Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/SdITyx60ptY_jki0QqIZzLGfWGQ.roa
File:                     SdITyx60ptY_jki0QqIZzLGfWGQ.roa (raw, json)
Hash identifier:          8uOqDrxNewwtyoYBFcJf2g7t8peH0bPiB1UfCuek6Po=
Subject key identifier:   49:D2:13:CB:1E:B4:A6:D6:3F:8E:48:B4:42:A2:19:CC:B1:9F:58:64
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       018CC5005E33B153D764D2F52BF5C628CD40
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/SdITyx60ptY_jki0QqIZzLGfWGQ.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        2a05:541:127::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5e:33:b1:53:d7:64:d2:f5:2b:f5:c6:28:cd:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49d213cb1eb4a6d63f8e48b442a219ccb19f5864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:47:1f:0c:07:01:0b:a9:3f:85:28:fc:84:0d:
                    51:13:73:89:68:75:a2:ee:e4:97:3a:01:f5:13:16:
                    92:81:87:eb:a3:af:b8:a9:51:16:dd:4c:a3:a0:97:
                    69:df:20:07:e3:50:17:2e:53:b1:bb:1b:8e:2d:94:
                    b7:b9:5d:89:c7:77:cb:75:b9:bd:b6:12:df:7e:ad:
                    a3:25:13:d4:3d:fa:42:b6:4b:9c:39:eb:58:d0:95:
                    3a:3c:81:eb:2b:b5:6a:92:a6:e7:be:65:46:47:47:
                    fa:3e:f1:8c:09:a6:21:38:fb:30:d6:65:43:56:5a:
                    32:c9:95:7b:3a:01:e5:e0:10:73:5a:90:f9:ef:b2:
                    75:ae:34:48:32:90:d7:a0:42:00:f6:b3:68:93:46:
                    bf:6c:b6:f1:01:78:3e:14:4c:48:3e:5e:e8:31:af:
                    35:a9:88:b0:bd:dc:8f:9c:d4:ce:ec:cd:be:bf:de:
                    5a:ca:1c:33:18:0e:b9:a3:1f:b5:e4:0b:97:37:27:
                    d5:96:a1:ca:29:08:43:5e:af:46:92:62:d2:63:51:
                    97:bc:78:52:c4:8b:2c:ff:0c:ec:e2:4b:a9:7a:bf:
                    c2:ea:29:16:62:b6:31:7e:cd:75:6b:05:28:a6:07:
                    64:97:b1:5e:ea:51:cd:3b:0d:43:ae:9e:12:45:66:
                    65:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D2:13:CB:1E:B4:A6:D6:3F:8E:48:B4:42:A2:19:CC:B1:9F:58:64
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/SdITyx60ptY_jki0QqIZzLGfWGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:127::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:95:3e:59:4e:1f:60:47:81:dc:d3:09:ac:cf:88:34:6f:f3:
         5e:ed:c9:3e:f8:f9:b7:85:05:af:40:b4:bc:71:ac:9c:bb:89:
         0a:d6:e6:82:09:0b:0c:04:50:78:02:61:78:98:5e:94:9b:c2:
         27:65:c8:c8:fc:be:87:19:9a:3a:00:83:7e:3a:41:42:9a:bd:
         22:83:26:34:d0:cb:06:ce:c7:66:c0:70:7d:48:34:16:39:fd:
         0a:91:b0:9d:bb:60:a7:4e:ce:62:e6:36:3b:75:24:3c:a1:f5:
         09:d4:fd:35:5e:74:8f:10:d2:00:a7:64:dd:3a:78:de:c2:dc:
         2c:60:af:48:d5:2e:45:fb:b9:cf:d5:d5:80:e9:73:e8:6b:62:
         ba:8d:7b:dd:32:a4:b9:dd:8b:94:cc:a6:71:11:51:50:fb:68:
         50:15:0a:72:32:e1:73:2b:92:2c:11:aa:e6:ec:62:07:35:5c:
         ca:84:c5:b4:4e:1c:7e:ca:de:c7:84:f4:9f:e5:35:c7:7b:33:
         bf:73:03:cc:6c:48:ed:d9:36:df:44:c6:19:6e:53:c0:fc:7d:
         73:50:34:e1:81:ed:8e:36:25:83:af:cf:61:46:28:71:2c:2b:
         bf:5e:5b:b9:f5:cc:b6:7d:4b:72:45:fd:54:13:12:c5:f5:73:
         0a:78:eb:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAF4zsVPXZNL1K/XGKM1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQyMTNjYjFlYjRhNmQ2M2Y4ZTQ4YjQ0MmEyMTljY2IxOWY1ODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0cfDAcBC6k/hSj8hA1RE3OJaHWi
7uSXOgH1ExaSgYfro6+4qVEW3UyjoJdp3yAH41AXLlOxuxuOLZS3uV2Jx3fLdbm9
thLffq2jJRPUPfpCtkucOetY0JU6PIHrK7VqkqbnvmVGR0f6PvGMCaYhOPsw1mVD
VloyyZV7OgHl4BBzWpD577J1rjRIMpDXoEIA9rNok0a/bLbxAXg+FExIPl7oMa81
qYiwvdyPnNTO7M2+v95ayhwzGA65ox+15AuXNyfVlqHKKQhDXq9GkmLSY1GXvHhS
xIss/wzs4kuper/C6ikWYrYxfs11awUopgdkl7Fe6lHNOw1Drp4SRWZlrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEnSE8setKbWP45ItEKiGcyxn1hkMB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvU2RJVHl4NjBwdFlfamtpMFFxSVp6TEdmV0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUFQQEn
MA0GCSqGSIb3DQEBCwUAA4IBAQAQlT5ZTh9gR4Hc0wmsz4g0b/Ne7ck++Pm3hQWv
QLS8caycu4kK1uaCCQsMBFB4AmF4mF6Um8InZcjI/L6HGZo6AIN+OkFCmr0igyY0
0MsGzsdmwHB9SDQWOf0KkbCdu2CnTs5i5jY7dSQ8ofUJ1P01XnSPENIAp2TdOnje
wtwsYK9I1S5F+7nP1dWA6XPoa2K6jXvdMqS53YuUzKZxEVFQ+2hQFQpyMuFzK5Is
Earm7GIHNVzKhMW0Thx+yt7HhPSf5TXHezO/cwPMbEjt2TbfRMYZblPA/H1zUDTh
ge2ONiWDr89hRihxLCu/Xlu59cy2fUtyRf1UExLF9XMKeOv/
-----END CERTIFICATE-----