Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/944f09-406e-4985-9929-36e0c8afe26a/1/rmTw4bo4YPxI3-oLW9DEHu3wUwI.roa
File:                     rmTw4bo4YPxI3-oLW9DEHu3wUwI.roa (raw, json)
Hash identifier:          oz9l5/UHiBxbKnkQImNW14CCzH/+iZEybxkAkjFgxZA=
Subject key identifier:   AE:64:F0:E1:BA:38:60:FC:48:DF:EA:0B:5B:D0:C4:1E:ED:F0:53:02
Certificate issuer:       /CN=f27c93ddb1a17151c56f22dcaf31dd8229463742
Certificate serial:       018CC64B0BF724AFA41C0EE8B78654E28A71
Authority key identifier: F2:7C:93:DD:B1:A1:71:51:C5:6F:22:DC:AF:31:DD:82:29:46:37:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8nyT3bGhcVHFbyLcrzHdgilGN0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/944f09-406e-4985-9929-36e0c8afe26a/1/rmTw4bo4YPxI3-oLW9DEHu3wUwI.roa
Signing time:             Mon 01 Jan 2024 18:30:56 +0000
ROA not before:           Mon 01 Jan 2024 18:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202352
IP address blocks:        2a05:6584::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/944f09-406e-4985-9929-36e0c8afe26a/1/8nyT3bGhcVHFbyLcrzHdgilGN0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/944f09-406e-4985-9929-36e0c8afe26a/1/8nyT3bGhcVHFbyLcrzHdgilGN0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8nyT3bGhcVHFbyLcrzHdgilGN0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0b:f7:24:af:a4:1c:0e:e8:b7:86:54:e2:8a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f27c93ddb1a17151c56f22dcaf31dd8229463742
        Validity
            Not Before: Jan  1 18:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae64f0e1ba3860fc48dfea0b5bd0c41eedf05302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:21:e0:a6:80:8a:a4:c7:fe:80:63:4d:be:c2:
                    f3:3c:a2:4e:e4:22:28:fb:83:01:3c:03:5b:e0:04:
                    53:40:3a:38:cc:16:de:9c:13:99:a5:61:49:5e:36:
                    fd:56:96:42:9f:2c:5f:ce:99:68:50:3f:db:03:19:
                    b2:42:f0:a3:0a:66:cc:4d:71:4d:46:f6:d2:b2:ec:
                    3b:57:b6:e8:66:0b:0f:26:77:5a:f5:80:98:fb:1e:
                    ab:f0:d6:f4:a4:5a:1f:1d:c2:ad:d0:d3:bd:e0:b2:
                    b9:47:43:cd:16:87:b9:dc:71:8c:af:b6:df:0d:97:
                    51:62:bd:78:0f:70:be:ff:67:a1:89:75:1e:5c:b5:
                    fc:4c:d6:4f:77:10:be:bc:a0:42:26:da:be:d5:0f:
                    a7:48:4a:52:b5:cc:d9:d6:5c:2d:6e:f9:08:09:7f:
                    c7:fd:7b:f4:2f:2f:00:ae:d7:d8:14:52:63:95:ff:
                    98:35:56:8b:4c:32:78:f2:4b:27:29:2b:b2:c4:e2:
                    3c:91:3d:90:32:09:c8:33:e1:7f:14:9c:03:d9:ce:
                    92:ef:5e:e5:d3:ed:7f:e2:c1:d0:e7:76:8d:91:21:
                    94:0a:ef:a3:3c:ab:9c:62:4e:27:d1:d7:6f:ea:54:
                    c9:f4:11:d1:da:36:55:d5:9c:f6:16:e1:7a:8d:be:
                    5a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:64:F0:E1:BA:38:60:FC:48:DF:EA:0B:5B:D0:C4:1E:ED:F0:53:02
            X509v3 Authority Key Identifier:
                keyid:F2:7C:93:DD:B1:A1:71:51:C5:6F:22:DC:AF:31:DD:82:29:46:37:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8nyT3bGhcVHFbyLcrzHdgilGN0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/944f09-406e-4985-9929-36e0c8afe26a/1/rmTw4bo4YPxI3-oLW9DEHu3wUwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/944f09-406e-4985-9929-36e0c8afe26a/1/8nyT3bGhcVHFbyLcrzHdgilGN0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6584::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:08:16:79:3b:22:7d:9b:82:cd:8f:37:3f:d8:21:01:d4:03:
         98:49:b4:42:69:64:f6:c7:03:22:53:d5:51:66:0b:fa:83:a9:
         6a:39:18:a3:99:d8:dd:74:db:4e:aa:de:09:85:f0:38:bb:f4:
         5d:26:ac:36:68:0d:ce:18:4a:fc:61:23:4d:9f:6c:50:ac:ca:
         5d:e8:17:7a:16:ef:3f:be:33:52:74:a6:1f:18:d9:76:a8:e3:
         63:26:18:49:a0:d2:d8:a9:18:44:c2:f5:36:c8:7d:a9:e1:bd:
         a4:b4:5c:2b:12:51:bf:58:c4:39:a9:74:fe:5e:28:7b:87:4f:
         66:5a:48:d8:d2:c9:73:89:db:66:ad:f7:2b:4a:8c:19:63:f2:
         84:38:18:d2:b9:65:ea:32:93:bf:da:e4:86:53:99:82:c8:df:
         67:34:ca:56:30:d7:7b:0f:2a:41:fb:cb:ca:28:6e:22:34:2a:
         31:d4:0e:98:34:25:71:13:38:fe:86:54:c7:79:06:ab:68:10:
         62:1f:94:d2:df:ea:41:6f:3f:ec:b9:92:a0:85:45:ea:b7:30:
         65:74:43:fd:e7:1d:24:53:3e:d5:9f:84:7e:c7:a2:b3:cb:1a:
         4f:16:bc:fd:9d:80:c1:4e:cc:d2:75:47:70:56:e8:c2:0d:00:
         dc:07:1b:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSwv3JK+kHA7ot4ZU4opxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyN2M5M2RkYjFhMTcxNTFjNTZmMjJkY2FmMzFkZDgyMjk0
NjM3NDIwHhcNMjQwMTAxMTgzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTY0ZjBlMWJhMzg2MGZjNDhkZmVhMGI1YmQwYzQxZWVkZjA1MzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCHgpoCKpMf+gGNNvsLzPKJO5CIo
+4MBPANb4ARTQDo4zBbenBOZpWFJXjb9VpZCnyxfzploUD/bAxmyQvCjCmbMTXFN
RvbSsuw7V7boZgsPJnda9YCY+x6r8Nb0pFofHcKt0NO94LK5R0PNFoe53HGMr7bf
DZdRYr14D3C+/2ehiXUeXLX8TNZPdxC+vKBCJtq+1Q+nSEpStczZ1lwtbvkICX/H
/Xv0Ly8ArtfYFFJjlf+YNVaLTDJ48ksnKSuyxOI8kT2QMgnIM+F/FJwD2c6S717l
0+1/4sHQ53aNkSGUCu+jPKucYk4n0ddv6lTJ9BHR2jZV1Zz2FuF6jb5a3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK5k8OG6OGD8SN/qC1vQxB7t8FMCMB8GA1UdIwQY
MBaAFPJ8k92xoXFRxW8i3K8x3YIpRjdCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG55VDNiR2hjVkhGYnlMY3J6SGRnaWxHTjBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS85NDRmMDktNDA2ZS00OTg1LTk5Mjkt
MzZlMGM4YWZlMjZhLzEvcm1UdzRibzRZUHhJMy1vTFc5REVIdTN3VXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS85NDRmMDktNDA2ZS00OTg1LTk5MjktMzZlMGM4YWZlMjZh
LzEvOG55VDNiR2hjVkhGYnlMY3J6SGRnaWxHTjBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgVlhDAN
BgkqhkiG9w0BAQsFAAOCAQEAVggWeTsifZuCzY83P9ghAdQDmEm0Qmlk9scDIlPV
UWYL+oOpajkYo5nY3XTbTqreCYXwOLv0XSasNmgNzhhK/GEjTZ9sUKzKXegXehbv
P74zUnSmHxjZdqjjYyYYSaDS2KkYRML1Nsh9qeG9pLRcKxJRv1jEOal0/l4oe4dP
ZlpI2NLJc4nbZq33K0qMGWPyhDgY0rll6jKTv9rkhlOZgsjfZzTKVjDXew8qQfvL
yihuIjQqMdQOmDQlcRM4/oZUx3kGq2gQYh+U0t/qQW8/7LmSoIVF6rcwZXRD/ecd
JFM+1Z+Efseis8saTxa8/Z2AwU7M0nVHcFbowg0A3AcbHw==
-----END CERTIFICATE-----