Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/ulA_xGy4A-myACCrYvdwgPYpe1g.roa
File:                     ulA_xGy4A-myACCrYvdwgPYpe1g.roa (raw, json)
Hash identifier:          RZaaeVZQmYLh6J8s0k0YMA3vkGv6cx/ZshXp1fgw9P0=
Subject key identifier:   BA:50:3F:C4:6C:B8:03:E9:B2:00:20:AB:62:F7:70:80:F6:29:7B:58
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       018D3A3E831D633CE8B593C0C6F6AFAD8308
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/ulA_xGy4A-myACCrYvdwgPYpe1g.roa
Signing time:             Wed 24 Jan 2024 06:53:11 +0000
ROA not before:           Wed 24 Jan 2024 06:53:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a04:5b81:2120::/44 maxlen: 48
                          2a04:5b82:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:3e:83:1d:63:3c:e8:b5:93:c0:c6:f6:af:ad:83:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jan 24 06:53:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba503fc46cb803e9b20020ab62f77080f6297b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ff:9f:81:d2:b3:87:98:ec:f0:e2:0a:d7:f9:
                    8d:ed:09:1b:6b:4b:82:7d:6d:c1:f4:96:82:eb:e0:
                    e1:6a:0c:81:12:15:99:8d:29:91:b2:09:a5:90:57:
                    3e:a2:f4:12:5a:5d:e7:ee:8b:31:fb:d1:c1:c5:2d:
                    c1:6f:91:cf:24:0f:63:12:11:f7:34:84:b1:b0:2e:
                    52:e2:df:9f:3b:c8:81:53:fc:ed:a4:9c:d2:35:07:
                    dd:de:38:f1:a3:73:17:44:f1:07:6e:fa:27:4b:d6:
                    39:37:79:75:5d:11:a5:73:78:36:80:5c:d1:ba:b2:
                    96:7d:29:6b:ec:90:d0:73:dd:08:0a:0f:4e:fe:bc:
                    af:6d:20:27:01:62:e4:29:50:dc:63:04:24:7a:c8:
                    2c:2c:34:28:d2:6c:b9:75:e5:e5:03:28:a5:2d:df:
                    96:a3:41:88:3e:55:a7:95:4e:78:12:57:17:ab:17:
                    6c:96:ef:80:74:1a:41:5a:f4:0d:c8:40:65:57:2b:
                    77:a8:65:db:ed:4b:02:ba:96:4c:95:35:d1:2d:a2:
                    07:3e:fa:d1:7b:98:3e:ae:ec:d6:47:2e:0b:2c:d4:
                    ff:11:86:bd:81:9b:0f:48:f3:eb:61:16:6e:28:55:
                    39:64:ba:28:4d:0c:f9:fd:8a:5b:fa:9f:5d:ac:e5:
                    c4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:50:3F:C4:6C:B8:03:E9:B2:00:20:AB:62:F7:70:80:F6:29:7B:58
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/ulA_xGy4A-myACCrYvdwgPYpe1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5b81:2120::/44
                  2a04:5b82:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:42:76:f0:0e:89:73:9e:a0:d6:c6:5b:4b:5a:35:d0:cf:b1:
         b9:9d:09:d5:b2:e7:f2:f7:0f:66:d5:33:7d:1a:9c:dc:3f:b5:
         01:28:4f:90:13:76:67:71:c7:8d:64:6f:65:56:b2:58:aa:39:
         23:32:2b:6b:3b:49:fc:94:56:86:34:2b:83:c6:7f:0b:3a:f9:
         75:fa:4d:bd:56:45:4d:43:6f:97:2a:04:38:e6:09:49:15:f1:
         ab:5f:44:eb:10:31:15:f1:09:b2:50:0d:7e:81:10:d4:e7:6a:
         23:55:0d:b5:83:a4:3f:e1:5b:4d:08:f5:9d:cc:ed:43:f9:0f:
         de:26:45:54:fe:40:91:08:92:41:1e:f0:95:f0:1e:38:a1:2a:
         74:53:53:94:5b:73:42:5a:0d:5f:e6:20:44:2f:54:34:18:53:
         16:ed:f1:a7:a0:f9:f0:53:85:88:6d:76:80:55:fb:a9:73:b2:
         06:d7:15:2e:bd:73:21:e1:98:0b:6b:5f:bd:94:56:02:b6:26:
         b6:72:c8:62:74:d4:a9:7c:52:59:b3:37:6d:42:6a:88:8c:8f:
         f5:85:13:69:cc:27:ed:a4:74:0b:d0:9e:76:4c:8b:81:f9:53:
         a7:d6:42:cb:d2:0f:14:4c:2a:35:a3:1e:bb:4a:91:c4:82:db:
         c6:c5:e4:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY06PoMdYzzotZPAxvavrYMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjQwMTI0MDY1MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTUwM2ZjNDZjYjgwM2U5YjIwMDIwYWI2MmY3NzA4MGY2Mjk3YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlf+fgdKzh5js8OIK1/mN7Qkba0uC
fW3B9JaC6+DhagyBEhWZjSmRsgmlkFc+ovQSWl3n7osx+9HBxS3Bb5HPJA9jEhH3
NISxsC5S4t+fO8iBU/ztpJzSNQfd3jjxo3MXRPEHbvonS9Y5N3l1XRGlc3g2gFzR
urKWfSlr7JDQc90ICg9O/ryvbSAnAWLkKVDcYwQkesgsLDQo0my5deXlAyilLd+W
o0GIPlWnlU54ElcXqxdslu+AdBpBWvQNyEBlVyt3qGXb7UsCupZMlTXRLaIHPvrR
e5g+ruzWRy4LLNT/EYa9gZsPSPPrYRZuKFU5ZLooTQz5/Ypb+p9drOXEyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLpQP8RsuAPpsgAgq2L3cID2KXtYMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvdWxBX3hHeTRBLW15QUNDcll2ZHdnUFlwZTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgRbgSEg
AwcAKgRbgiAAMA0GCSqGSIb3DQEBCwUAA4IBAQAaQnbwDolznqDWxltLWjXQz7G5
nQnVsufy9w9m1TN9GpzcP7UBKE+QE3ZncceNZG9lVrJYqjkjMitrO0n8lFaGNCuD
xn8LOvl1+k29VkVNQ2+XKgQ45glJFfGrX0TrEDEV8QmyUA1+gRDU52ojVQ21g6Q/
4VtNCPWdzO1D+Q/eJkVU/kCRCJJBHvCV8B44oSp0U1OUW3NCWg1f5iBEL1Q0GFMW
7fGnoPnwU4WIbXaAVfupc7IG1xUuvXMh4ZgLa1+9lFYCtia2cshidNSpfFJZszdt
QmqIjI/1hRNpzCftpHQL0J52TIuB+VOn1kLL0g8UTCo1ox67SpHEgtvGxeSD
-----END CERTIFICATE-----