Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/KTjrig58iCiDtCXLyYl4meXMdCM.roa
File:                     KTjrig58iCiDtCXLyYl4meXMdCM.roa (raw, json)
Hash identifier:          BdXNjrhrST6rMpLc+0llzb1KPIvY+J2WR1/ZtLpfNGk=
Subject key identifier:   29:38:EB:8A:0E:7C:88:28:83:B4:25:CB:C9:89:78:99:E5:CC:74:23
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE30D5F030742BAD98C8766A126627
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/KTjrig58iCiDtCXLyYl4meXMdCM.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a0a:b384::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:30:d5:f0:30:74:2b:ad:98:c8:76:6a:12:66:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2938eb8a0e7c882883b425cbc9897899e5cc7423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3b:c3:66:e7:b2:26:c7:5d:61:55:f6:2e:c5:
                    8c:be:d6:7b:dd:c7:49:5c:65:c9:2c:04:b3:62:d4:
                    c2:53:3b:5a:f7:19:d5:98:04:51:79:3f:0e:07:71:
                    e8:2b:98:ec:44:00:79:37:43:7a:e0:9d:71:53:b5:
                    9d:27:56:af:73:13:b9:91:c8:13:ec:de:d2:b4:fe:
                    31:ec:fa:5a:5a:a0:a8:24:4f:ef:7d:bb:1e:a7:2e:
                    bc:88:c4:a7:06:90:4e:8d:96:cb:0e:be:30:5c:62:
                    54:87:13:23:80:67:2c:62:2c:f7:3c:9f:50:8e:b0:
                    c8:02:e4:51:65:dc:ad:d8:f8:84:c2:df:be:d6:f0:
                    98:29:c1:fb:d4:d3:98:2a:f3:9c:68:50:16:e3:ca:
                    72:14:5e:52:33:44:61:cc:c1:5f:10:8f:7b:1a:ca:
                    fc:04:57:19:e4:e1:3a:58:67:60:24:15:b2:c6:18:
                    05:41:18:86:7c:9e:3f:46:6e:8c:11:aa:a1:07:c5:
                    e1:71:94:97:05:4e:80:0d:6e:4d:4c:bc:e4:49:0f:
                    83:38:9d:1f:d1:1d:11:06:b5:c2:48:9f:26:b3:f9:
                    89:2d:a3:ee:92:76:b3:ad:62:8a:ba:d1:9a:29:8f:
                    c2:ef:21:27:07:7a:a1:0b:18:28:82:72:02:fc:7e:
                    88:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:38:EB:8A:0E:7C:88:28:83:B4:25:CB:C9:89:78:99:E5:CC:74:23
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/KTjrig58iCiDtCXLyYl4meXMdCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:b384::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:09:54:cb:43:48:3b:e2:a3:03:ba:02:a2:d2:b6:84:99:b7:
         96:80:00:ce:16:98:ba:3d:2e:83:27:da:be:cb:e5:8b:ef:a3:
         1e:09:06:ae:4c:be:31:35:05:06:b2:46:59:8d:4a:29:69:0d:
         e2:ba:cc:89:35:39:81:4e:57:97:18:89:e9:06:d3:cc:4a:06:
         eb:b4:35:4e:69:f6:77:c2:e1:e9:da:e0:4b:8b:95:ee:fd:81:
         70:0d:c9:45:6a:2a:55:71:d9:ed:88:fd:50:ea:34:45:f1:6a:
         3f:f5:59:de:37:83:ab:fa:be:91:da:b3:58:ac:9a:53:67:b5:
         05:d7:dd:51:3e:b3:d1:db:11:1a:47:ad:66:08:a3:85:aa:6d:
         c8:d4:a5:97:20:32:e4:9c:4d:3f:1b:6f:ae:3e:ab:fb:bb:1f:
         55:4f:c9:b2:c4:28:6a:ae:82:3e:17:94:ae:02:5d:bc:cd:62:
         fa:d6:2c:1b:86:f0:a1:dc:49:63:54:70:7a:18:ec:8f:f9:ee:
         f9:d4:26:dd:96:c9:99:33:b8:47:d6:0d:49:a8:b4:0d:dd:49:
         d5:3e:fb:65:a6:f3:03:86:25:23:42:9d:27:9f:5c:c5:04:32:
         2d:fd:48:71:06:40:67:ec:b2:ff:c9:46:05:af:9e:55:d6:8a:
         f4:67:fe:c9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3jDV8DB0K62YyHZqEmYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTM4ZWI4YTBlN2M4ODI4ODNiNDI1Y2JjOTg5Nzg5OWU1Y2M3NDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDvDZueyJsddYVX2LsWMvtZ73cdJ
XGXJLASzYtTCUzta9xnVmARReT8OB3HoK5jsRAB5N0N64J1xU7WdJ1avcxO5kcgT
7N7StP4x7PpaWqCoJE/vfbsepy68iMSnBpBOjZbLDr4wXGJUhxMjgGcsYiz3PJ9Q
jrDIAuRRZdyt2PiEwt++1vCYKcH71NOYKvOcaFAW48pyFF5SM0RhzMFfEI97Gsr8
BFcZ5OE6WGdgJBWyxhgFQRiGfJ4/Rm6MEaqhB8XhcZSXBU6ADW5NTLzkSQ+DOJ0f
0R0RBrXCSJ8ms/mJLaPuknazrWKKutGaKY/C7yEnB3qhCxgognIC/H6ItQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCk464oOfIgog7Qly8mJeJnlzHQjMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvS1RqcmlnNThpQ2lEdENYTHlZbDRtZVhNZENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqzhDAN
BgkqhkiG9w0BAQsFAAOCAQEAwAlUy0NIO+KjA7oCotK2hJm3loAAzhaYuj0ugyfa
vsvli++jHgkGrky+MTUFBrJGWY1KKWkN4rrMiTU5gU5XlxiJ6QbTzEoG67Q1Tmn2
d8Lh6drgS4uV7v2BcA3JRWoqVXHZ7Yj9UOo0RfFqP/VZ3jeDq/q+kdqzWKyaU2e1
BdfdUT6z0dsRGketZgijhaptyNSllyAy5JxNPxtvrj6r+7sfVU/JssQoaq6CPheU
rgJdvM1i+tYsG4bwodxJY1Rwehjsj/nu+dQm3ZbJmTO4R9YNSai0Dd1J1T77Zabz
A4YlI0KdJ59cxQQyLf1IcQZAZ+yy/8lGBa+eVdaK9Gf+yQ==
-----END CERTIFICATE-----