Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/rZmaLpcqcSkKM4ILKOJsTJCJ5cE.roa
File:                     rZmaLpcqcSkKM4ILKOJsTJCJ5cE.roa (raw, json)
Hash identifier:          dh5ZkBNbQ9ibgUH6g9x3WljDbHYC3mClXjwKi2ucJFE=
Subject key identifier:   AD:99:9A:2E:97:2A:71:29:0A:33:82:0B:28:E2:6C:4C:90:89:E5:C1
Certificate issuer:       /CN=53e32c5f895fb12e6d674e0b16f6eee5e512645d
Certificate serial:       018CC26CF14052210E484165E558B4F7403E
Authority key identifier: 53:E3:2C:5F:89:5F:B1:2E:6D:67:4E:0B:16:F6:EE:E5:E5:12:64:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U-MsX4lfsS5tZ04LFvbu5eUSZF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/rZmaLpcqcSkKM4ILKOJsTJCJ5cE.roa
Signing time:             Mon 01 Jan 2024 00:29:28 +0000
ROA not before:           Mon 01 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41737
IP address blocks:        2a0e:9b80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/U-MsX4lfsS5tZ04LFvbu5eUSZF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/U-MsX4lfsS5tZ04LFvbu5eUSZF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U-MsX4lfsS5tZ04LFvbu5eUSZF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f1:40:52:21:0e:48:41:65:e5:58:b4:f7:40:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53e32c5f895fb12e6d674e0b16f6eee5e512645d
        Validity
            Not Before: Jan  1 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad999a2e972a71290a33820b28e26c4c9089e5c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:66:31:f1:d5:c8:e3:c5:1a:fd:bf:5b:26:ee:
                    07:80:84:f0:0b:fc:99:87:cb:49:1b:5b:12:aa:d0:
                    e4:ad:61:b8:1e:cb:5f:63:00:45:4a:a6:72:28:84:
                    11:2f:3a:62:84:60:b5:8c:d1:d4:61:47:38:44:d0:
                    8a:4a:fc:93:a5:6f:53:00:0d:99:02:bf:a8:ab:b5:
                    66:47:5e:ee:8c:71:75:0d:56:2e:22:f4:b0:8d:92:
                    25:f9:60:11:f3:7c:33:c8:a0:94:cf:6c:df:1a:f8:
                    e1:38:1e:e9:5e:e6:57:cd:fe:86:94:13:b1:6d:05:
                    a2:3f:a5:e4:f7:be:94:84:94:f6:d7:f7:ef:d2:81:
                    23:88:c0:5a:0d:87:9e:49:4f:45:ea:52:b5:88:8d:
                    f6:01:45:95:aa:9a:ad:5b:70:43:9d:d0:b1:06:11:
                    d1:83:a6:4b:40:71:d0:fc:b4:87:44:34:a1:05:cc:
                    8f:53:c4:3d:fd:ad:02:28:82:42:f8:66:7e:45:df:
                    c2:8c:f6:6b:8a:32:48:62:0f:62:d1:bc:76:50:d1:
                    ad:67:84:c5:86:24:4f:0f:0a:51:08:6e:91:d1:70:
                    63:55:a0:f8:54:5f:08:ec:8f:d5:91:6e:b1:ce:08:
                    d1:ab:74:93:fe:e5:65:53:f8:8f:0f:f1:b4:2f:1b:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:99:9A:2E:97:2A:71:29:0A:33:82:0B:28:E2:6C:4C:90:89:E5:C1
            X509v3 Authority Key Identifier:
                keyid:53:E3:2C:5F:89:5F:B1:2E:6D:67:4E:0B:16:F6:EE:E5:E5:12:64:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U-MsX4lfsS5tZ04LFvbu5eUSZF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/rZmaLpcqcSkKM4ILKOJsTJCJ5cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/865f08-4633-4edc-bc8d-3084f767c2b6/1/U-MsX4lfsS5tZ04LFvbu5eUSZF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:49:94:18:5b:c5:31:0c:af:8e:bb:f7:7c:02:01:a3:0f:7e:
         58:f7:06:50:1c:ac:20:57:a8:da:b3:99:ff:15:f3:12:45:58:
         38:e6:6e:77:bd:9c:eb:f0:bc:ef:b9:d7:76:ee:f7:05:80:a6:
         26:d4:87:89:35:4e:c0:7c:05:4a:4a:60:02:fd:75:ee:06:4a:
         d2:53:12:6a:d8:d0:c5:c1:03:13:15:09:4d:41:5c:17:5a:a0:
         9a:2e:5f:2c:24:b4:2c:28:38:66:ce:4d:c6:f2:60:30:eb:49:
         df:56:c7:61:75:7b:9a:5b:b3:3c:7e:b7:65:c8:00:74:7d:25:
         99:80:0b:d6:29:ef:f2:1e:e4:ec:90:8a:a4:cc:ac:f8:06:66:
         72:77:3a:71:6e:98:67:04:fa:ba:21:aa:85:da:82:fe:39:6a:
         9e:84:09:77:b5:7c:bf:40:e0:49:2c:d1:85:56:b9:21:2c:95:
         54:46:6a:cb:d6:e2:90:71:44:ac:39:83:de:58:d8:0b:b5:61:
         79:f3:4c:ac:df:0e:8a:85:99:0d:7e:86:05:b4:05:57:76:3f:
         ac:b2:7a:cb:1c:b8:a7:e9:88:d2:d3:f7:15:ce:9c:49:0e:35:
         81:f4:06:6f:a2:ac:4c:4b:39:58:46:17:ff:de:ca:e0:9d:4e:
         97:7c:51:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbPFAUiEOSEFl5Vi090A+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZTMyYzVmODk1ZmIxMmU2ZDY3NGUwYjE2ZjZlZWU1ZTUx
MjY0NWQwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk5OWEyZTk3MmE3MTI5MGEzMzgyMGIyOGUyNmM0YzkwODllNWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGYx8dXI48Ua/b9bJu4HgITwC/yZ
h8tJG1sSqtDkrWG4HstfYwBFSqZyKIQRLzpihGC1jNHUYUc4RNCKSvyTpW9TAA2Z
Ar+oq7VmR17ujHF1DVYuIvSwjZIl+WAR83wzyKCUz2zfGvjhOB7pXuZXzf6GlBOx
bQWiP6Xk976UhJT21/fv0oEjiMBaDYeeSU9F6lK1iI32AUWVqpqtW3BDndCxBhHR
g6ZLQHHQ/LSHRDShBcyPU8Q9/a0CKIJC+GZ+Rd/CjPZrijJIYg9i0bx2UNGtZ4TF
hiRPDwpRCG6R0XBjVaD4VF8I7I/VkW6xzgjRq3ST/uVlU/iPD/G0LxuUMQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK2Zmi6XKnEpCjOCCyjibEyQieXBMB8GA1UdIwQY
MBaAFFPjLF+JX7EubWdOCxb27uXlEmRdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVS1Nc1g0bGZzUzV0WjA0TEZ2YnU1ZVVTWkYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy84NjVmMDgtNDYzMy00ZWRjLWJjOGQt
MzA4NGY3NjdjMmI2LzEvclptYUxwY3FjU2tLTTRJTEtPSnNUSkNKNWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy84NjVmMDgtNDYzMy00ZWRjLWJjOGQtMzA4NGY3NjdjMmI2
LzEvVS1Nc1g0bGZzUzV0WjA0TEZ2YnU1ZVVTWkYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6bgDAN
BgkqhkiG9w0BAQsFAAOCAQEAs0mUGFvFMQyvjrv3fAIBow9+WPcGUBysIFeo2rOZ
/xXzEkVYOOZud72c6/C877nXdu73BYCmJtSHiTVOwHwFSkpgAv117gZK0lMSatjQ
xcEDExUJTUFcF1qgmi5fLCS0LCg4Zs5NxvJgMOtJ31bHYXV7mluzPH63ZcgAdH0l
mYAL1inv8h7k7JCKpMys+AZmcnc6cW6YZwT6uiGqhdqC/jlqnoQJd7V8v0DgSSzR
hVa5ISyVVEZqy9bikHFErDmD3ljYC7VhefNMrN8OioWZDX6GBbQFV3Y/rLJ6yxy4
p+mI0tP3Fc6cSQ41gfQGb6KsTEs5WEYX/97K4J1Ol3xRdw==
-----END CERTIFICATE-----