Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/Ra6hvaswLeq5-A7f_5VtLbo5wqo.roa
File:                     Ra6hvaswLeq5-A7f_5VtLbo5wqo.roa (raw, json)
Hash identifier:          VtPPACFAmOWe241pPp9MEHXvE15OMMwxZhSakc6lnao=
Subject key identifier:   45:AE:A1:BD:AB:30:2D:EA:B9:F8:0E:DF:FF:95:6D:2D:BA:39:C2:AA
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       018CCA99F56AF63D3CFA178B69A26E102113
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/Ra6hvaswLeq5-A7f_5VtLbo5wqo.roa
Signing time:             Tue 02 Jan 2024 14:35:36 +0000
ROA not before:           Tue 02 Jan 2024 14:35:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3209
IP address blocks:        2a01:800::/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:f5:6a:f6:3d:3c:fa:17:8b:69:a2:6e:10:21:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Jan  2 14:35:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45aea1bdab302deab9f80edfff956d2dba39c2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:91:3c:bd:20:8b:b2:65:1b:88:99:c9:44:45:
                    cb:ff:ce:14:b8:dc:e7:cf:3a:52:94:3c:1b:4f:11:
                    1e:b9:c5:8b:b1:40:4e:bd:c6:9f:d9:86:c4:83:87:
                    51:f7:fe:29:13:ce:5b:f8:db:2c:3f:e4:61:15:a0:
                    61:0f:e8:23:b4:9e:15:1b:0a:12:26:80:f2:96:0f:
                    c9:25:ff:18:d0:72:61:02:c1:04:79:fb:2a:ad:cd:
                    15:7c:c0:a6:b7:15:ad:77:16:29:b0:c9:39:4d:88:
                    b4:73:3f:23:a1:1d:1d:dc:51:fc:bb:c3:68:0b:44:
                    d1:dd:3b:2f:5e:39:b3:1f:0a:31:88:56:0a:2a:32:
                    d5:2c:e5:44:76:f5:a6:6d:34:71:3b:cf:3d:1e:fc:
                    3b:26:47:9d:73:55:3d:db:d8:79:af:8f:98:0e:eb:
                    30:40:00:9a:48:5a:da:c4:44:08:83:da:52:e2:f2:
                    0a:22:98:61:76:b0:6a:9a:b8:7c:68:87:ae:9e:dd:
                    cc:43:bd:7b:6b:ae:f1:57:ca:f2:63:f8:c4:67:aa:
                    03:e8:72:f0:26:2d:ff:49:f2:c5:84:f8:c5:7f:55:
                    23:d3:1a:ea:03:26:6d:6e:07:33:7f:14:1a:30:ac:
                    42:2f:70:e5:5f:d2:ed:df:47:1e:31:22:02:77:9f:
                    f4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AE:A1:BD:AB:30:2D:EA:B9:F8:0E:DF:FF:95:6D:2D:BA:39:C2:AA
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/Ra6hvaswLeq5-A7f_5VtLbo5wqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:800::/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ac:77:65:aa:d1:2c:3e:66:32:81:a0:12:c6:7b:a0:35:2b:
         dd:4d:f2:be:57:87:54:51:40:7e:da:b0:d9:6f:a2:72:86:e3:
         2e:d8:c2:3c:c4:96:e2:b7:92:60:62:9f:70:e3:4a:08:ab:72:
         ff:7e:d5:35:a8:5a:04:16:5f:ba:b8:af:f2:99:69:c9:b5:f9:
         eb:f0:4f:d9:3d:6d:f8:d1:1b:56:ef:b5:dd:ea:40:b3:57:4b:
         d3:9a:1b:34:57:e0:f5:e5:f7:f0:27:79:59:9e:4b:75:ee:b9:
         e5:32:d4:1c:5a:2d:c3:07:b2:ba:2b:79:e2:4a:37:b0:3b:4c:
         8f:17:b8:fa:fe:d5:20:ff:fe:a7:88:2d:5f:46:89:87:68:be:
         17:01:9e:65:18:76:33:5d:bb:3c:28:fa:ba:aa:42:82:32:3f:
         c1:2a:a8:33:aa:0e:de:15:33:6a:30:09:0a:bd:5c:eb:78:3d:
         4e:72:0c:ff:39:df:cb:25:6c:5b:97:73:82:a8:40:5c:9e:b9:
         34:2a:99:15:ea:ae:6b:10:be:07:91:75:e2:03:42:0e:5b:4d:
         89:ce:a4:9a:f4:20:75:c4:79:58:9d:81:65:46:f9:87:5c:84:
         fa:d8:7f:c8:73:30:9e:ae:20:00:b0:7c:34:29:20:71:ab:0c:
         5e:8b:96:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmfVq9j08+heLaaJuECETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjQwMTAyMTQzNTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWFlYTFiZGFiMzAyZGVhYjlmODBlZGZmZjk1NmQyZGJhMzljMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZE8vSCLsmUbiJnJREXL/84UuNzn
zzpSlDwbTxEeucWLsUBOvcaf2YbEg4dR9/4pE85b+NssP+RhFaBhD+gjtJ4VGwoS
JoDylg/JJf8Y0HJhAsEEefsqrc0VfMCmtxWtdxYpsMk5TYi0cz8joR0d3FH8u8No
C0TR3TsvXjmzHwoxiFYKKjLVLOVEdvWmbTRxO889Hvw7Jkedc1U929h5r4+YDusw
QACaSFraxEQIg9pS4vIKIphhdrBqmrh8aIeunt3MQ717a67xV8ryY/jEZ6oD6HLw
Ji3/SfLFhPjFf1Uj0xrqAyZtbgczfxQaMKxCL3DlX9Lt30ceMSICd5/0DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWuob2rMC3qufgO3/+VbS26OcKqMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvUmE2aHZhc3dMZXE1LUE3Zl81VnRMYm81d3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAAjAGAwQAKgEIMA0G
CSqGSIb3DQEBCwUAA4IBAQCFrHdlqtEsPmYygaASxnugNSvdTfK+V4dUUUB+2rDZ
b6JyhuMu2MI8xJbit5JgYp9w40oIq3L/ftU1qFoEFl+6uK/ymWnJtfnr8E/ZPW34
0RtW77Xd6kCzV0vTmhs0V+D15ffwJ3lZnkt17rnlMtQcWi3DB7K6K3niSjewO0yP
F7j6/tUg//6niC1fRomHaL4XAZ5lGHYzXbs8KPq6qkKCMj/BKqgzqg7eFTNqMAkK
vVzreD1Ocgz/Od/LJWxbl3OCqEBcnrk0KpkV6q5rEL4HkXXiA0IOW02JzqSa9CB1
xHlYnYFlRvmHXIT62H/IczCeriAAsHw0KSBxqwxei5bP
-----END CERTIFICATE-----