Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/upeOPhDLoc23LTCQjJjKtSssfT8.roa
File:                     upeOPhDLoc23LTCQjJjKtSssfT8.roa (raw, json)
Hash identifier:          /HllCH83QUzPFyapqZNfsT5omTXGzHP4IfWrBUsYTn8=
Subject key identifier:   BA:97:8E:3E:10:CB:A1:CD:B7:2D:30:90:8C:98:CA:B5:2B:2C:7D:3F
Certificate issuer:       /CN=668d2f64c337465ed38da5f7cc4584df87d4a744
Certificate serial:       018CC3B7207884BD9C0E4B3138F9A1E4E3FB
Authority key identifier: 66:8D:2F:64:C3:37:46:5E:D3:8D:A5:F7:CC:45:84:DF:87:D4:A7:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/upeOPhDLoc23LTCQjJjKtSssfT8.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12857
IP address blocks:        2a00:b400::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:20:78:84:bd:9c:0e:4b:31:38:f9:a1:e4:e3:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668d2f64c337465ed38da5f7cc4584df87d4a744
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba978e3e10cba1cdb72d30908c98cab52b2c7d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:54:4d:de:4f:86:51:8b:41:95:a5:68:ed:02:
                    0e:00:0b:4b:25:fd:b5:27:0d:e5:d2:06:76:58:10:
                    35:26:0b:73:6f:b2:ec:4f:c7:3e:99:b3:3a:63:7c:
                    b7:43:aa:99:b0:cc:db:51:4e:a8:ea:6b:6c:fc:f2:
                    c8:29:3f:e1:a8:a7:e6:5c:08:5a:81:05:fb:b1:f5:
                    47:ea:74:a9:c4:67:45:51:fc:de:18:a0:f4:ed:41:
                    5e:25:af:6f:d7:10:52:3f:0a:99:3c:9c:37:d3:cb:
                    03:ba:cc:7e:18:28:bb:d9:16:07:ae:2d:a5:ee:e9:
                    56:97:14:46:82:68:46:b8:1e:b0:0a:aa:bf:c1:4c:
                    05:0c:ad:a4:bf:30:92:3a:76:8e:0e:41:3f:d8:94:
                    ab:75:bc:5a:84:3d:86:6c:af:0a:e7:f7:2a:a1:cf:
                    8e:87:53:94:77:a9:e2:a2:c4:24:d2:25:e3:51:e4:
                    46:0e:b9:2f:79:6e:30:8e:51:c2:35:05:91:63:f9:
                    31:fc:a7:fe:00:7b:f0:78:ed:8f:ce:ad:9b:07:65:
                    f8:4d:40:9d:86:f8:08:a4:29:43:9c:22:6f:ca:57:
                    13:1f:b4:03:68:8c:cb:26:d5:ba:88:ba:9c:de:b8:
                    ec:50:7e:59:c7:4a:02:dd:1e:f9:2f:7d:8a:7a:39:
                    1f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:97:8E:3E:10:CB:A1:CD:B7:2D:30:90:8C:98:CA:B5:2B:2C:7D:3F
            X509v3 Authority Key Identifier:
                keyid:66:8D:2F:64:C3:37:46:5E:D3:8D:A5:F7:CC:45:84:DF:87:D4:A7:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/upeOPhDLoc23LTCQjJjKtSssfT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:b400::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:fb:b0:90:b9:51:38:f4:29:33:08:a8:a4:b3:a3:95:51:e9:
         42:3f:50:c4:3c:77:91:3d:a6:b5:1f:2d:f3:30:f2:1b:54:9a:
         5b:64:ab:20:7f:3e:5b:7b:b8:0c:5b:9c:6b:a0:a1:ba:85:02:
         76:70:fd:cc:e2:97:3d:65:84:2b:b1:58:f6:2e:c4:1e:85:4b:
         d2:26:53:3b:8b:c9:6d:82:f0:87:be:ee:55:1f:d2:f2:2f:98:
         2a:d5:48:09:e1:17:24:07:96:2d:db:9b:70:92:b7:cf:6a:6d:
         16:83:23:55:fb:6f:8b:57:9e:1e:a3:59:df:2b:b2:77:00:da:
         82:85:9c:a6:ff:5b:f4:e3:b7:b0:12:70:89:0c:90:7b:c2:5c:
         51:bf:8e:de:e2:19:2d:86:8b:6e:90:b8:52:a6:26:88:a4:fb:
         f2:96:54:98:bc:a1:59:cf:c2:66:01:24:31:bd:fb:8f:71:4c:
         30:27:3b:1b:1a:22:00:f1:55:4b:ff:82:86:b1:1e:c8:13:d1:
         fa:94:e3:4c:35:a2:d8:13:0c:87:82:5f:cb:f0:2d:d7:f0:19:
         62:32:6d:2f:c1:62:23:42:bf:c7:3b:63:04:44:37:d6:1b:02:
         a5:c9:75:dc:bd:fe:58:30:60:2b:c1:3c:46:6a:4f:e4:44:50:
         79:04:87:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtyB4hL2cDksxOPmh5OP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGQyZjY0YzMzNzQ2NWVkMzhkYTVmN2NjNDU4NGRmODdk
NGE3NDQwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTk3OGUzZTEwY2JhMWNkYjcyZDMwOTA4Yzk4Y2FiNTJiMmM3ZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFRN3k+GUYtBlaVo7QIOAAtLJf21
Jw3l0gZ2WBA1Jgtzb7LsT8c+mbM6Y3y3Q6qZsMzbUU6o6mts/PLIKT/hqKfmXAha
gQX7sfVH6nSpxGdFUfzeGKD07UFeJa9v1xBSPwqZPJw308sDusx+GCi72RYHri2l
7ulWlxRGgmhGuB6wCqq/wUwFDK2kvzCSOnaODkE/2JSrdbxahD2GbK8K5/cqoc+O
h1OUd6niosQk0iXjUeRGDrkveW4wjlHCNQWRY/kx/Kf+AHvweO2Pzq2bB2X4TUCd
hvgIpClDnCJvylcTH7QDaIzLJtW6iLqc3rjsUH5Zx0oC3R75L32KejkfzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLqXjj4Qy6HNty0wkIyYyrUrLH0/MB8GA1UdIwQY
MBaAFGaNL2TDN0Ze042l98xFhN+H1KdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm8wdlpNTTNSbDdUamFYM3pFV0UzNGZVcDBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS84MjhiMGYtODBlOC00MjdiLTk3MWQt
MzhiYmNmYWVlNmNlLzEvdXBlT1BoRExvYzIzTFRDUWpKakt0U3NzZlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS84MjhiMGYtODBlOC00MjdiLTk3MWQtMzhiYmNmYWVlNmNl
LzEvWm8wdlpNTTNSbDdUamFYM3pFV0UzNGZVcDBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgC0ADAN
BgkqhkiG9w0BAQsFAAOCAQEAk/uwkLlROPQpMwiopLOjlVHpQj9QxDx3kT2mtR8t
8zDyG1SaW2SrIH8+W3u4DFuca6ChuoUCdnD9zOKXPWWEK7FY9i7EHoVL0iZTO4vJ
bYLwh77uVR/S8i+YKtVICeEXJAeWLdubcJK3z2ptFoMjVftvi1eeHqNZ3yuydwDa
goWcpv9b9OO3sBJwiQyQe8JcUb+O3uIZLYaLbpC4UqYmiKT78pZUmLyhWc/CZgEk
Mb37j3FMMCc7GxoiAPFVS/+ChrEeyBPR+pTjTDWi2BMMh4Jfy/At1/AZYjJtL8Fi
I0K/xztjBEQ31hsCpcl13L3+WDBgK8E8RmpP5ERQeQSHTQ==
-----END CERTIFICATE-----