Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/i35fUEZ9jhydKiyskK8IaFwzC4I.roa
File:                     i35fUEZ9jhydKiyskK8IaFwzC4I.roa (raw, json)
Hash identifier:          7Doc2Ti/2kK7IEXITdeyaWW78kPdGDLLktwSTVGkxm4=
Subject key identifier:   8B:7E:5F:50:46:7D:8E:1C:9D:2A:2C:AC:90:AF:08:68:5C:33:0B:82
Certificate issuer:       /CN=2dbdb89fb4118ffa55fafdbf45e19282be0e7acf
Certificate serial:       018CC801D6EA5B9930D6757083811829F907
Authority key identifier: 2D:BD:B8:9F:B4:11:8F:FA:55:FA:FD:BF:45:E1:92:82:BE:0E:7A:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/i35fUEZ9jhydKiyskK8IaFwzC4I.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34182
IP address blocks:        2a00:5647::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d6:ea:5b:99:30:d6:75:70:83:81:18:29:f9:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dbdb89fb4118ffa55fafdbf45e19282be0e7acf
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b7e5f50467d8e1c9d2a2cac90af08685c330b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:52:26:f0:ff:a7:cb:97:3b:eb:83:a2:16:42:
                    9b:5f:d2:04:73:4c:5e:45:fc:2b:b9:92:76:10:9c:
                    c6:b3:af:da:e7:14:31:df:99:dc:5b:45:d1:59:99:
                    43:c1:d3:33:c7:70:47:54:b9:be:c4:2f:f5:ce:20:
                    d3:fd:05:03:f3:55:83:74:5f:a4:fd:79:dd:85:08:
                    20:ec:f1:70:67:f4:6f:86:e0:4a:21:d3:6f:81:3d:
                    45:db:a1:ef:d7:0f:68:ca:f4:2c:d0:37:76:a4:03:
                    04:01:22:92:da:ae:90:df:af:71:34:29:4c:16:f8:
                    8b:d8:47:45:50:76:21:13:51:84:ff:51:1f:bb:85:
                    1e:6c:32:7a:3c:a8:de:19:87:58:f3:08:6c:31:3e:
                    6e:70:6f:6f:a0:2f:9d:7c:fe:56:92:94:87:4f:5d:
                    7e:f8:a4:70:80:5c:5c:9c:e5:a2:14:da:10:79:0f:
                    d9:aa:89:66:d4:f9:68:57:30:c6:02:ae:70:a8:ca:
                    7e:99:89:db:e2:15:11:60:de:ba:52:4e:96:5f:b6:
                    c1:e9:51:9f:62:73:ea:1c:ec:f0:06:60:6e:b6:69:
                    69:8f:a5:df:84:72:4a:ea:51:6f:0d:64:60:79:e5:
                    cb:b4:46:f9:b5:c8:f0:89:d7:cb:e1:8d:5e:f3:58:
                    50:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:7E:5F:50:46:7D:8E:1C:9D:2A:2C:AC:90:AF:08:68:5C:33:0B:82
            X509v3 Authority Key Identifier:
                keyid:2D:BD:B8:9F:B4:11:8F:FA:55:FA:FD:BF:45:E1:92:82:BE:0E:7A:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/i35fUEZ9jhydKiyskK8IaFwzC4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:5647::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:04:9c:c2:fb:d9:2c:43:2d:c3:79:b3:fc:40:86:13:d4:b3:
         28:f2:a4:7f:22:87:4a:96:75:5a:a0:88:02:56:7d:d1:c0:92:
         bc:af:f2:95:ef:99:e6:35:40:e8:5d:20:ba:27:f0:d4:ab:29:
         f4:af:c1:7c:02:dd:ff:60:15:30:c6:ec:90:98:8e:ed:b7:7f:
         10:77:03:39:a1:93:e0:d6:3e:10:a5:d8:75:7d:13:75:75:c9:
         6a:c8:e2:0a:73:73:40:11:5e:c6:33:02:8f:8c:c4:1c:bc:6e:
         3d:fd:76:07:4a:12:9c:cb:45:3d:a5:e9:32:ba:88:98:82:c4:
         74:2a:aa:e9:9f:eb:03:2f:97:9a:d0:cc:13:49:23:3b:7d:51:
         1d:2a:c9:87:c9:c6:e7:4b:31:d4:ba:f1:f7:a2:33:d0:4d:8f:
         b3:de:80:a0:bc:fa:3b:25:e4:ae:a7:d3:67:7d:1c:48:c1:a9:
         a4:4d:56:be:1c:81:e9:d0:19:a4:26:4a:84:58:56:88:a4:e4:
         13:25:3a:b1:87:1f:5e:45:a5:4f:ef:66:9d:da:9d:07:45:c6:
         1b:ee:7d:52:f7:32:23:c8:f9:52:4b:cd:54:eb:2c:f8:45:f0:
         03:f1:e7:f8:6a:6e:9f:90:7c:98:49:60:cd:e1:91:94:24:45:
         f7:f6:4e:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAdbqW5kw1nVwg4EYKfkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYmRiODlmYjQxMThmZmE1NWZhZmRiZjQ1ZTE5MjgyYmUw
ZTdhY2YwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjdlNWY1MDQ2N2Q4ZTFjOWQyYTJjYWM5MGFmMDg2ODVjMzMwYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFIm8P+ny5c764OiFkKbX9IEc0xe
RfwruZJ2EJzGs6/a5xQx35ncW0XRWZlDwdMzx3BHVLm+xC/1ziDT/QUD81WDdF+k
/XndhQgg7PFwZ/RvhuBKIdNvgT1F26Hv1w9oyvQs0Dd2pAMEASKS2q6Q369xNClM
FviL2EdFUHYhE1GE/1Efu4UebDJ6PKjeGYdY8whsMT5ucG9voC+dfP5WkpSHT11+
+KRwgFxcnOWiFNoQeQ/Zqolm1PloVzDGAq5wqMp+mYnb4hURYN66Uk6WX7bB6VGf
YnPqHOzwBmButmlpj6XfhHJK6lFvDWRgeeXLtEb5tcjwidfL4Y1e81hQtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIt+X1BGfY4cnSosrJCvCGhcMwuCMB8GA1UdIwQY
MBaAFC29uJ+0EY/6Vfr9v0XhkoK+DnrPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGIyNG43UVJqX3BWLXYyX1JlR1NncjRPZXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mMDBjY2MtZWMzZi00MGRmLWE5ZmMt
N2NjNzk5MTczMDBhLzEvaTM1ZlVFWjlqaHlkS2l5c2tLOElhRnd6QzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mMDBjY2MtZWMzZi00MGRmLWE5ZmMtN2NjNzk5MTczMDBh
LzEvTGIyNG43UVJqX3BWLXYyX1JlR1NncjRPZXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgBWRzAN
BgkqhkiG9w0BAQsFAAOCAQEAcAScwvvZLEMtw3mz/ECGE9SzKPKkfyKHSpZ1WqCI
AlZ90cCSvK/yle+Z5jVA6F0guifw1Ksp9K/BfALd/2AVMMbskJiO7bd/EHcDOaGT
4NY+EKXYdX0TdXXJasjiCnNzQBFexjMCj4zEHLxuPf12B0oSnMtFPaXpMrqImILE
dCqq6Z/rAy+XmtDME0kjO31RHSrJh8nG50sx1Lrx96Iz0E2Ps96AoLz6OyXkrqfT
Z30cSMGppE1WvhyB6dAZpCZKhFhWiKTkEyU6sYcfXkWlT+9mndqdB0XGG+59Uvcy
I8j5UkvNVOss+EXwA/Hn+Gpun5B8mElgzeGRlCRF9/ZO7w==
-----END CERTIFICATE-----