Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/gLqFduyaM-ujPpXoI1wH6cKvKUE.roa
File:                     gLqFduyaM-ujPpXoI1wH6cKvKUE.roa (raw, json)
Hash identifier:          DsCFKo7jLl0JmgBenbA9gcyN8ILsdJkxPnaG/CFbJ14=
Subject key identifier:   80:BA:85:76:EC:9A:33:EB:A3:3E:95:E8:23:5C:07:E9:C2:AF:29:41
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D2B28A4F84226E77ED05A294574CE
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/gLqFduyaM-ujPpXoI1wH6cKvKUE.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        2a0b:8f80:301::/48 maxlen: 48
                          2a0b:8f80:201::/48 maxlen: 48
                          2a05:1500:fe00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:28:a4:f8:42:26:e7:7e:d0:5a:29:45:74:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80ba8576ec9a33eba33e95e8235c07e9c2af2941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9e:de:b3:48:10:73:0b:3b:14:a9:9c:3e:57:
                    ff:e8:1d:ae:60:49:30:f6:5b:13:50:e0:f5:9f:03:
                    85:fc:e9:fc:cf:f9:72:87:e4:81:47:18:78:18:7c:
                    b0:35:24:65:6a:4f:24:77:aa:c2:6d:35:5f:09:de:
                    70:16:f7:9e:ba:6c:2f:73:c7:40:d8:48:1f:c2:58:
                    33:2e:fa:9d:8a:26:7f:2c:2c:ae:05:bd:f1:84:13:
                    aa:23:46:6a:16:6d:07:f5:90:c8:45:8c:0a:d0:ac:
                    fa:5d:9d:c7:0b:42:0c:b5:3f:ed:6f:e0:fc:28:99:
                    7a:11:cf:9a:bf:df:48:ae:65:ec:54:c8:7a:93:b8:
                    4e:4d:5e:73:20:99:b7:a7:ae:b6:9c:8d:f6:fc:6f:
                    5a:b4:73:c4:30:e7:96:03:b7:22:6c:8f:b9:89:1c:
                    19:b5:14:92:2a:ca:8d:68:cf:7f:a1:1e:b5:8e:51:
                    54:93:06:f9:3d:5e:28:a1:73:26:7a:50:c7:ff:65:
                    aa:1d:7a:92:7f:ad:71:c2:40:85:1c:d0:94:5e:d9:
                    c1:b3:98:12:6e:88:b8:94:9e:fe:3c:fe:e6:05:7b:
                    11:e6:a5:fb:17:a4:db:42:4a:7d:13:af:2a:9a:ed:
                    18:d4:bd:ee:1a:95:35:69:2f:96:cd:92:92:14:b5:
                    3a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:BA:85:76:EC:9A:33:EB:A3:3E:95:E8:23:5C:07:E9:C2:AF:29:41
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/gLqFduyaM-ujPpXoI1wH6cKvKUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1500:fe00::/40
                  2a0b:8f80:201::/48
                  2a0b:8f80:301::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:27:4a:44:29:d2:2a:ef:b5:52:86:14:d9:42:ba:e3:e1:a1:
         14:28:92:b4:40:91:dd:72:03:57:52:70:73:6d:f6:22:09:44:
         ea:78:2d:92:05:dd:ad:73:c8:f0:2a:91:28:ce:b1:18:35:df:
         be:d9:16:6c:a5:29:6c:6d:2e:bd:95:62:c8:a4:85:7d:b4:2f:
         c8:1a:24:12:7a:59:14:92:6e:3f:2d:a4:e6:e5:77:42:18:1b:
         45:61:be:d4:f5:c7:68:3c:17:3f:81:9c:b4:63:88:65:51:03:
         dc:c8:b5:6c:37:be:4c:9a:50:78:6b:4a:25:58:0d:9b:04:36:
         1a:f4:80:30:b0:38:76:f6:88:f4:81:a3:3c:c8:84:ab:7f:b4:
         73:df:e8:44:c4:6e:7d:0c:cb:de:b2:86:34:41:95:da:09:1d:
         f5:18:0c:51:e3:82:ea:4b:d5:17:71:f5:6e:d5:27:a9:64:cf:
         43:a3:95:49:56:7c:e2:9d:8f:34:c4:3a:7b:34:e4:33:b6:d2:
         db:e4:0b:a6:fc:1d:37:c5:18:00:51:f4:6d:f3:38:2e:c5:fe:
         32:64:86:aa:c1:64:90:3c:c7:ca:82:d9:19:7e:ed:37:1d:33:
         e0:18:99:e8:d2:30:af:ec:2c:dc:ce:25:69:8b:65:62:16:6e:
         1e:65:ae:fc
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzCbSsopPhCJud+0FopRXTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGJhODU3NmVjOWEzM2ViYTMzZTk1ZTgyMzVjMDdlOWMyYWYyOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ7es0gQcws7FKmcPlf/6B2uYEkw
9lsTUOD1nwOF/On8z/lyh+SBRxh4GHywNSRlak8kd6rCbTVfCd5wFveeumwvc8dA
2EgfwlgzLvqdiiZ/LCyuBb3xhBOqI0ZqFm0H9ZDIRYwK0Kz6XZ3HC0IMtT/tb+D8
KJl6Ec+av99IrmXsVMh6k7hOTV5zIJm3p662nI32/G9atHPEMOeWA7cibI+5iRwZ
tRSSKsqNaM9/oR61jlFUkwb5PV4ooXMmelDH/2WqHXqSf61xwkCFHNCUXtnBs5gS
boi4lJ7+PP7mBXsR5qX7F6TbQkp9E68qmu0Y1L3uGpU1aS+WzZKSFLU62wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIC6hXbsmjProz6V6CNcB+nCrylBMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvZ0xxRmR1eWFNLXVqUHBYb0kxd0g2Y0t2S1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKgUVAP4D
BwAqC4+AAgEDBwAqC4+AAwEwDQYJKoZIhvcNAQELBQADggEBAC8nSkQp0irvtVKG
FNlCuuPhoRQokrRAkd1yA1dScHNt9iIJROp4LZIF3a1zyPAqkSjOsRg1377ZFmyl
KWxtLr2VYsikhX20L8gaJBJ6WRSSbj8tpObld0IYG0VhvtT1x2g8Fz+BnLRjiGVR
A9zItWw3vkyaUHhrSiVYDZsENhr0gDCwOHb2iPSBozzIhKt/tHPf6ETEbn0My96y
hjRBldoJHfUYDFHjgupL1Rdx9W7VJ6lkz0OjlUlWfOKdjzTEOns05DO20tvkC6b8
HTfFGABR9G3zOC7F/jJkhqrBZJA8x8qC2Rl+7TcdM+AYmejSMK/sLNzOJWmLZWIW
bh5lrvw=
-----END CERTIFICATE-----