Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/atKomxObHgDEn_ABNq_b4RxNA4M.roa
File:                     atKomxObHgDEn_ABNq_b4RxNA4M.roa (raw, json)
Hash identifier:          IId8thkQdFwpEyh6aN4A63s37FPeua1dAlD0VZu6Ig8=
Subject key identifier:   6A:D2:A8:9B:13:9B:1E:00:C4:9F:F0:01:36:AF:DB:E1:1C:4D:03:83
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D2C93F7AF54CEE5B4EC1056991D6E
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/atKomxObHgDEn_ABNq_b4RxNA4M.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a05:1500:910::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2c:93:f7:af:54:ce:e5:b4:ec:10:56:99:1d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad2a89b139b1e00c49ff00136afdbe11c4d0383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:66:92:05:c8:16:fe:58:24:ca:e3:3a:79:de:
                    f2:27:2d:ef:b4:0f:52:8f:e6:a6:fd:d3:5b:c7:a7:
                    42:6e:9f:c0:bb:ee:2d:7b:00:e9:80:e5:31:25:ce:
                    31:f8:b5:f2:d3:c9:b4:ee:fd:c6:41:7f:29:28:dd:
                    1a:24:4b:11:e1:91:47:98:79:bb:47:f4:96:65:f4:
                    0c:df:2b:19:49:22:2c:c7:dd:00:39:e1:c3:7c:af:
                    d9:b3:a8:64:2a:3d:90:58:a8:80:5d:e2:e5:3b:09:
                    61:a1:97:13:23:2e:49:ab:ae:a1:02:01:b1:a4:81:
                    16:cd:4d:15:6a:b4:ec:e1:39:ce:e6:64:58:be:0b:
                    47:22:b4:ee:e4:0d:69:bf:64:da:88:f8:bf:34:1f:
                    1c:24:e0:aa:8d:11:72:37:35:c4:d9:72:7d:72:0d:
                    c2:4a:03:43:6a:d9:3f:fa:7e:56:25:6b:d4:d6:60:
                    86:21:1c:07:9f:19:7b:23:c7:a2:90:3a:ea:a3:cc:
                    31:a9:56:b6:0c:17:e7:f4:ab:be:e1:c2:3e:d4:67:
                    8b:8a:b6:1d:27:f9:63:27:f0:32:29:c6:8d:e8:08:
                    6c:64:6c:32:4b:14:df:09:c0:b9:e3:29:bc:81:aa:
                    b3:7d:1c:7e:cc:a3:51:2e:fa:16:ce:65:ce:e3:41:
                    87:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D2:A8:9B:13:9B:1E:00:C4:9F:F0:01:36:AF:DB:E1:1C:4D:03:83
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/atKomxObHgDEn_ABNq_b4RxNA4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1500:910::/44

    Signature Algorithm: sha256WithRSAEncryption
         54:c6:81:b1:13:39:4b:79:5f:2b:90:c4:8b:02:01:7c:9d:16:
         08:a5:d0:7d:fc:ed:cb:ae:36:ad:d5:8a:ce:83:06:85:40:6f:
         89:c2:e9:35:b9:4a:c7:7a:cf:a0:ce:f2:37:23:9b:b7:84:da:
         d9:44:a4:83:1a:63:a1:22:6a:8c:aa:d9:6d:67:92:94:90:34:
         08:80:0a:aa:ec:57:2d:38:86:fc:32:66:23:1b:b2:d4:cc:b3:
         c0:75:de:37:fe:00:c0:12:ea:44:d0:9a:7b:59:33:7e:42:12:
         46:c9:65:15:ca:59:5f:71:26:0a:e9:7a:13:69:a3:8a:c3:bf:
         d2:a6:44:9b:63:98:48:38:68:4f:c1:2c:32:cd:8a:b2:89:bb:
         76:50:86:1f:d6:7f:0e:8f:75:1c:8c:67:e3:7b:66:58:3b:c6:
         75:a5:e1:29:cd:b4:ae:f3:6b:8a:13:6b:e0:84:32:b1:a8:84:
         a1:de:0c:2d:b2:cc:76:f0:72:bd:fa:0f:af:fd:f7:b2:d1:0c:
         99:bc:c2:29:8b:10:46:83:a6:32:b3:2c:29:2e:bd:66:91:fc:
         e3:a8:ef:f0:3c:83:09:03:80:63:6e:8c:43:e6:37:3a:95:94:
         c0:de:8c:30:14:81:27:0f:45:4e:0c:9f:40:e3:07:4f:91:53:
         b9:6d:10:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbSyT969UzuW07BBWmR1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQyYTg5YjEzOWIxZTAwYzQ5ZmYwMDEzNmFmZGJlMTFjNGQwMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmaSBcgW/lgkyuM6ed7yJy3vtA9S
j+am/dNbx6dCbp/Au+4tewDpgOUxJc4x+LXy08m07v3GQX8pKN0aJEsR4ZFHmHm7
R/SWZfQM3ysZSSIsx90AOeHDfK/Zs6hkKj2QWKiAXeLlOwlhoZcTIy5Jq66hAgGx
pIEWzU0VarTs4TnO5mRYvgtHIrTu5A1pv2TaiPi/NB8cJOCqjRFyNzXE2XJ9cg3C
SgNDatk/+n5WJWvU1mCGIRwHnxl7I8eikDrqo8wxqVa2DBfn9Ku+4cI+1GeLirYd
J/ljJ/AyKcaN6AhsZGwySxTfCcC54ym8gaqzfRx+zKNRLvoWzmXO40GH+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGrSqJsTmx4AxJ/wATav2+EcTQODMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvYXRLb214T2JIZ0RFbl9BQk5xX2I0UnhOQTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgUVAAkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBUxoGxEzlLeV8rkMSLAgF8nRYIpdB9/O3Lrjat
1YrOgwaFQG+Jwuk1uUrHes+gzvI3I5u3hNrZRKSDGmOhImqMqtltZ5KUkDQIgAqq
7FctOIb8MmYjG7LUzLPAdd43/gDAEupE0Jp7WTN+QhJGyWUVyllfcSYK6XoTaaOK
w7/SpkSbY5hIOGhPwSwyzYqyibt2UIYf1n8Oj3UcjGfje2ZYO8Z1peEpzbSu82uK
E2vghDKxqISh3gwtssx28HK9+g+v/fey0QyZvMIpixBGg6YysywpLr1mkfzjqO/w
PIMJA4BjboxD5jc6lZTA3owwFIEnD0VODJ9A4wdPkVO5bRDo
-----END CERTIFICATE-----