Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/80bf4f-ccfd-4cd0-ad4d-b5eec9bd7705/1/Ru0nP8e-5Ra7xvNzdNCEnbrLlz0.roa
File:                     Ru0nP8e-5Ra7xvNzdNCEnbrLlz0.roa (raw, json)
Hash identifier:          8L5wycpFSpb3qXsE/CVY7G3WPtushpiUXMV5X1Uimw4=
Subject key identifier:   46:ED:27:3F:C7:BE:E5:16:BB:C6:F3:73:74:D0:84:9D:BA:CB:97:3D
Certificate issuer:       /CN=c3f41de1fe0636e084379b1ad2ebba7edfcf9682
Certificate serial:       018CC94E48870E60127EDE5AFC41D47C129F
Authority key identifier: C3:F4:1D:E1:FE:06:36:E0:84:37:9B:1A:D2:EB:BA:7E:DF:CF:96:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_Qd4f4GNuCEN5sa0uu6ft_PloI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/80bf4f-ccfd-4cd0-ad4d-b5eec9bd7705/1/Ru0nP8e-5Ra7xvNzdNCEnbrLlz0.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202684
IP address blocks:        2a0e:4940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/80bf4f-ccfd-4cd0-ad4d-b5eec9bd7705/1/w_Qd4f4GNuCEN5sa0uu6ft_PloI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/80bf4f-ccfd-4cd0-ad4d-b5eec9bd7705/1/w_Qd4f4GNuCEN5sa0uu6ft_PloI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_Qd4f4GNuCEN5sa0uu6ft_PloI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:48:87:0e:60:12:7e:de:5a:fc:41:d4:7c:12:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3f41de1fe0636e084379b1ad2ebba7edfcf9682
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46ed273fc7bee516bbc6f37374d0849dbacb973d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7a:39:a1:86:db:65:e7:60:ae:b5:60:d3:17:
                    1e:aa:0c:8c:a6:7b:dd:b0:cb:07:aa:e6:b1:f0:19:
                    45:ed:63:cc:a8:aa:8a:8a:19:54:38:fa:78:54:5f:
                    c5:03:d5:fa:a2:38:8a:99:01:79:98:08:9e:4c:fb:
                    53:eb:47:ef:20:fb:fb:9d:c8:51:01:76:21:eb:b1:
                    0c:7f:6c:21:6e:81:8f:29:c0:0b:5c:28:0b:62:95:
                    eb:a1:af:10:51:f2:a3:72:34:7b:5d:eb:9a:e8:69:
                    82:b4:dd:b9:1f:01:e2:c7:08:6c:33:44:08:e9:43:
                    04:6b:e1:b8:1c:ce:ff:01:79:ba:79:16:0f:59:65:
                    ed:4d:d2:3c:3e:29:9b:32:10:9a:4b:6e:d5:d3:de:
                    26:0d:65:f6:3d:3d:c9:b9:f4:60:13:e0:cb:cb:82:
                    f3:f1:7f:85:7f:ae:9d:13:41:2b:70:98:7e:8b:82:
                    3d:7b:0f:ec:e8:18:01:c3:6d:21:32:d7:07:bb:f1:
                    f7:1b:9f:7b:73:e5:10:dd:5a:d4:a4:6a:03:a6:ab:
                    8a:52:5b:75:2a:e6:86:20:3c:72:6b:1d:d5:8f:b1:
                    a6:ae:ab:6f:a4:ed:31:f0:92:e8:59:f5:3f:53:92:
                    57:cb:8c:67:ed:61:a9:85:9d:6c:05:f5:dd:cc:e7:
                    d5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:ED:27:3F:C7:BE:E5:16:BB:C6:F3:73:74:D0:84:9D:BA:CB:97:3D
            X509v3 Authority Key Identifier:
                keyid:C3:F4:1D:E1:FE:06:36:E0:84:37:9B:1A:D2:EB:BA:7E:DF:CF:96:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_Qd4f4GNuCEN5sa0uu6ft_PloI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/80bf4f-ccfd-4cd0-ad4d-b5eec9bd7705/1/Ru0nP8e-5Ra7xvNzdNCEnbrLlz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/80bf4f-ccfd-4cd0-ad4d-b5eec9bd7705/1/w_Qd4f4GNuCEN5sa0uu6ft_PloI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4940::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:4b:43:06:96:d0:57:4d:d6:34:4a:8f:88:4d:4a:e6:03:49:
         6e:45:3e:f6:33:44:0c:7d:86:0f:4b:96:2e:85:f1:3a:16:02:
         0f:cf:8a:30:c3:32:a8:b1:7a:90:f1:4d:6b:a1:68:0a:7c:b7:
         06:0d:81:d4:4a:12:a7:12:34:8b:5f:77:e8:16:58:a4:51:78:
         cb:6e:52:2f:7b:07:c4:df:54:34:6a:dc:06:30:a1:6a:6c:93:
         59:f7:99:03:fd:a0:53:30:d9:3d:0b:e3:44:86:be:b6:9f:dc:
         2e:44:af:16:17:b0:43:6c:f1:91:e3:08:f1:3a:c4:1d:50:8f:
         99:34:6d:91:40:85:8d:40:9f:cb:c7:7f:04:48:68:fb:a8:ec:
         9d:0f:59:30:ee:41:3b:73:df:c5:e6:8f:15:b1:35:22:54:ce:
         3b:cb:12:0e:a3:82:ba:c4:e8:83:69:a9:45:87:fa:e5:83:db:
         60:3e:ec:b8:29:37:75:90:f8:0e:5e:06:75:c3:a8:91:85:71:
         90:f3:c8:e4:c4:80:01:49:8c:49:d3:6d:27:68:e8:71:ab:f9:
         2c:dc:01:5a:13:f3:5a:da:f5:19:bb:4d:27:9c:1d:87:1f:0f:
         93:4f:69:06:42:a4:d1:40:49:b2:03:af:99:00:8a:fa:a9:95:
         2b:36:66:16
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTkiHDmASft5a/EHUfBKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZjQxZGUxZmUwNjM2ZTA4NDM3OWIxYWQyZWJiYTdlZGZj
Zjk2ODIwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVkMjczZmM3YmVlNTE2YmJjNmYzNzM3NGQwODQ5ZGJhY2I5NzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqno5oYbbZedgrrVg0xceqgyMpnvd
sMsHquax8BlF7WPMqKqKihlUOPp4VF/FA9X6ojiKmQF5mAieTPtT60fvIPv7nchR
AXYh67EMf2whboGPKcALXCgLYpXroa8QUfKjcjR7Xeua6GmCtN25HwHixwhsM0QI
6UMEa+G4HM7/AXm6eRYPWWXtTdI8PimbMhCaS27V094mDWX2PT3JufRgE+DLy4Lz
8X+Ff66dE0ErcJh+i4I9ew/s6BgBw20hMtcHu/H3G597c+UQ3VrUpGoDpquKUlt1
KuaGIDxyax3Vj7GmrqtvpO0x8JLoWfU/U5JXy4xn7WGphZ1sBfXdzOfVeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEbtJz/HvuUWu8bzc3TQhJ26y5c9MB8GA1UdIwQY
MBaAFMP0HeH+BjbghDebGtLrun7fz5aCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd19RZDRmNEdOdUNFTjVzYTB1dTZmdF9QbG9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy84MGJmNGYtY2NmZC00Y2QwLWFkNGQt
YjVlZWM5YmQ3NzA1LzEvUnUwblA4ZS01UmE3eHZOemROQ0VuYnJMbHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy84MGJmNGYtY2NmZC00Y2QwLWFkNGQtYjVlZWM5YmQ3NzA1
LzEvd19RZDRmNEdOdUNFTjVzYTB1dTZmdF9QbG9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5JQDAN
BgkqhkiG9w0BAQsFAAOCAQEAsUtDBpbQV03WNEqPiE1K5gNJbkU+9jNEDH2GD0uW
LoXxOhYCD8+KMMMyqLF6kPFNa6FoCny3Bg2B1EoSpxI0i1936BZYpFF4y25SL3sH
xN9UNGrcBjChamyTWfeZA/2gUzDZPQvjRIa+tp/cLkSvFhewQ2zxkeMI8TrEHVCP
mTRtkUCFjUCfy8d/BEho+6jsnQ9ZMO5BO3PfxeaPFbE1IlTOO8sSDqOCusTog2mp
RYf65YPbYD7suCk3dZD4Dl4GdcOokYVxkPPI5MSAAUmMSdNtJ2jocav5LNwBWhPz
Wtr1GbtNJ5wdhx8Pk09pBkKk0UBJsgOvmQCK+qmVKzZmFg==
-----END CERTIFICATE-----