Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d5f14f-2705-42ec-900f-6934cafb6bcd/1/acgNHn3NDFSibEMSVIeJfy12OrI.roa
File:                     acgNHn3NDFSibEMSVIeJfy12OrI.roa (raw, json)
Hash identifier:          3noDiwXbc9+G2e4tdlDTuzo/AfsAPbx3axFcJuQj/N8=
Subject key identifier:   69:C8:0D:1E:7D:CD:0C:54:A2:6C:43:12:54:87:89:7F:2D:76:3A:B2
Certificate issuer:       /CN=6a5d410f425d35e74d456f7f87bae8ed92b3c829
Certificate serial:       018CC8DE84794BAD6B24A1E4E6636174026B
Authority key identifier: 6A:5D:41:0F:42:5D:35:E7:4D:45:6F:7F:87:BA:E8:ED:92:B3:C8:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/al1BD0JdNedNRW9_h7ro7ZKzyCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d5f14f-2705-42ec-900f-6934cafb6bcd/1/acgNHn3NDFSibEMSVIeJfy12OrI.roa
Signing time:             Tue 02 Jan 2024 06:31:15 +0000
ROA not before:           Tue 02 Jan 2024 06:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        144.41.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/d5f14f-2705-42ec-900f-6934cafb6bcd/1/al1BD0JdNedNRW9_h7ro7ZKzyCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/d5f14f-2705-42ec-900f-6934cafb6bcd/1/al1BD0JdNedNRW9_h7ro7ZKzyCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/al1BD0JdNedNRW9_h7ro7ZKzyCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:84:79:4b:ad:6b:24:a1:e4:e6:63:61:74:02:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5d410f425d35e74d456f7f87bae8ed92b3c829
        Validity
            Not Before: Jan  2 06:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c80d1e7dcd0c54a26c43125487897f2d763ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4c:57:8e:7e:4d:6f:5a:79:60:2b:dd:76:38:
                    78:36:00:75:43:10:7c:86:8b:eb:b8:63:df:05:a5:
                    32:0d:fe:39:3b:37:7c:9c:b4:a1:8d:43:b4:b2:78:
                    5c:75:83:41:fe:86:84:6e:76:6e:4d:a0:53:63:c8:
                    46:5c:c3:9e:27:31:53:8e:19:32:ca:d4:ef:7f:c3:
                    d8:09:8d:53:1d:85:97:cf:eb:7b:fa:90:b3:85:f1:
                    24:7c:41:4d:ff:46:bf:b7:1e:db:96:40:19:39:9b:
                    ad:02:32:9a:77:69:b6:8f:6d:e8:9e:a5:d8:9c:87:
                    4a:5e:f4:ef:b2:0e:00:7a:10:e3:e7:05:c3:21:2d:
                    28:8e:d2:99:8c:c5:75:44:2e:17:f0:90:26:77:4d:
                    c3:41:96:05:23:4d:7b:cc:70:c5:c0:72:a6:c0:14:
                    35:0b:35:7a:01:2e:db:2c:94:cd:1c:c4:73:73:78:
                    04:dc:a0:72:18:f6:22:a2:73:6b:f7:d4:b9:c4:72:
                    4c:24:25:a8:ea:e8:06:00:22:da:7f:24:cc:df:c6:
                    2b:a6:f1:e1:6c:3d:0a:07:dc:e1:69:99:cd:8b:30:
                    7d:8d:f0:e5:0e:b7:77:b4:fa:dc:3f:bd:9b:cc:e9:
                    f5:4d:ce:77:a6:c4:d7:85:3c:dc:a6:f6:0e:d0:b9:
                    15:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C8:0D:1E:7D:CD:0C:54:A2:6C:43:12:54:87:89:7F:2D:76:3A:B2
            X509v3 Authority Key Identifier:
                keyid:6A:5D:41:0F:42:5D:35:E7:4D:45:6F:7F:87:BA:E8:ED:92:B3:C8:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/al1BD0JdNedNRW9_h7ro7ZKzyCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d5f14f-2705-42ec-900f-6934cafb6bcd/1/acgNHn3NDFSibEMSVIeJfy12OrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d5f14f-2705-42ec-900f-6934cafb6bcd/1/al1BD0JdNedNRW9_h7ro7ZKzyCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.41.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:d6:51:28:fe:28:05:7e:ac:ee:7a:57:15:8c:d5:83:cf:e6:
         97:9c:b3:86:25:59:6a:da:a2:af:59:94:10:4f:48:45:49:f3:
         86:a5:8e:b6:64:d9:06:a6:df:76:48:6f:ff:74:5f:01:00:f3:
         13:0a:9b:cc:e9:4b:d4:f6:68:83:1b:da:8c:d3:38:d4:39:81:
         a2:94:8c:2c:db:a2:68:83:62:3b:ec:95:2a:2a:61:f5:dc:da:
         1f:e0:6c:d0:5d:e4:ef:5e:d4:ce:b2:4f:af:b0:b4:c7:82:59:
         e1:4e:2b:74:83:6f:59:61:c6:80:a2:00:4b:c8:51:d1:da:c5:
         0d:92:2f:1b:20:21:b0:48:cd:ce:13:63:4c:49:f4:ee:78:aa:
         2d:6f:ba:72:25:b4:e7:6c:6c:69:61:c3:4a:dc:af:03:32:09:
         31:9c:21:2f:9f:f4:4f:f9:9d:a6:3f:33:79:85:2d:ca:0a:9a:
         d2:95:2f:64:06:02:08:30:0d:aa:a3:5e:a4:bc:b5:0b:a2:3e:
         79:30:3b:2e:a9:61:1f:1e:bc:74:ec:1a:be:de:7c:09:91:dd:
         15:8a:ae:40:0f:a6:97:97:c0:6b:7e:f2:7c:13:a4:b3:00:07:
         7a:de:c8:79:c3:61:da:6d:79:0a:c2:39:b6:b8:65:1e:18:e7:
         1b:b0:36:7e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzI3oR5S61rJKHk5mNhdAJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNWQ0MTBmNDI1ZDM1ZTc0ZDQ1NmY3Zjg3YmFlOGVkOTJi
M2M4MjkwHhcNMjQwMTAyMDYzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM4MGQxZTdkY2QwYzU0YTI2YzQzMTI1NDg3ODk3ZjJkNzYzYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0xXjn5Nb1p5YCvddjh4NgB1QxB8
hovruGPfBaUyDf45Ozd8nLShjUO0snhcdYNB/oaEbnZuTaBTY8hGXMOeJzFTjhky
ytTvf8PYCY1THYWXz+t7+pCzhfEkfEFN/0a/tx7blkAZOZutAjKad2m2j23onqXY
nIdKXvTvsg4AehDj5wXDIS0ojtKZjMV1RC4X8JAmd03DQZYFI017zHDFwHKmwBQ1
CzV6AS7bLJTNHMRzc3gE3KByGPYionNr99S5xHJMJCWo6ugGACLafyTM38YrpvHh
bD0KB9zhaZnNizB9jfDlDrd3tPrcP72bzOn1Tc53psTXhTzcpvYO0LkVswIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGnIDR59zQxUomxDElSHiX8tdjqyMB8GA1UdIwQY
MBaAFGpdQQ9CXTXnTUVvf4e66O2Ss8gpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWwxQkQwSmROZWROUlc5X2g3cm83Wkt6eUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kNWYxNGYtMjcwNS00MmVjLTkwMGYt
NjkzNGNhZmI2YmNkLzEvYWNnTkhuM05ERlNpYkVNU1ZJZUpmeTEyT3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kNWYxNGYtMjcwNS00MmVjLTkwMGYtNjkzNGNhZmI2YmNk
LzEvYWwxQkQwSmROZWROUlc5X2g3cm83Wkt6eUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkCkwDQYJ
KoZIhvcNAQELBQADggEBADLWUSj+KAV+rO56VxWM1YPP5pecs4YlWWraoq9ZlBBP
SEVJ84aljrZk2Qam33ZIb/90XwEA8xMKm8zpS9T2aIMb2ozTONQ5gaKUjCzbomiD
YjvslSoqYfXc2h/gbNBd5O9e1M6yT6+wtMeCWeFOK3SDb1lhxoCiAEvIUdHaxQ2S
LxsgIbBIzc4TY0xJ9O54qi1vunIltOdsbGlhw0rcrwMyCTGcIS+f9E/5naY/M3mF
LcoKmtKVL2QGAggwDaqjXqS8tQuiPnkwOy6pYR8evHTsGr7efAmR3RWKrkAPppeX
wGt+8nwTpLMAB3reyHnDYdpteQrCOba4ZR4Y5xuwNn4=
-----END CERTIFICATE-----