Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/j9Wn70r2LCuq043U7DB0eM4wNfQ.roa
File:                     j9Wn70r2LCuq043U7DB0eM4wNfQ.roa (raw, json)
Hash identifier:          msanrrotk/IsyRJaqpc+/f2s3iAQ0p11heca5q0ntZM=
Subject key identifier:   8F:D5:A7:EF:4A:F6:2C:2B:AA:D3:8D:D4:EC:30:74:78:CE:30:35:F4
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       018CC7947A3CB887F9A45D823249C142DEBF
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/j9Wn70r2LCuq043U7DB0eM4wNfQ.roa
Signing time:             Tue 02 Jan 2024 00:30:45 +0000
ROA not before:           Tue 02 Jan 2024 00:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        2a05:bec0:40::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 23:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7a:3c:b8:87:f9:a4:5d:82:32:49:c1:42:de:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  2 00:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fd5a7ef4af62c2baad38dd4ec307478ce3035f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1a:4d:e8:54:3f:e3:b0:fa:29:cb:14:d2:86:
                    7a:67:14:e0:0e:ae:06:17:a6:79:c7:72:75:f5:0d:
                    f1:ed:0d:96:0d:2e:f0:4d:24:10:cc:38:7c:8a:b8:
                    d6:d1:10:56:5e:dd:fe:ce:36:5d:96:c4:1c:ed:1a:
                    13:6f:bf:22:1a:6e:b5:05:90:c8:f9:09:37:77:48:
                    65:2a:bc:ad:94:90:6d:e6:73:66:47:df:d4:07:9f:
                    17:9c:ac:90:db:73:c0:0a:7c:00:e9:61:40:ea:12:
                    f4:91:c4:c9:31:6c:07:3e:30:e8:d0:6a:29:ba:3e:
                    a4:ea:aa:31:7b:b7:c7:c1:46:55:5b:31:b0:21:32:
                    58:c1:fb:12:60:8b:d5:d4:8f:72:d2:63:ca:4a:23:
                    97:cd:16:a6:ea:7e:f8:97:62:20:eb:d1:fb:25:38:
                    ed:b0:6b:1d:76:dc:a0:62:4b:90:01:d9:d5:3f:93:
                    00:c3:a1:e6:93:db:a1:7c:99:47:bd:dc:f9:25:8c:
                    01:1c:67:5d:f2:52:3c:4e:ca:a6:38:c4:23:93:fd:
                    79:7c:ae:7c:89:b4:90:d7:47:6a:e9:28:07:ef:79:
                    3f:91:0f:a0:93:ba:3a:57:54:ff:85:f9:99:1e:5b:
                    6a:ab:4d:ea:07:65:8d:35:29:6b:46:f1:d8:89:33:
                    95:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D5:A7:EF:4A:F6:2C:2B:AA:D3:8D:D4:EC:30:74:78:CE:30:35:F4
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/j9Wn70r2LCuq043U7DB0eM4wNfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:bec0:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:0f:46:05:38:9f:f4:27:4c:74:43:07:b6:4d:68:f4:5e:d3:
         70:0a:dc:17:62:a5:ab:d6:42:66:73:50:4b:7f:cd:c4:a8:ba:
         00:95:93:86:11:11:85:23:72:94:2f:0f:a9:fd:8c:a4:4e:e0:
         be:73:4d:b3:6c:10:5f:47:cd:d7:dd:ac:55:cf:50:97:ed:ca:
         52:2f:9e:3c:b3:6e:c9:57:d2:ea:a4:2c:7e:ea:4d:f5:1c:1b:
         c4:48:0a:ae:df:9e:2d:25:39:ea:02:95:af:91:df:e0:ca:bb:
         b4:b5:77:74:5b:26:c5:b8:73:41:6a:1d:0a:22:ee:a0:3b:a1:
         0d:b7:18:5d:49:4f:88:b3:9e:58:51:bf:eb:ac:0a:ae:53:e7:
         a6:e2:a8:55:71:59:9a:71:49:6b:55:b4:14:a2:6a:69:a6:ec:
         b3:90:1f:16:7b:59:b4:cb:b1:55:c1:c9:a2:bc:25:f6:43:78:
         fc:f4:1f:18:71:d5:1b:8b:08:26:70:9d:4d:b9:6c:c8:b0:e7:
         cb:19:f4:fb:45:86:e0:9d:54:a7:0a:2c:7e:28:b7:dc:dd:96:
         e2:e6:ab:38:9a:3c:b3:82:46:80:8b:22:db:64:23:03:ce:1d:
         ba:90:7d:d4:ec:80:26:ce:94:96:b7:28:17:19:8d:ec:9f:e0:
         fd:d5:6a:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlHo8uIf5pF2CMknBQt6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjQwMTAyMDAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ1YTdlZjRhZjYyYzJiYWFkMzhkZDRlYzMwNzQ3OGNlMzAzNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBpN6FQ/47D6KcsU0oZ6ZxTgDq4G
F6Z5x3J19Q3x7Q2WDS7wTSQQzDh8irjW0RBWXt3+zjZdlsQc7RoTb78iGm61BZDI
+Qk3d0hlKrytlJBt5nNmR9/UB58XnKyQ23PACnwA6WFA6hL0kcTJMWwHPjDo0Gop
uj6k6qoxe7fHwUZVWzGwITJYwfsSYIvV1I9y0mPKSiOXzRam6n74l2Ig69H7JTjt
sGsddtygYkuQAdnVP5MAw6Hmk9uhfJlHvdz5JYwBHGdd8lI8TsqmOMQjk/15fK58
ibSQ10dq6SgH73k/kQ+gk7o6V1T/hfmZHltqq03qB2WNNSlrRvHYiTOVyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI/Vp+9K9iwrqtON1OwwdHjOMDX0MB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvajlXbjcwcjJMQ3VxMDQzVTdEQjBlTTR3TmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgW+wABA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/D0YFOJ/0J0x0Qwe2TWj0XtNwCtwXYqWr1kJm
c1BLf83EqLoAlZOGERGFI3KULw+p/YykTuC+c02zbBBfR83X3axVz1CX7cpSL548
s27JV9LqpCx+6k31HBvESAqu354tJTnqApWvkd/gyru0tXd0WybFuHNBah0KIu6g
O6ENtxhdSU+Is55YUb/rrAquU+em4qhVcVmacUlrVbQUompppuyzkB8We1m0y7FV
wcmivCX2Q3j89B8YcdUbiwgmcJ1NuWzIsOfLGfT7RYbgnVSnCix+KLfc3Zbi5qs4
mjyzgkaAiyLbZCMDzh26kH3U7IAmzpSWtygXGY3sn+D91Wqw
-----END CERTIFICATE-----