Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/xwMJc5pg7XCJXVbzfy_bW4-lnuQ.roa
File:                     xwMJc5pg7XCJXVbzfy_bW4-lnuQ.roa (raw, json)
Hash identifier:          r/YqxEeT1PmJvJRhtBEZidKixYS107OgPzR8hQgj8Z8=
Subject key identifier:   C7:03:09:73:9A:60:ED:70:89:5D:56:F3:7F:2F:DB:5B:8F:A5:9E:E4
Certificate issuer:       /CN=29b79380fe407439cc2ecd3fac18157db36cf768
Certificate serial:       018CC6B92429199428D073B10D552D513893
Authority key identifier: 29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/xwMJc5pg7XCJXVbzfy_bW4-lnuQ.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201110
IP address blocks:        2a05:6740:40c6::/48 maxlen: 48
                          2a05:6740:40c4::/48 maxlen: 48
                          2a05:6740:40c5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:24:29:19:94:28:d0:73:b1:0d:55:2d:51:38:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b79380fe407439cc2ecd3fac18157db36cf768
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c70309739a60ed70895d56f37f2fdb5b8fa59ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:63:41:2f:c0:0c:91:86:2b:da:8e:d9:76:a3:
                    5a:da:1e:f2:6c:df:6d:d0:e0:28:c3:1c:da:1b:cc:
                    87:b7:81:22:b9:e1:e8:c0:09:30:52:bb:16:ff:f3:
                    2f:7f:c2:78:f2:f9:00:1c:c4:3a:05:81:12:7f:14:
                    77:69:7b:6c:dd:2c:11:b7:34:b6:46:0e:a0:7b:0d:
                    b1:a7:f7:f0:5b:b0:f8:7f:d7:f3:09:ec:dd:eb:9b:
                    10:ce:e3:19:0b:30:36:7e:32:2d:26:83:f3:82:47:
                    a3:cb:82:bc:38:e6:63:7b:e4:25:85:e5:85:7c:a2:
                    83:8a:c4:39:30:70:e8:c9:41:2a:08:ae:f3:61:f8:
                    1c:70:d6:23:94:26:b3:2e:f3:bc:d1:16:df:72:b6:
                    1a:7c:8f:bd:2e:5c:7c:b1:31:ac:c5:66:5f:1d:2c:
                    1c:bc:8f:69:a6:e9:92:a1:95:8b:21:3d:6b:df:be:
                    42:a4:1c:39:6b:82:f6:16:6a:12:cd:dc:18:15:e8:
                    75:81:a1:9b:39:ea:3a:29:85:58:d2:72:89:0a:7f:
                    00:c8:5f:25:76:96:54:da:b9:dc:98:e6:00:83:29:
                    6f:5a:40:80:49:e9:b9:6c:e7:c4:3f:40:3b:a2:22:
                    c0:a8:02:97:30:34:0f:f9:11:02:72:de:ea:e8:03:
                    08:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:03:09:73:9A:60:ED:70:89:5D:56:F3:7F:2F:DB:5B:8F:A5:9E:E4
            X509v3 Authority Key Identifier:
                keyid:29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/xwMJc5pg7XCJXVbzfy_bW4-lnuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6740:40c4::-2a05:6740:40c6:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         46:c2:cb:c7:e4:6e:8e:b6:d1:30:b8:a4:33:1a:aa:3c:0c:ba:
         d1:42:aa:1f:c5:d3:a1:88:c7:00:c1:a6:74:41:2e:22:43:33:
         bb:da:76:72:00:a2:22:d2:0a:04:ee:1c:9a:f3:f7:f5:b8:aa:
         11:ec:e0:43:18:f8:54:bb:55:65:e3:6f:d3:b7:5b:8a:d8:64:
         5e:47:60:7d:d9:f4:e3:de:f4:04:ec:02:1d:bc:a2:a7:1f:db:
         c8:19:a7:2c:93:18:e3:d0:d2:58:1d:97:23:c7:77:41:37:ac:
         0f:66:94:90:45:a3:5f:a1:ed:f7:fc:20:5f:88:6f:85:4b:de:
         45:2b:c1:2d:5a:17:66:8a:25:b1:2e:21:1f:c9:60:72:e5:82:
         9f:39:b8:62:0c:2f:f4:ea:ed:f2:50:c1:c3:2d:19:96:fe:35:
         97:20:89:84:a4:63:ce:f4:cc:8a:b9:3e:a5:d7:81:e0:4c:99:
         03:10:13:6d:b3:c5:11:ca:a5:96:c0:23:de:3c:c9:34:22:35:
         5e:ce:32:6e:15:cf:9d:d4:38:81:7a:aa:6b:a6:c0:a7:23:79:
         69:fa:82:8d:69:e5:d4:8d:fe:06:0a:6b:c2:5d:06:50:84:df:
         bd:ca:59:2a:4c:e4:70:b3:3b:ab:cd:d3:8d:b3:6d:ba:59:43:
         ad:4c:24:23
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuSQpGZQo0HOxDVUtUTiTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Yjc5MzgwZmU0MDc0MzljYzJlY2QzZmFjMTgxNTdkYjM2
Y2Y3NjgwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzAzMDk3MzlhNjBlZDcwODk1ZDU2ZjM3ZjJmZGI1YjhmYTU5ZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWNBL8AMkYYr2o7ZdqNa2h7ybN9t
0OAowxzaG8yHt4EiueHowAkwUrsW//Mvf8J48vkAHMQ6BYESfxR3aXts3SwRtzS2
Rg6gew2xp/fwW7D4f9fzCezd65sQzuMZCzA2fjItJoPzgkejy4K8OOZje+QlheWF
fKKDisQ5MHDoyUEqCK7zYfgccNYjlCazLvO80RbfcrYafI+9Llx8sTGsxWZfHSwc
vI9ppumSoZWLIT1r375CpBw5a4L2FmoSzdwYFeh1gaGbOeo6KYVY0nKJCn8AyF8l
dpZU2rncmOYAgylvWkCASem5bOfEP0A7oiLAqAKXMDQP+RECct7q6AMIKwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMcDCXOaYO1wiV1W838v21uPpZ7kMB8GA1UdIwQY
MBaAFCm3k4D+QHQ5zC7NP6wYFX2zbPdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWIt
MWU4NDIxMThkYjZmLzEveHdNSmM1cGc3WENKWFZiemZ5X2JXNC1sbnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWItMWU4NDIxMThkYjZm
LzEvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwIqBWdA
QMQDBwAqBWdAQMYwDQYJKoZIhvcNAQELBQADggEBAEbCy8fkbo620TC4pDMaqjwM
utFCqh/F06GIxwDBpnRBLiJDM7vadnIAoiLSCgTuHJrz9/W4qhHs4EMY+FS7VWXj
b9O3W4rYZF5HYH3Z9OPe9ATsAh28oqcf28gZpyyTGOPQ0lgdlyPHd0E3rA9mlJBF
o1+h7ff8IF+Ib4VL3kUrwS1aF2aKJbEuIR/JYHLlgp85uGIML/Tq7fJQwcMtGZb+
NZcgiYSkY870zIq5PqXXgeBMmQMQE22zxRHKpZbAI948yTQiNV7OMm4Vz53UOIF6
qmumwKcjeWn6go1p5dSN/gYKa8JdBlCE373KWSpM5HCzO6vN042zbbpZQ61MJCM=
-----END CERTIFICATE-----