Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/xLS26gSGIpkpFPo5Nwxx9VQMh70.roa
File:                     xLS26gSGIpkpFPo5Nwxx9VQMh70.roa (raw, json)
Hash identifier:          ZB4aX0cmH4kyHPT4gWioqzpzLxiM61jrOxI4yhYfPgY=
Subject key identifier:   C4:B4:B6:EA:04:86:22:99:29:14:FA:39:37:0C:71:F5:54:0C:87:BD
Certificate issuer:       /CN=29b79380fe407439cc2ecd3fac18157db36cf768
Certificate serial:       018CC6B9235052EB77B45661517B901EF3B1
Authority key identifier: 29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/xLS26gSGIpkpFPo5Nwxx9VQMh70.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3549
IP address blocks:        2a05:6744::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:23:50:52:eb:77:b4:56:61:51:7b:90:1e:f3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b79380fe407439cc2ecd3fac18157db36cf768
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4b4b6ea048622992914fa39370c71f5540c87bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9c:63:0b:aa:b3:27:66:ca:df:e3:11:fa:54:
                    d6:19:6f:b1:be:53:8c:79:3d:9d:e4:e7:1f:21:e3:
                    d8:35:68:83:fc:4d:63:17:22:71:fc:f2:92:e9:5a:
                    6f:57:9d:80:60:ab:7c:a5:3f:d7:66:8d:30:43:15:
                    96:7b:eb:57:ed:01:7e:1f:a4:0e:52:ab:d4:2b:50:
                    4f:f1:59:93:ca:74:38:78:59:40:82:2d:e4:09:88:
                    b1:5f:7c:ba:e9:5e:92:42:2b:b0:56:f2:4f:9c:eb:
                    74:54:c4:2e:3d:6f:e9:31:85:22:2f:c7:3c:38:51:
                    99:f0:28:bd:71:1d:cb:f7:96:e1:9f:98:12:aa:66:
                    51:ac:ee:94:ab:bd:0f:3f:45:50:ea:d1:27:1d:17:
                    97:f1:f2:f2:95:bd:f0:bd:84:8c:34:fd:b5:4c:2a:
                    b5:c9:dd:0b:f7:79:ef:6e:48:32:a8:2e:6b:5a:c3:
                    8e:99:70:5c:af:1e:02:5b:94:8d:b5:55:35:42:35:
                    1b:40:46:2f:18:a6:48:93:4b:10:5f:6c:74:d7:72:
                    2f:80:1d:b8:81:d6:22:a5:91:62:98:37:93:92:fd:
                    eb:d4:fc:ab:8a:6c:17:98:55:e3:29:0a:e6:03:f4:
                    a5:a0:45:6f:78:a7:cb:3e:72:1a:de:41:01:38:56:
                    db:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B4:B6:EA:04:86:22:99:29:14:FA:39:37:0C:71:F5:54:0C:87:BD
            X509v3 Authority Key Identifier:
                keyid:29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/xLS26gSGIpkpFPo5Nwxx9VQMh70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6744::/46

    Signature Algorithm: sha256WithRSAEncryption
         70:fa:7a:23:79:6e:cd:39:29:34:ef:98:ee:b9:8e:c4:d2:37:
         6f:fb:61:83:7e:7f:6d:14:99:6c:89:c4:53:5d:a0:4c:fd:09:
         22:6b:fa:9a:f6:99:7c:10:7d:5e:b5:ed:92:39:f0:87:6b:a7:
         57:8f:fa:8b:3e:f0:3a:6e:2e:e6:fe:12:f9:5f:29:8d:13:58:
         28:60:ab:db:cb:8f:b0:1e:0d:fb:78:dd:2b:ca:d6:6e:55:f2:
         de:b7:92:69:5e:56:36:4c:27:41:7f:a4:07:9b:c5:a6:bd:bc:
         a3:d8:74:03:c8:ce:fb:2e:0e:f4:4f:69:36:4a:7e:57:c3:37:
         54:61:5f:71:33:26:dd:46:33:ec:75:ef:ad:dd:63:76:20:e2:
         27:6d:61:db:8b:75:60:75:34:88:4a:88:1e:39:0a:d7:f0:84:
         ce:42:ab:9a:e3:5f:74:6d:a4:bd:ae:35:77:a7:9b:65:8b:08:
         a2:79:c7:6a:d6:62:e0:da:b7:5b:22:8e:d0:04:9c:fb:6c:bc:
         0b:53:a7:ae:e3:ec:c0:20:7f:c8:ec:7d:c3:4d:df:c9:e9:24:
         6d:40:c5:3d:77:5d:68:6c:77:90:74:19:fd:f9:2a:c1:ea:4d:
         ea:e9:f2:21:16:a2:ba:3c:29:ae:1c:03:54:e3:c5:f3:c8:80:
         87:77:24:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuSNQUut3tFZhUXuQHvOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Yjc5MzgwZmU0MDc0MzljYzJlY2QzZmFjMTgxNTdkYjM2
Y2Y3NjgwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGI0YjZlYTA0ODYyMjk5MjkxNGZhMzkzNzBjNzFmNTU0MGM4N2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5xjC6qzJ2bK3+MR+lTWGW+xvlOM
eT2d5OcfIePYNWiD/E1jFyJx/PKS6VpvV52AYKt8pT/XZo0wQxWWe+tX7QF+H6QO
UqvUK1BP8VmTynQ4eFlAgi3kCYixX3y66V6SQiuwVvJPnOt0VMQuPW/pMYUiL8c8
OFGZ8Ci9cR3L95bhn5gSqmZRrO6Uq70PP0VQ6tEnHReX8fLylb3wvYSMNP21TCq1
yd0L93nvbkgyqC5rWsOOmXBcrx4CW5SNtVU1QjUbQEYvGKZIk0sQX2x013IvgB24
gdYipZFimDeTkv3r1PyrimwXmFXjKQrmA/SloEVveKfLPnIa3kEBOFbbEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMS0tuoEhiKZKRT6OTcMcfVUDIe9MB8GA1UdIwQY
MBaAFCm3k4D+QHQ5zC7NP6wYFX2zbPdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWIt
MWU4NDIxMThkYjZmLzEveExTMjZnU0dJcGtwRlBvNU53eHg5VlFNaDcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWItMWU4NDIxMThkYjZm
LzEvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgVnRAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBw+nojeW7NOSk075juuY7E0jdv+2GDfn9tFJls
icRTXaBM/Qkia/qa9pl8EH1ete2SOfCHa6dXj/qLPvA6bi7m/hL5XymNE1goYKvb
y4+wHg37eN0rytZuVfLet5JpXlY2TCdBf6QHm8Wmvbyj2HQDyM77Lg70T2k2Sn5X
wzdUYV9xMybdRjPsde+t3WN2IOInbWHbi3VgdTSISogeOQrX8ITOQqua4190baS9
rjV3p5tliwiiecdq1mLg2rdbIo7QBJz7bLwLU6eu4+zAIH/I7H3DTd/J6SRtQMU9
d11obHeQdBn9+SrB6k3q6fIhFqK6PCmuHANU48XzyICHdyRD
-----END CERTIFICATE-----