Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/Q-0WdhKm5r5RLnEASf5fFgrBx-4.roa
File:                     Q-0WdhKm5r5RLnEASf5fFgrBx-4.roa (raw, json)
Hash identifier:          0L6vvceqYZrXs9/xhfDe0svkGWXkApR1oVYT1BXBM90=
Subject key identifier:   43:ED:16:76:12:A6:E6:BE:51:2E:71:00:49:FE:5F:16:0A:C1:C7:EE
Certificate issuer:       /CN=79bd5372e1e19d05beda353bd6a15bdd39291fa4
Certificate serial:       018DAA1B7207D9A36C50DDA7C439126DF45F
Authority key identifier: 79:BD:53:72:E1:E1:9D:05:BE:DA:35:3B:D6:A1:5B:DD:39:29:1F:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eb1TcuHhnQW-2jU71qFb3TkpH6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/Q-0WdhKm5r5RLnEASf5fFgrBx-4.roa
Signing time:             Thu 15 Feb 2024 00:12:21 +0000
ROA not before:           Thu 15 Feb 2024 00:12:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216293
IP address blocks:        2a13:d9c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/eb1TcuHhnQW-2jU71qFb3TkpH6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/eb1TcuHhnQW-2jU71qFb3TkpH6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eb1TcuHhnQW-2jU71qFb3TkpH6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:aa:1b:72:07:d9:a3:6c:50:dd:a7:c4:39:12:6d:f4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79bd5372e1e19d05beda353bd6a15bdd39291fa4
        Validity
            Not Before: Feb 15 00:12:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43ed167612a6e6be512e710049fe5f160ac1c7ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:74:72:8c:a9:d2:30:fb:45:70:9a:df:00:4f:
                    f9:d3:8d:a8:b5:2d:f8:f3:75:fe:f7:f3:9e:4e:36:
                    2a:a1:22:d0:7f:e7:5a:1f:7c:a1:a8:a9:67:67:31:
                    3e:f1:e4:64:18:08:a3:38:b8:8a:2e:14:ab:f7:e1:
                    49:46:0a:e4:9d:f9:cd:0d:1a:c4:8e:aa:82:dc:61:
                    f4:f8:1f:ba:0c:bc:30:69:e7:8d:33:d4:5b:46:5d:
                    1d:a0:8d:43:99:e3:a8:66:dc:3d:d2:8d:c0:44:26:
                    51:01:cf:3c:6b:a1:56:2e:1c:ae:56:71:cb:bb:25:
                    8d:ce:67:5b:b0:d7:c9:0f:5b:e5:0d:8b:ee:30:8c:
                    96:b2:dd:1d:fa:a5:98:db:bf:d0:31:52:28:68:7a:
                    3f:65:a0:b1:81:b4:8e:00:cb:94:86:f5:71:37:4f:
                    a3:57:6e:67:a2:fd:1d:da:14:2b:65:0c:c0:9b:19:
                    ac:53:60:d9:2a:65:bc:bb:81:a6:dd:5b:8a:e8:69:
                    86:74:81:21:17:06:c5:cd:34:dd:40:5a:ed:2b:00:
                    4d:3c:10:5e:e0:ef:b5:f7:c8:72:b9:35:55:b1:c3:
                    dd:d1:84:57:2f:3b:8e:f5:c2:24:96:5a:9f:2c:00:
                    3a:76:08:a9:70:5f:47:7c:e6:8d:53:ee:15:4a:df:
                    51:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:ED:16:76:12:A6:E6:BE:51:2E:71:00:49:FE:5F:16:0A:C1:C7:EE
            X509v3 Authority Key Identifier:
                keyid:79:BD:53:72:E1:E1:9D:05:BE:DA:35:3B:D6:A1:5B:DD:39:29:1F:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb1TcuHhnQW-2jU71qFb3TkpH6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/Q-0WdhKm5r5RLnEASf5fFgrBx-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fbe350-69da-495d-96e2-abfa83fcff67/1/eb1TcuHhnQW-2jU71qFb3TkpH6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:61:f1:64:d7:44:d2:d2:d8:cf:21:aa:4d:f4:da:6d:bf:6e:
         54:fc:40:71:a3:c0:3b:3d:1c:2d:60:5d:ce:f6:cf:b8:ab:c5:
         be:bf:8d:a4:f8:bf:0f:f8:40:a0:78:76:40:6b:db:f8:19:f6:
         c5:68:84:1a:a0:44:4d:82:94:cb:cc:83:c4:94:00:1f:78:0c:
         96:27:da:f5:2e:52:05:26:ae:85:e3:86:ec:36:6a:73:cd:de:
         6d:b1:0b:b6:74:3b:6c:65:ad:ee:d9:88:32:e2:e6:a4:48:ea:
         b5:ae:a6:26:6b:7f:62:c6:f4:04:9a:fd:4b:c8:d6:dc:67:2c:
         7a:a2:a4:ba:32:58:af:aa:f2:35:e1:61:bf:43:22:88:ff:27:
         b9:07:d3:a6:24:6a:1d:66:a7:82:8d:b2:10:4c:dc:57:45:2d:
         52:ca:d4:e2:a9:99:e7:d2:31:56:36:0c:24:78:0d:65:a9:c4:
         fa:d8:d3:b7:b7:7a:ec:76:8e:b9:69:f5:71:43:f1:6e:f2:f1:
         5e:42:59:a5:7b:bb:a6:e1:66:22:3b:bb:c1:2d:65:5c:34:30:
         83:f1:c6:30:36:bd:ea:f2:d4:90:9a:c8:58:83:33:99:67:6a:
         71:94:ca:ff:49:9e:03:30:73:11:62:95:1a:87:e3:f5:5b:44:
         e3:52:50:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2qG3IH2aNsUN2nxDkSbfRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YmQ1MzcyZTFlMTlkMDViZWRhMzUzYmQ2YTE1YmRkMzky
OTFmYTQwHhcNMjQwMjE1MDAxMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2VkMTY3NjEyYTZlNmJlNTEyZTcxMDA0OWZlNWYxNjBhYzFjN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnRyjKnSMPtFcJrfAE/5042otS34
83X+9/OeTjYqoSLQf+daH3yhqKlnZzE+8eRkGAijOLiKLhSr9+FJRgrknfnNDRrE
jqqC3GH0+B+6DLwwaeeNM9RbRl0doI1DmeOoZtw90o3ARCZRAc88a6FWLhyuVnHL
uyWNzmdbsNfJD1vlDYvuMIyWst0d+qWY27/QMVIoaHo/ZaCxgbSOAMuUhvVxN0+j
V25nov0d2hQrZQzAmxmsU2DZKmW8u4Gm3VuK6GmGdIEhFwbFzTTdQFrtKwBNPBBe
4O+198hyuTVVscPd0YRXLzuO9cIkllqfLAA6dgipcF9HfOaNU+4VSt9R/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEPtFnYSpua+US5xAEn+XxYKwcfuMB8GA1UdIwQY
MBaAFHm9U3Lh4Z0Fvto1O9ahW905KR+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWIxVGN1SGhuUVctMmpVNzFxRmIzVGtwSDZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mYmUzNTAtNjlkYS00OTVkLTk2ZTIt
YWJmYTgzZmNmZjY3LzEvUS0wV2RoS201cjVSTG5FQVNmNWZGZ3JCeC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mYmUzNTAtNjlkYS00OTVkLTk2ZTItYWJmYTgzZmNmZjY3
LzEvZWIxVGN1SGhuUVctMmpVNzFxRmIzVGtwSDZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPZwDAN
BgkqhkiG9w0BAQsFAAOCAQEAWGHxZNdE0tLYzyGqTfTabb9uVPxAcaPAOz0cLWBd
zvbPuKvFvr+NpPi/D/hAoHh2QGvb+Bn2xWiEGqBETYKUy8yDxJQAH3gMlifa9S5S
BSauheOG7DZqc83ebbELtnQ7bGWt7tmIMuLmpEjqta6mJmt/Ysb0BJr9S8jW3Gcs
eqKkujJYr6ryNeFhv0MiiP8nuQfTpiRqHWango2yEEzcV0UtUsrU4qmZ59IxVjYM
JHgNZanE+tjTt7d67HaOuWn1cUPxbvLxXkJZpXu7puFmIju7wS1lXDQwg/HGMDa9
6vLUkJrIWIMzmWdqcZTK/0meAzBzEWKVGofj9VtE41JQfw==
-----END CERTIFICATE-----