Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/B0h1LYdTGmfTDXisei44Tt_CYGU.roa
File:                     B0h1LYdTGmfTDXisei44Tt_CYGU.roa (raw, json)
Hash identifier:          ciHrUt/kCaTw616Bs/lDlXOndPsgZ9xlWE8zTrOUTjw=
Subject key identifier:   07:48:75:2D:87:53:1A:67:D3:0D:78:AC:7A:2E:38:4E:DF:C2:60:65
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       019111C629E8CAFF5DD106C671AC149CCD50
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/B0h1LYdTGmfTDXisei44Tt_CYGU.roa
Signing time:             Fri 02 Aug 2024 06:28:05 +0000
ROA not before:           Fri 02 Aug 2024 06:28:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        2a05:b0c4:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:11:c6:29:e8:ca:ff:5d:d1:06:c6:71:ac:14:9c:cd:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Aug  2 06:28:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0748752d87531a67d30d78ac7a2e384edfc26065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:89:89:2f:7e:13:2b:39:89:9f:1d:0f:02:59:
                    5e:c6:42:a3:03:37:a6:6b:bd:f1:ab:7b:f0:e6:cf:
                    c5:9f:87:cd:ac:21:b9:31:2c:06:dd:bd:d0:fd:ec:
                    d1:42:0e:90:4b:ea:9a:9d:d9:ff:83:34:7d:86:ac:
                    1c:55:ef:0b:c4:eb:9f:b8:98:62:0d:bb:0f:3a:70:
                    82:5b:20:ef:98:64:e2:7a:8e:76:d8:ed:e8:0d:80:
                    42:15:87:5d:99:32:26:46:69:5a:5f:1e:10:8c:26:
                    5e:9d:46:55:bc:e4:de:da:cd:e4:3b:70:40:ea:39:
                    7c:fc:25:e1:bf:57:32:a9:a9:45:ab:69:69:2b:0a:
                    b2:9b:7f:39:95:55:1e:7a:72:0f:36:36:90:60:63:
                    85:9c:d9:4c:5a:13:12:de:6c:55:9d:fd:a9:6a:28:
                    40:5d:3a:f1:81:6d:50:d8:80:62:77:60:47:e1:cf:
                    54:a8:1b:cb:52:f7:11:ce:27:f6:1c:14:b0:e7:b5:
                    ba:3b:55:6a:06:1c:50:84:3e:a6:f9:e3:d0:22:17:
                    41:4d:5d:7e:a7:61:8c:a4:a9:41:5e:3a:d0:9b:95:
                    62:cc:1c:96:84:d7:c5:63:a4:4a:58:fd:bc:57:26:
                    20:1d:da:91:86:7e:be:7d:40:37:af:b1:14:06:13:
                    cb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:48:75:2D:87:53:1A:67:D3:0D:78:AC:7A:2E:38:4E:DF:C2:60:65
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/B0h1LYdTGmfTDXisei44Tt_CYGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c4:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:30:22:c4:c6:c5:f1:00:1a:05:d3:db:f2:48:20:23:eb:51:
         04:64:c2:5d:80:45:bf:36:6e:0a:d8:07:52:90:e9:80:11:03:
         91:62:e5:17:07:99:4b:a3:46:60:28:09:68:e6:11:22:b0:e5:
         59:c8:15:b5:30:f5:26:55:6a:40:41:4c:8f:7b:87:20:f0:76:
         52:1f:fd:af:33:03:6d:b8:4f:77:9f:65:ba:ad:b8:cf:c9:52:
         bf:43:31:f9:51:25:17:e1:1e:81:a9:86:ed:ea:ea:78:6a:14:
         9a:76:05:8f:3b:65:a0:12:6b:ef:26:81:6f:9e:fd:4c:2d:09:
         62:aa:cf:09:3b:e9:a9:6d:ec:67:62:e2:66:96:fd:7e:b6:be:
         4f:13:a8:0d:f2:f6:cb:f8:2b:aa:f7:61:68:26:01:83:36:74:
         58:7f:73:17:96:a2:90:58:6d:a7:28:11:4d:82:e7:ec:02:56:
         a2:a2:4e:0d:01:54:1a:39:11:69:42:28:ed:35:6c:9d:e1:2a:
         cf:ba:48:f9:49:67:e5:6c:09:d6:fa:86:5a:fb:71:d3:80:4d:
         f9:54:35:a4:7a:85:72:0e:31:97:52:34:b4:c3:51:94:37:a6:
         78:21:b0:97:f2:42:8b:c9:7a:64:09:af:f2:22:d7:e4:5e:65:
         3c:b2:d5:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZERxinoyv9d0QbGcawUnM1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwODAyMDYyODA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQ4NzUyZDg3NTMxYTY3ZDMwZDc4YWM3YTJlMzg0ZWRmYzI2MDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5omJL34TKzmJnx0PAllexkKjAzem
a73xq3vw5s/Fn4fNrCG5MSwG3b3Q/ezRQg6QS+qandn/gzR9hqwcVe8LxOufuJhi
DbsPOnCCWyDvmGTieo522O3oDYBCFYddmTImRmlaXx4QjCZenUZVvOTe2s3kO3BA
6jl8/CXhv1cyqalFq2lpKwqym385lVUeenIPNjaQYGOFnNlMWhMS3mxVnf2paihA
XTrxgW1Q2IBid2BH4c9UqBvLUvcRzif2HBSw57W6O1VqBhxQhD6m+ePQIhdBTV1+
p2GMpKlBXjrQm5VizByWhNfFY6RKWP28VyYgHdqRhn6+fUA3r7EUBhPL7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAdIdS2HUxpn0w14rHouOE7fwmBlMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvQjBoMUxZZFRHbWZURFhpc2VpNDRUdF9DWUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWwxAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQAhMCLExsXxABoF09vySCAj61EEZMJdgEW/Nm4K
2AdSkOmAEQORYuUXB5lLo0ZgKAlo5hEisOVZyBW1MPUmVWpAQUyPe4cg8HZSH/2v
MwNtuE93n2W6rbjPyVK/QzH5USUX4R6BqYbt6up4ahSadgWPO2WgEmvvJoFvnv1M
LQliqs8JO+mpbexnYuJmlv1+tr5PE6gN8vbL+Cuq92FoJgGDNnRYf3MXlqKQWG2n
KBFNgufsAlaiok4NAVQaORFpQijtNWyd4SrPukj5SWflbAnW+oZa+3HTgE35VDWk
eoVyDjGXUjS0w1GUN6Z4IbCX8kKLyXpkCa/yItfkXmU8stX/
-----END CERTIFICATE-----