Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/c65398-a8eb-4d16-9c4e-3584e2ab1f0d/1/ldddlPNcjPX9UFZMxrZrk1U2bvI.roa
File:                     ldddlPNcjPX9UFZMxrZrk1U2bvI.roa (raw, json)
Hash identifier:          a3XG9g0cVhahyYFA/ZacT+AZMncrQ/HQd5mt/TpAY+c=
Subject key identifier:   95:D7:5D:94:F3:5C:8C:F5:FD:50:56:4C:C6:B6:6B:93:55:36:6E:F2
Certificate issuer:       /CN=c0d0495acf9c78b9183bba0c05b8a29974382b14
Certificate serial:       018CC2DB3D40149F331649DE4F39059BD79F
Authority key identifier: C0:D0:49:5A:CF:9C:78:B9:18:3B:BA:0C:05:B8:A2:99:74:38:2B:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wNBJWs-ceLkYO7oMBbiimXQ4KxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/c65398-a8eb-4d16-9c4e-3584e2ab1f0d/1/ldddlPNcjPX9UFZMxrZrk1U2bvI.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209489
IP address blocks:        2a04:de40:40::/42 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/c65398-a8eb-4d16-9c4e-3584e2ab1f0d/1/wNBJWs-ceLkYO7oMBbiimXQ4KxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/c65398-a8eb-4d16-9c4e-3584e2ab1f0d/1/wNBJWs-ceLkYO7oMBbiimXQ4KxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wNBJWs-ceLkYO7oMBbiimXQ4KxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3d:40:14:9f:33:16:49:de:4f:39:05:9b:d7:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0d0495acf9c78b9183bba0c05b8a29974382b14
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95d75d94f35c8cf5fd50564cc6b66b9355366ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3b:3f:01:e5:6a:d2:b0:e8:3e:86:02:f6:ad:
                    ec:6d:96:6b:dc:21:57:f4:8d:53:5c:23:f7:19:38:
                    97:7e:d5:39:77:95:dc:20:6d:31:00:fb:7a:64:4a:
                    94:40:cc:58:62:55:0f:9a:9e:55:8c:c7:f7:37:f6:
                    7c:64:4c:31:02:95:1a:3d:95:0c:02:d1:fc:53:a0:
                    39:f6:67:c5:d0:4f:67:0f:c1:2a:bc:b3:57:c7:24:
                    a9:90:f1:70:4e:54:07:90:13:e9:1b:ca:3d:f4:83:
                    e8:eb:35:3f:90:eb:e5:37:59:c4:a8:f6:e1:6d:bd:
                    bf:96:1f:ae:12:11:68:93:da:d4:98:4f:4b:0b:ae:
                    5a:cb:cb:a0:96:ec:4b:37:29:ad:55:a0:7f:2d:70:
                    c7:92:51:30:de:21:38:10:90:15:f0:0f:9b:01:82:
                    a7:cf:5c:83:3d:d3:38:09:88:b7:09:2c:73:63:b9:
                    fe:d0:70:f1:82:b6:67:d5:ae:7e:7e:f8:d2:9c:c2:
                    3f:84:8b:8d:41:95:83:9f:79:0a:d7:07:90:a6:3b:
                    4a:04:be:89:17:26:70:3c:71:c5:c5:32:d2:da:c7:
                    94:05:b1:ad:97:a5:80:ef:f9:3b:90:68:47:90:5b:
                    62:32:fb:06:72:dc:27:af:69:bf:84:68:fa:73:a7:
                    71:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D7:5D:94:F3:5C:8C:F5:FD:50:56:4C:C6:B6:6B:93:55:36:6E:F2
            X509v3 Authority Key Identifier:
                keyid:C0:D0:49:5A:CF:9C:78:B9:18:3B:BA:0C:05:B8:A2:99:74:38:2B:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wNBJWs-ceLkYO7oMBbiimXQ4KxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/c65398-a8eb-4d16-9c4e-3584e2ab1f0d/1/ldddlPNcjPX9UFZMxrZrk1U2bvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/c65398-a8eb-4d16-9c4e-3584e2ab1f0d/1/wNBJWs-ceLkYO7oMBbiimXQ4KxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:de40:40::/42

    Signature Algorithm: sha256WithRSAEncryption
         80:b0:2d:88:d4:99:36:d2:72:e2:8d:b0:14:ff:95:a9:1d:91:
         8d:55:6c:f2:32:01:c3:72:5b:3c:56:04:7a:10:62:fb:83:b2:
         51:68:05:48:de:f2:26:83:0f:e1:2b:db:87:2d:d5:26:81:e2:
         fe:7b:71:e4:8c:94:42:4b:cd:b7:59:8c:9a:ae:62:54:bc:ed:
         f0:fe:28:69:ba:10:13:07:fc:04:44:28:79:14:ed:11:66:07:
         cf:1c:50:63:e0:1d:27:89:ce:e9:5b:f1:af:7e:17:0f:84:83:
         a7:a5:fc:56:f1:11:5a:15:e5:29:7b:3b:8c:a9:6e:d6:f0:b7:
         2c:1f:29:cf:8d:8d:ec:8f:37:1d:a7:64:3c:04:5d:a3:b0:2a:
         65:7e:b6:b3:eb:59:82:27:dd:32:b5:37:0c:ab:ff:67:2a:29:
         1e:83:e3:81:9e:4d:d7:ba:1b:31:a7:3d:ba:4d:c2:d3:89:f8:
         95:38:09:c5:26:4d:11:1c:b5:ac:63:5c:5b:7a:0e:a0:a4:18:
         0a:32:e3:61:a1:37:76:c2:80:66:6f:7e:c5:dc:fb:98:16:c5:
         ca:c3:ba:c6:30:54:9d:4e:f7:15:3f:73:23:fe:a8:f9:dc:79:
         9d:de:f8:e2:ca:01:51:f7:6b:94:97:78:fd:76:a6:41:c7:39:
         d2:9c:ad:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2z1AFJ8zFkneTzkFm9efMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZDA0OTVhY2Y5Yzc4YjkxODNiYmEwYzA1YjhhMjk5NzQz
ODJiMTQwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ3NWQ5NGYzNWM4Y2Y1ZmQ1MDU2NGNjNmI2NmI5MzU1MzY2ZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTs/AeVq0rDoPoYC9q3sbZZr3CFX
9I1TXCP3GTiXftU5d5XcIG0xAPt6ZEqUQMxYYlUPmp5VjMf3N/Z8ZEwxApUaPZUM
AtH8U6A59mfF0E9nD8EqvLNXxySpkPFwTlQHkBPpG8o99IPo6zU/kOvlN1nEqPbh
bb2/lh+uEhFok9rUmE9LC65ay8ugluxLNymtVaB/LXDHklEw3iE4EJAV8A+bAYKn
z1yDPdM4CYi3CSxzY7n+0HDxgrZn1a5+fvjSnMI/hIuNQZWDn3kK1weQpjtKBL6J
FyZwPHHFxTLS2seUBbGtl6WA7/k7kGhHkFtiMvsGctwnr2m/hGj6c6dxgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJXXXZTzXIz1/VBWTMa2a5NVNm7yMB8GA1UdIwQY
MBaAFMDQSVrPnHi5GDu6DAW4opl0OCsUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd05CSldzLWNlTGtZTzdvTUJiaWltWFE0S3hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9jNjUzOTgtYThlYi00ZDE2LTljNGUt
MzU4NGUyYWIxZjBkLzEvbGRkZGxQTmNqUFg5VUZaTXhyWnJrMVUyYnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9jNjUzOTgtYThlYi00ZDE2LTljNGUtMzU4NGUyYWIxZjBk
LzEvd05CSldzLWNlTGtZTzdvTUJiaWltWFE0S3hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgTeQABA
MA0GCSqGSIb3DQEBCwUAA4IBAQCAsC2I1Jk20nLijbAU/5WpHZGNVWzyMgHDcls8
VgR6EGL7g7JRaAVI3vImgw/hK9uHLdUmgeL+e3HkjJRCS823WYyarmJUvO3w/ihp
uhATB/wERCh5FO0RZgfPHFBj4B0nic7pW/GvfhcPhIOnpfxW8RFaFeUpezuMqW7W
8LcsHynPjY3sjzcdp2Q8BF2jsCplfraz61mCJ90ytTcMq/9nKikeg+OBnk3Xuhsx
pz26TcLTifiVOAnFJk0RHLWsY1xbeg6gpBgKMuNhoTd2woBmb37F3PuYFsXKw7rG
MFSdTvcVP3Mj/qj53Hmd3vjiygFR92uUl3j9dqZBxznSnK0F
-----END CERTIFICATE-----