Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/50248d-825c-45e1-b5ff-b29a2cbc3580/1/xQqJbenqVEn3-3PBK_om6FEiaV8.roa
File:                     xQqJbenqVEn3-3PBK_om6FEiaV8.roa (raw, json)
Hash identifier:          HtNsq0GCr5Z71uEvAJX45waX3t/ZCJpuauEYwT7014A=
Subject key identifier:   C5:0A:89:6D:E9:EA:54:49:F7:FB:73:C1:2B:FA:26:E8:51:22:69:5F
Certificate issuer:       /CN=5417e3db0d1c2cfc22b4be874e2598dd099294ed
Certificate serial:       018CC801C8E1B3A04068397689CE42BAC886
Authority key identifier: 54:17:E3:DB:0D:1C:2C:FC:22:B4:BE:87:4E:25:98:DD:09:92:94:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VBfj2w0cLPwitL6HTiWY3QmSlO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/50248d-825c-45e1-b5ff-b29a2cbc3580/1/xQqJbenqVEn3-3PBK_om6FEiaV8.roa
Signing time:             Tue 02 Jan 2024 02:30:09 +0000
ROA not before:           Tue 02 Jan 2024 02:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30892
IP address blocks:        2a02:aa8::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/50248d-825c-45e1-b5ff-b29a2cbc3580/1/VBfj2w0cLPwitL6HTiWY3QmSlO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/50248d-825c-45e1-b5ff-b29a2cbc3580/1/VBfj2w0cLPwitL6HTiWY3QmSlO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VBfj2w0cLPwitL6HTiWY3QmSlO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c8:e1:b3:a0:40:68:39:76:89:ce:42:ba:c8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5417e3db0d1c2cfc22b4be874e2598dd099294ed
        Validity
            Not Before: Jan  2 02:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c50a896de9ea5449f7fb73c12bfa26e85122695f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7f:0c:7e:35:74:7d:5e:6d:b2:33:d4:97:41:
                    b0:c2:06:f8:3a:7b:c7:59:3a:c6:25:5b:2b:5a:b1:
                    9b:17:cc:30:11:09:cd:4a:8f:24:1f:62:50:e6:b6:
                    78:02:20:6c:63:5e:10:3c:12:2e:6a:c5:c0:99:4f:
                    a7:ad:1a:92:5a:f3:91:35:70:b0:e5:6d:fe:f1:44:
                    a9:04:4a:12:05:7b:c2:bc:0e:98:50:1d:f6:8d:2e:
                    28:71:c5:ad:42:51:83:3e:17:1d:c3:bc:1f:16:f2:
                    5c:d1:da:c4:5f:5f:4e:55:24:a6:e7:03:b9:9d:7a:
                    b6:38:5d:0f:d5:c5:73:9d:45:b0:a5:19:fc:63:0c:
                    41:30:d0:9a:ff:03:11:49:65:28:3b:1a:14:30:0a:
                    e1:80:cf:ee:ef:f7:01:5d:d3:a1:6e:90:d2:2d:07:
                    f2:9c:cf:f0:49:a9:12:5d:88:57:42:d5:38:3e:21:
                    ae:71:c6:4f:83:d2:74:ae:70:6b:53:6d:e1:28:cf:
                    db:ee:be:38:cb:55:d4:8d:f0:d5:02:5e:af:03:bc:
                    2b:cd:b4:c7:fc:fb:67:ff:e9:a3:64:79:03:d1:de:
                    90:0c:d1:96:c5:f7:ea:70:e4:d6:aa:25:1d:f0:36:
                    2c:e6:9a:e6:79:92:84:54:a1:07:04:26:68:ed:de:
                    e7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:0A:89:6D:E9:EA:54:49:F7:FB:73:C1:2B:FA:26:E8:51:22:69:5F
            X509v3 Authority Key Identifier:
                keyid:54:17:E3:DB:0D:1C:2C:FC:22:B4:BE:87:4E:25:98:DD:09:92:94:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VBfj2w0cLPwitL6HTiWY3QmSlO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/50248d-825c-45e1-b5ff-b29a2cbc3580/1/xQqJbenqVEn3-3PBK_om6FEiaV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/50248d-825c-45e1-b5ff-b29a2cbc3580/1/VBfj2w0cLPwitL6HTiWY3QmSlO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:aa8::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:08:42:e7:ab:43:96:a0:3a:94:f5:51:fe:ef:56:4c:52:c6:
         40:aa:ac:ee:f8:db:98:4e:f2:93:54:d1:a1:cc:8a:02:a8:d5:
         3d:db:db:1e:ed:4a:25:b1:51:03:2d:96:53:65:5d:ef:a6:d6:
         3e:28:69:1f:bf:3c:05:08:e3:82:22:45:38:f1:b4:2f:37:92:
         66:cb:77:da:7b:69:06:38:91:6a:15:51:83:94:c9:7e:5c:d5:
         c3:73:d6:fb:4e:37:5a:73:3b:3f:ff:1f:a7:f6:62:cd:95:6c:
         7c:b3:df:ab:e3:2a:92:87:eb:3c:e2:51:51:31:49:55:38:6e:
         bc:f3:fe:42:61:83:79:f0:bb:eb:b6:86:c7:b8:a5:3b:de:b8:
         38:c8:76:ba:1e:8b:1f:c0:bb:4a:43:f0:96:90:58:fd:c0:d8:
         6e:f5:00:0c:d0:cc:da:9a:d9:a2:95:a8:5e:4b:83:28:ca:91:
         34:12:25:29:47:d7:1f:8e:99:1e:71:61:61:e5:76:fa:9f:d1:
         73:ba:95:87:67:f6:c3:20:78:6e:b5:65:fb:f4:0c:2d:23:83:
         78:7b:21:f5:1d:cd:13:38:26:a6:f2:94:b7:c5:e4:de:14:07:
         c5:b7:71:a2:64:04:de:c7:a1:84:2d:93:85:e2:ad:d7:07:d6:
         ce:62:01:c5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAcjhs6BAaDl2ic5CusiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MTdlM2RiMGQxYzJjZmMyMmI0YmU4NzRlMjU5OGRkMDk5
Mjk0ZWQwHhcNMjQwMTAyMDIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTBhODk2ZGU5ZWE1NDQ5ZjdmYjczYzEyYmZhMjZlODUxMjI2OTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk38MfjV0fV5tsjPUl0Gwwgb4OnvH
WTrGJVsrWrGbF8wwEQnNSo8kH2JQ5rZ4AiBsY14QPBIuasXAmU+nrRqSWvORNXCw
5W3+8USpBEoSBXvCvA6YUB32jS4occWtQlGDPhcdw7wfFvJc0drEX19OVSSm5wO5
nXq2OF0P1cVznUWwpRn8YwxBMNCa/wMRSWUoOxoUMArhgM/u7/cBXdOhbpDSLQfy
nM/wSakSXYhXQtU4PiGuccZPg9J0rnBrU23hKM/b7r44y1XUjfDVAl6vA7wrzbTH
/Ptn/+mjZHkD0d6QDNGWxffqcOTWqiUd8DYs5prmeZKEVKEHBCZo7d7nywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMUKiW3p6lRJ9/tzwSv6JuhRImlfMB8GA1UdIwQY
MBaAFFQX49sNHCz8IrS+h04lmN0JkpTtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJmajJ3MGNMUHdpdEw2SFRpV1kzUW1TbE8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC81MDI0OGQtODI1Yy00NWUxLWI1ZmYt
YjI5YTJjYmMzNTgwLzEveFFxSmJlbnFWRW4zLTNQQktfb202RkVpYVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC81MDI0OGQtODI1Yy00NWUxLWI1ZmYtYjI5YTJjYmMzNTgw
LzEvVkJmajJ3MGNMUHdpdEw2SFRpV1kzUW1TbE8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgIKqDAN
BgkqhkiG9w0BAQsFAAOCAQEAiQhC56tDlqA6lPVR/u9WTFLGQKqs7vjbmE7yk1TR
ocyKAqjVPdvbHu1KJbFRAy2WU2Vd76bWPihpH788BQjjgiJFOPG0LzeSZst32ntp
BjiRahVRg5TJflzVw3PW+043WnM7P/8fp/ZizZVsfLPfq+MqkofrPOJRUTFJVThu
vPP+QmGDefC767aGx7ilO964OMh2uh6LH8C7SkPwlpBY/cDYbvUADNDM2prZopWo
XkuDKMqRNBIlKUfXH46ZHnFhYeV2+p/Rc7qVh2f2wyB4brVl+/QMLSODeHsh9R3N
EzgmpvKUt8Xk3hQHxbdxomQE3sehhC2TheKt1wfWzmIBxQ==
-----END CERTIFICATE-----