Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/u6MxtJLSpnJa91HZPtZmSi6nnuw.roa
File:                     u6MxtJLSpnJa91HZPtZmSi6nnuw.roa (raw, json)
Hash identifier:          wLw0nusC/QZp4SLR6C/kd8TvdVx4sVtZ8eIf2Fi01Ro=
Subject key identifier:   BB:A3:31:B4:92:D2:A6:72:5A:F7:51:D9:3E:D6:66:4A:2E:A7:9E:EC
Certificate issuer:       /CN=c1c26bb574b89b8c1866f8474bb1cb003264ec20
Certificate serial:       018CC3494C76232B5F26972B3C194B810261
Authority key identifier: C1:C2:6B:B5:74:B8:9B:8C:18:66:F8:47:4B:B1:CB:00:32:64:EC:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/u6MxtJLSpnJa91HZPtZmSi6nnuw.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134981
IP address blocks:        2a0c:4a01:c20::/44 maxlen: 44
                          2a0c:4a01:c10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4c:76:23:2b:5f:26:97:2b:3c:19:4b:81:02:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c26bb574b89b8c1866f8474bb1cb003264ec20
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bba331b492d2a6725af751d93ed6664a2ea79eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8c:b2:58:f6:ef:4c:d0:29:b9:4e:a0:1f:13:
                    1e:8c:96:a9:bf:82:26:fa:a5:65:23:ac:68:ff:8c:
                    90:67:94:e1:7a:c2:71:20:4c:00:b6:6a:15:66:ea:
                    ed:6b:9f:42:de:9c:c8:82:ac:c6:7f:6d:7d:3f:c4:
                    65:65:6a:94:29:3f:66:6e:eb:74:3b:bc:8c:43:bb:
                    e3:dc:4f:f2:5e:ef:76:97:ac:a9:55:7a:d7:cd:fa:
                    64:c8:a2:fd:89:96:4d:f1:0f:b2:de:07:28:77:90:
                    bf:d6:ca:00:50:95:9c:98:b2:05:3b:8e:93:e6:ae:
                    c7:04:a6:58:9d:49:c3:d7:56:8c:42:1a:1d:97:a7:
                    a4:21:91:96:31:b5:1f:40:2b:3b:03:9c:61:e2:5a:
                    7b:2c:fb:97:23:15:19:14:49:2c:09:b4:06:c9:3b:
                    e2:f5:a8:06:3f:2e:ba:02:03:05:44:70:41:de:70:
                    7e:61:4c:f1:34:4b:33:5b:43:21:4e:b2:70:8e:65:
                    87:59:9b:5c:17:f0:2b:65:06:d1:0f:a2:cc:b6:51:
                    e4:61:e1:ed:ed:8c:45:82:47:65:23:2a:86:b1:94:
                    c8:50:4b:c8:5b:73:54:b9:f5:8c:79:d9:ad:22:d8:
                    9a:3c:3d:fb:ea:78:bf:39:da:23:6a:54:0b:46:dc:
                    0a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:A3:31:B4:92:D2:A6:72:5A:F7:51:D9:3E:D6:66:4A:2E:A7:9E:EC
            X509v3 Authority Key Identifier:
                keyid:C1:C2:6B:B5:74:B8:9B:8C:18:66:F8:47:4B:B1:CB:00:32:64:EC:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/u6MxtJLSpnJa91HZPtZmSi6nnuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4a01:c10::-2a0c:4a01:c2f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         36:fb:e5:07:82:9f:25:ca:17:ec:92:9d:35:b1:e0:d3:2b:5a:
         37:63:48:15:18:db:64:89:92:f9:d5:0e:31:0e:38:62:61:dd:
         f7:49:3f:d4:c8:c9:b0:18:56:d6:8e:00:95:3c:2b:e3:d4:88:
         b5:46:58:43:a0:2e:d9:96:f4:ee:38:34:c1:3e:bf:93:d8:2b:
         73:d4:23:ae:1a:15:ef:03:2c:b2:dd:fb:b0:f4:fa:5e:28:ca:
         7f:b0:a2:fc:20:3e:4c:11:6b:0c:21:8e:ce:2e:67:25:d8:93:
         c9:e4:33:73:36:ab:56:8a:89:13:7e:45:65:43:79:89:ac:c9:
         9e:ef:2e:44:6f:ac:64:bc:8f:8b:af:0d:d2:22:04:a5:5b:98:
         23:0b:1b:9a:e4:f2:e7:99:02:42:ee:69:a2:3c:6a:7d:e2:76:
         d4:bd:9e:d1:a5:6d:33:30:60:6b:54:7f:aa:d9:0e:bd:42:9e:
         bf:36:a6:93:7f:7c:45:00:b9:53:5b:b6:c8:97:29:9d:ee:fb:
         23:2c:09:a7:f7:5e:d9:e8:11:76:29:9d:0b:a4:10:b2:c0:ae:
         2f:35:b2:1a:7c:16:9a:00:3f:b2:3c:a9:45:c7:20:8e:16:85:
         8f:50:95:f7:a5:fb:a0:3e:78:e9:85:b6:7f:5a:5d:16:58:e7:
         7f:98:13:56
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSUx2IytfJpcrPBlLgQJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzI2YmI1NzRiODliOGMxODY2Zjg0NzRiYjFjYjAwMzI2
NGVjMjAwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmEzMzFiNDkyZDJhNjcyNWFmNzUxZDkzZWQ2NjY0YTJlYTc5ZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoyyWPbvTNApuU6gHxMejJapv4Im
+qVlI6xo/4yQZ5ThesJxIEwAtmoVZurta59C3pzIgqzGf219P8RlZWqUKT9mbut0
O7yMQ7vj3E/yXu92l6ypVXrXzfpkyKL9iZZN8Q+y3gcod5C/1soAUJWcmLIFO46T
5q7HBKZYnUnD11aMQhodl6ekIZGWMbUfQCs7A5xh4lp7LPuXIxUZFEksCbQGyTvi
9agGPy66AgMFRHBB3nB+YUzxNEszW0MhTrJwjmWHWZtcF/ArZQbRD6LMtlHkYeHt
7YxFgkdlIyqGsZTIUEvIW3NUufWMedmtItiaPD376ni/OdojalQLRtwK4wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLujMbSS0qZyWvdR2T7WZkoup57sMB8GA1UdIwQY
MBaAFMHCa7V0uJuMGGb4R0uxywAyZOwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NKcnRYUzRtNHdZWnZoSFM3SExBREprN0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kZjM4ZGEtNzVjZC00ZTIxLWFkMzgt
ZjJhMmE1ZDUwNDVlLzEvdTZNeHRKTFNwbkphOTFIWlB0Wm1TaTZubnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kZjM4ZGEtNzVjZC00ZTIxLWFkMzgtZjJhMmE1ZDUwNDVl
LzEvd2NKcnRYUzRtNHdZWnZoSFM3SExBREprN0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqDEoB
DBADBwQqDEoBDCAwDQYJKoZIhvcNAQELBQADggEBADb75QeCnyXKF+ySnTWx4NMr
WjdjSBUY22SJkvnVDjEOOGJh3fdJP9TIybAYVtaOAJU8K+PUiLVGWEOgLtmW9O44
NME+v5PYK3PUI64aFe8DLLLd+7D0+l4oyn+wovwgPkwRawwhjs4uZyXYk8nkM3M2
q1aKiRN+RWVDeYmsyZ7vLkRvrGS8j4uvDdIiBKVbmCMLG5rk8ueZAkLuaaI8an3i
dtS9ntGlbTMwYGtUf6rZDr1Cnr82ppN/fEUAuVNbtsiXKZ3u+yMsCaf3XtnoEXYp
nQukELLAri81shp8FpoAP7I8qUXHII4WhY9Qlfel+6A+eOmFtn9aXRZY53+YE1Y=
-----END CERTIFICATE-----