Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/z4lnjFYEqZo9HUthRS6YEsB7-To.roa
File:                     z4lnjFYEqZo9HUthRS6YEsB7-To.roa (raw, json)
Hash identifier:          kG0ly9vf56afIr9qp3K1kctUo1KOqV6hcBRYDFrudp0=
Subject key identifier:   CF:89:67:8C:56:04:A9:9A:3D:1D:4B:61:45:2E:98:12:C0:7B:F9:3A
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       018D3A3E83DE9C2582D4121D0AFBA03D6F4A
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/z4lnjFYEqZo9HUthRS6YEsB7-To.roa
Signing time:             Wed 24 Jan 2024 06:53:11 +0000
ROA not before:           Wed 24 Jan 2024 06:53:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a04:5b81:2120::/44 maxlen: 48
                          2a04:5b82:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:3e:83:de:9c:25:82:d4:12:1d:0a:fb:a0:3d:6f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jan 24 06:53:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf89678c5604a99a3d1d4b61452e9812c07bf93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:38:02:4a:bd:cc:81:b1:bf:6f:e0:e5:32:fd:
                    5f:a1:7b:0a:14:14:1f:07:e9:e5:b3:f6:94:c7:1a:
                    30:43:00:2b:6b:76:59:f3:67:81:0c:75:bd:75:3f:
                    06:c3:39:c7:d1:f5:7b:95:00:d0:64:19:c2:88:0d:
                    09:e0:51:62:c6:34:26:86:5e:68:e8:78:8d:b8:b4:
                    29:e3:82:25:90:a8:6e:48:c5:90:ac:29:a7:79:9e:
                    8e:f6:53:fe:37:b0:1b:32:75:a8:b8:a3:dd:f7:7b:
                    c6:6a:51:48:f7:38:d6:9d:a2:47:c7:6d:ad:46:6b:
                    ff:b2:a6:23:f1:23:f7:bb:d3:4c:5f:ab:6b:42:13:
                    52:51:cf:ba:35:fc:b7:e0:cf:29:3e:42:ac:c9:a9:
                    08:c2:90:20:5d:38:eb:58:9a:17:95:b7:68:5b:32:
                    c1:db:c1:8a:0d:a0:c3:e0:a9:7c:df:71:98:24:81:
                    4e:6b:55:1c:b6:a4:54:9f:24:85:dc:ef:82:56:04:
                    c2:52:71:68:22:a2:ff:d3:7a:6b:4e:83:3e:57:71:
                    80:c4:59:7d:95:de:2f:ca:ba:7a:16:81:76:a0:cb:
                    e8:7a:a9:8d:de:b3:32:c4:71:4b:c9:2f:d3:5c:32:
                    0f:cb:b0:15:61:f0:53:c9:f2:fd:45:34:a0:78:c6:
                    69:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:89:67:8C:56:04:A9:9A:3D:1D:4B:61:45:2E:98:12:C0:7B:F9:3A
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/z4lnjFYEqZo9HUthRS6YEsB7-To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5b81:2120::/44
                  2a04:5b82:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:2a:c4:91:16:f2:ed:e2:17:59:16:b7:1a:43:72:28:f1:44:
         c5:84:89:a4:e9:93:41:98:91:d6:2f:27:55:29:1a:20:66:ee:
         ec:b9:b7:1f:00:d8:1c:a5:d1:df:12:2e:80:5a:8a:5f:0b:06:
         de:a5:f9:33:26:4d:43:8d:53:33:c1:3b:fa:a7:9b:5f:50:f3:
         d9:3d:ff:98:1b:40:cb:dc:2c:02:ea:f3:65:71:a2:69:ee:06:
         c2:29:67:ab:bc:bf:a3:b2:f3:20:26:32:7d:60:64:ec:85:27:
         76:02:db:58:24:8d:37:1b:59:ff:43:93:ef:7c:82:d0:ca:1d:
         ba:23:bb:90:a5:a6:4a:c0:c6:30:91:bb:d6:88:92:93:75:e7:
         89:97:bd:ec:28:5d:c0:24:f7:ac:0b:4d:ff:78:6e:8e:73:cb:
         51:dc:c2:a1:93:e1:d5:51:4d:ef:f7:a1:de:a1:5c:0c:53:47:
         6a:fb:98:09:4a:c1:8a:6a:72:c4:42:21:cd:b3:7c:ac:00:11:
         f9:72:30:7d:28:3f:80:f3:a6:3e:b7:af:81:ed:38:b3:ae:14:
         be:b9:63:f0:83:a3:69:7e:b9:bf:a0:95:f1:54:84:7f:28:64:
         e2:6e:82:27:44:08:a8:ee:50:44:88:93:3d:89:36:42:26:19:
         9d:c2:87:78
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY06PoPenCWC1BIdCvugPW9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjQwMTI0MDY1MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg5Njc4YzU2MDRhOTlhM2QxZDRiNjE0NTJlOTgxMmMwN2JmOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijgCSr3MgbG/b+DlMv1foXsKFBQf
B+nls/aUxxowQwAra3ZZ82eBDHW9dT8GwznH0fV7lQDQZBnCiA0J4FFixjQmhl5o
6HiNuLQp44IlkKhuSMWQrCmneZ6O9lP+N7AbMnWouKPd93vGalFI9zjWnaJHx22t
Rmv/sqYj8SP3u9NMX6trQhNSUc+6Nfy34M8pPkKsyakIwpAgXTjrWJoXlbdoWzLB
28GKDaDD4Kl833GYJIFOa1UctqRUnySF3O+CVgTCUnFoIqL/03prToM+V3GAxFl9
ld4vyrp6FoF2oMvoeqmN3rMyxHFLyS/TXDIPy7AVYfBTyfL9RTSgeMZpUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM+JZ4xWBKmaPR1LYUUumBLAe/k6MB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvejRsbmpGWUVxWm85SFV0aFJTNllFc0I3LVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgRbgSEg
AwcAKgRbgiAAMA0GCSqGSIb3DQEBCwUAA4IBAQAMKsSRFvLt4hdZFrcaQ3Io8UTF
hImk6ZNBmJHWLydVKRogZu7subcfANgcpdHfEi6AWopfCwbepfkzJk1DjVMzwTv6
p5tfUPPZPf+YG0DL3CwC6vNlcaJp7gbCKWervL+jsvMgJjJ9YGTshSd2AttYJI03
G1n/Q5PvfILQyh26I7uQpaZKwMYwkbvWiJKTdeeJl73sKF3AJPesC03/eG6Oc8tR
3MKhk+HVUU3v96HeoVwMU0dq+5gJSsGKanLEQiHNs3ysABH5cjB9KD+A86Y+t6+B
7TizrhS+uWPwg6Npfrm/oJXxVIR/KGTiboInRAio7lBEiJM9iTZCJhmdwod4
-----END CERTIFICATE-----