRgdxRRmApAjVP0+Z1NgSLMVW7A5T65gWpBJGD
w2rrasSRoE2AoLLacqL/iw/KCmYSvnVirKIW4xiy/WlE5PwUA3JtKBiB6K8qIjoY
jWsWHSORCHCLQnuHAoo/qdOwjaLoP4BQ+r14O70dIhUmyw==
-----END CERTIFICATE-----