Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/unA8eqf0W73hdCHDeKrhpxeKP4g.roa
File:                     unA8eqf0W73hdCHDeKrhpxeKP4g.roa (raw, json)
Hash identifier:          EtT+mKShkiuQrwyb7IDJp6616LOse0IUhiQpE1qBaKo=
Subject key identifier:   BA:70:3C:7A:A7:F4:5B:BD:E1:74:21:C3:78:AA:E1:A7:17:8A:3F:88
Certificate issuer:       /CN=dd4748cd4714a5cc87cafb8430fb81248b094079
Certificate serial:       018CC793DDA9E850784A58EF0E4C5CA35800
Authority key identifier: DD:47:48:CD:47:14:A5:CC:87:CA:FB:84:30:FB:81:24:8B:09:40:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3UdIzUcUpcyHyvuEMPuBJIsJQHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/unA8eqf0W73hdCHDeKrhpxeKP4g.roa
Signing time:             Tue 02 Jan 2024 00:30:05 +0000
ROA not before:           Tue 02 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31343
IP address blocks:        2a04:1d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/3UdIzUcUpcyHyvuEMPuBJIsJQHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/3UdIzUcUpcyHyvuEMPuBJIsJQHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3UdIzUcUpcyHyvuEMPuBJIsJQHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:dd:a9:e8:50:78:4a:58:ef:0e:4c:5c:a3:58:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4748cd4714a5cc87cafb8430fb81248b094079
        Validity
            Not Before: Jan  2 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba703c7aa7f45bbde17421c378aae1a7178a3f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4e:96:f7:b5:a5:4b:c5:a5:38:75:5c:2c:9b:
                    5d:e9:4d:9b:1a:b0:59:e7:d5:29:55:fe:83:44:1f:
                    b2:a5:f8:21:f0:05:36:bc:36:72:39:30:61:80:4c:
                    a8:7c:4d:8c:ff:22:fc:b0:75:e3:10:86:34:6f:b6:
                    ba:03:ba:cd:b9:60:82:44:f8:3c:f1:a1:f1:8d:9b:
                    f5:e5:6b:da:ef:8e:eb:44:1e:d8:32:9a:76:bd:1b:
                    78:34:46:d0:de:72:a5:5e:d1:fc:55:93:b6:60:4b:
                    bf:48:b8:19:60:02:d4:38:b8:64:54:b6:44:0e:6a:
                    ef:59:9b:3e:33:2c:a4:92:f9:80:08:7c:f1:ae:ba:
                    97:3b:63:79:1c:33:d4:73:e0:a4:df:3c:a4:38:4a:
                    4a:80:5d:2f:44:de:a0:4a:68:4d:ed:c1:b0:dd:ee:
                    39:2c:05:e6:c0:3b:1d:a5:a5:d9:e3:26:e0:f5:af:
                    58:ee:54:51:59:dd:39:07:b5:73:bd:98:6e:6a:38:
                    b3:18:3d:d4:bf:5e:09:05:90:da:cb:54:55:76:66:
                    57:ce:4c:30:e7:d3:c9:f4:ed:2f:e8:0c:a4:ba:cf:
                    f0:36:ff:5e:5e:e3:61:ce:d5:a8:1a:fe:80:21:b1:
                    e7:09:b4:44:8f:88:80:8c:4c:6e:30:ae:05:69:5b:
                    3d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:70:3C:7A:A7:F4:5B:BD:E1:74:21:C3:78:AA:E1:A7:17:8A:3F:88
            X509v3 Authority Key Identifier:
                keyid:DD:47:48:CD:47:14:A5:CC:87:CA:FB:84:30:FB:81:24:8B:09:40:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3UdIzUcUpcyHyvuEMPuBJIsJQHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/unA8eqf0W73hdCHDeKrhpxeKP4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/3UdIzUcUpcyHyvuEMPuBJIsJQHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:5a:79:85:aa:71:2d:ac:33:ff:5b:10:d7:70:a6:25:24:0e:
         5d:eb:7c:ac:c0:ad:40:a0:f8:f3:c6:8d:06:2c:88:63:22:59:
         6d:81:06:31:9f:a6:de:81:5e:00:a2:9e:9e:f0:d9:76:30:2c:
         60:a8:0e:62:aa:a6:45:91:c9:34:de:7c:aa:f8:5e:ef:56:36:
         f7:76:7c:47:6c:c7:de:a2:b5:65:11:6f:3d:a5:5d:5c:e0:81:
         d1:46:04:f2:a5:d3:4a:9e:c4:0c:4a:1c:a7:07:c3:e5:35:8e:
         fa:bf:12:45:30:1e:f8:67:eb:36:1b:61:ce:6f:91:c1:eb:98:
         25:f2:5f:de:8e:f5:fe:ed:a5:35:74:18:48:d8:1c:3b:58:2d:
         e5:e6:1f:de:bd:fa:b2:98:cd:91:00:5c:70:a3:b9:3d:09:ff:
         0a:6a:24:4d:be:ba:ca:02:44:61:47:b7:03:0b:78:13:d5:c1:
         bf:0e:66:60:03:7e:50:bb:a8:e3:79:a2:45:c1:f5:84:66:05:
         2d:47:3a:e7:ad:b7:ac:d0:1f:ac:34:af:50:1c:45:68:a7:45:
         9e:8b:43:38:5a:90:7a:c4:a7:67:9c:7e:36:40:93:f9:e3:e9:
         2c:a5:2d:e6:a4:d8:32:69:6f:e5:59:81:7c:75:85:91:0a:c4:
         12:01:16:5c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHk92p6FB4SljvDkxco1gAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNDc0OGNkNDcxNGE1Y2M4N2NhZmI4NDMwZmI4MTI0OGIw
OTQwNzkwHhcNMjQwMTAyMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTcwM2M3YWE3ZjQ1YmJkZTE3NDIxYzM3OGFhZTFhNzE3OGEzZjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE6W97WlS8WlOHVcLJtd6U2bGrBZ
59UpVf6DRB+ypfgh8AU2vDZyOTBhgEyofE2M/yL8sHXjEIY0b7a6A7rNuWCCRPg8
8aHxjZv15Wva747rRB7YMpp2vRt4NEbQ3nKlXtH8VZO2YEu/SLgZYALUOLhkVLZE
DmrvWZs+MyykkvmACHzxrrqXO2N5HDPUc+Ck3zykOEpKgF0vRN6gSmhN7cGw3e45
LAXmwDsdpaXZ4ybg9a9Y7lRRWd05B7VzvZhuajizGD3Uv14JBZDay1RVdmZXzkww
59PJ9O0v6Aykus/wNv9eXuNhztWoGv6AIbHnCbREj4iAjExuMK4FaVs92wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLpwPHqn9Fu94XQhw3iq4acXij+IMB8GA1UdIwQY
MBaAFN1HSM1HFKXMh8r7hDD7gSSLCUB5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1VkSXpVY1VwY3lIeXZ1RU1QdUJKSXNKUUhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80YzU1YWYtNWU5Yi00MTk3LTg2ZmIt
Mzc1NDVkYTA1NmJkLzEvdW5BOGVxZjBXNzNoZENIRGVLcmhweGVLUDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80YzU1YWYtNWU5Yi00MTk3LTg2ZmItMzc1NDVkYTA1NmJk
LzEvM1VkSXpVY1VwY3lIeXZ1RU1QdUJKSXNKUUhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgQdADAN
BgkqhkiG9w0BAQsFAAOCAQEAKVp5hapxLawz/1sQ13CmJSQOXet8rMCtQKD488aN
BiyIYyJZbYEGMZ+m3oFeAKKenvDZdjAsYKgOYqqmRZHJNN58qvhe71Y293Z8R2zH
3qK1ZRFvPaVdXOCB0UYE8qXTSp7EDEocpwfD5TWO+r8SRTAe+GfrNhthzm+RweuY
JfJf3o71/u2lNXQYSNgcO1gt5eYf3r36spjNkQBccKO5PQn/CmokTb66ygJEYUe3
Awt4E9XBvw5mYAN+ULuo43miRcH1hGYFLUc65623rNAfrDSvUBxFaKdFnotDOFqQ
esSnZ5x+NkCT+ePpLKUt5qTYMmlv5VmBfHWFkQrEEgEWXA==
-----END CERTIFICATE-----