Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/1Qip2LFVDlxWAxfcUIhbBQT-rTc.roa
File:                     1Qip2LFVDlxWAxfcUIhbBQT-rTc.roa (raw, json)
Hash identifier:          ZKRqE22ZUpn+wo+ymdBd7NaILCgM750xJ8LdahZCO4Y=
Subject key identifier:   D5:08:A9:D8:B1:55:0E:5C:56:03:17:DC:50:88:5B:05:04:FE:AD:37
Certificate issuer:       /CN=473163527e83542dce693b16d0aedcd126d3319a
Certificate serial:       018CC56ED3FBFDA2D678F7D6758E9E2D5D93
Authority key identifier: 47:31:63:52:7E:83:54:2D:CE:69:3B:16:D0:AE:DC:D1:26:D3:31:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/1Qip2LFVDlxWAxfcUIhbBQT-rTc.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31479
IP address blocks:        2a04:d700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d3:fb:fd:a2:d6:78:f7:d6:75:8e:9e:2d:5d:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473163527e83542dce693b16d0aedcd126d3319a
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d508a9d8b1550e5c560317dc50885b0504fead37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:28:5e:95:5f:1e:19:16:43:00:9f:38:f6:6a:
                    9b:67:f8:7a:75:bf:0f:5d:82:ae:f4:52:68:a5:02:
                    93:80:36:22:0a:45:df:ce:6b:79:8b:b0:96:43:e9:
                    71:fa:bd:95:06:82:95:0b:91:a9:08:00:9a:d2:bb:
                    9b:8c:13:c3:f0:5e:c4:2f:0f:79:dd:05:49:7d:1d:
                    b9:71:1d:43:01:35:b2:8a:c6:a7:04:d7:19:3c:de:
                    e0:ed:9f:09:a7:66:4d:b7:a1:b1:38:d5:1a:cd:7e:
                    50:4c:87:57:90:9e:7d:16:df:43:67:e3:64:04:5e:
                    f6:85:ce:c2:08:a7:ae:cd:75:7c:96:d9:8b:cc:7e:
                    85:1b:56:46:52:84:84:6e:56:00:d6:f6:6a:3b:2d:
                    71:be:63:d8:12:df:b3:1b:f0:d5:1e:37:7a:04:d2:
                    51:f5:82:9e:d5:fa:ff:f8:2b:05:3f:e6:72:32:8b:
                    7f:f1:ce:24:d9:c3:93:58:0c:d5:64:b2:89:30:cd:
                    c3:a9:a8:3d:b7:93:8d:52:e0:1f:27:1e:43:64:57:
                    b7:bd:90:8e:77:41:29:e6:e5:ea:4b:ef:40:fe:f4:
                    9d:7e:74:a7:33:65:bb:74:cd:73:91:65:5d:76:16:
                    b9:c9:d5:bc:33:e5:f5:1c:ef:46:2a:b1:d5:20:ce:
                    ee:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:08:A9:D8:B1:55:0E:5C:56:03:17:DC:50:88:5B:05:04:FE:AD:37
            X509v3 Authority Key Identifier:
                keyid:47:31:63:52:7E:83:54:2D:CE:69:3B:16:D0:AE:DC:D1:26:D3:31:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/1Qip2LFVDlxWAxfcUIhbBQT-rTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:d700::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:b1:49:8e:75:01:92:ee:48:2a:f8:65:99:1b:43:ba:86:4b:
         98:0f:a9:9a:83:ff:8f:8d:e2:c8:a1:ed:8d:2f:d6:2c:80:a3:
         e0:8f:f5:23:e4:df:3d:52:38:b6:f0:56:99:ff:ae:33:68:12:
         e1:05:50:ba:31:0b:14:c4:13:da:12:bf:e3:c6:a9:46:65:c1:
         2c:fd:c8:7a:3f:51:9a:24:99:b2:88:99:28:91:cc:25:7f:56:
         35:ff:24:45:36:9e:91:7c:fb:e8:00:bd:dd:47:34:3f:cf:41:
         3f:e7:1a:5d:4e:6f:2a:e3:5f:68:df:80:d9:ee:07:6c:1c:3e:
         1a:22:3c:f6:56:9d:50:cd:9b:43:ed:01:cf:4c:eb:cf:49:bb:
         c0:72:23:2b:be:c1:18:71:ee:6c:55:3a:8c:9e:75:a3:63:81:
         91:ac:93:72:64:b6:c6:a6:c8:ca:a2:d4:be:0b:fc:29:f3:f3:
         14:4b:d7:65:d8:42:14:ea:99:54:84:ac:3d:f4:ec:21:d0:a2:
         c0:8c:e7:ce:6f:25:3d:77:46:c4:f6:bf:60:a9:b7:51:10:b9:
         81:b3:e4:9b:ca:7b:8c:ca:c6:7f:9b:71:bb:a3:18:80:a9:46:
         9a:42:60:65:42:f5:e9:c3:bc:57:9a:a6:4d:25:1d:3a:24:b7:
         a6:98:a9:be
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbtP7/aLWePfWdY6eLV2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzE2MzUyN2U4MzU0MmRjZTY5M2IxNmQwYWVkY2QxMjZk
MzMxOWEwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTA4YTlkOGIxNTUwZTVjNTYwMzE3ZGM1MDg4NWIwNTA0ZmVhZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjShelV8eGRZDAJ849mqbZ/h6db8P
XYKu9FJopQKTgDYiCkXfzmt5i7CWQ+lx+r2VBoKVC5GpCACa0rubjBPD8F7ELw95
3QVJfR25cR1DATWyisanBNcZPN7g7Z8Jp2ZNt6GxONUazX5QTIdXkJ59Ft9DZ+Nk
BF72hc7CCKeuzXV8ltmLzH6FG1ZGUoSEblYA1vZqOy1xvmPYEt+zG/DVHjd6BNJR
9YKe1fr/+CsFP+ZyMot/8c4k2cOTWAzVZLKJMM3Dqag9t5ONUuAfJx5DZFe3vZCO
d0Ep5uXqS+9A/vSdfnSnM2W7dM1zkWVddha5ydW8M+X1HO9GKrHVIM7u4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNUIqdixVQ5cVgMX3FCIWwUE/q03MB8GA1UdIwQY
MBaAFEcxY1J+g1Qtzmk7FtCu3NEm0zGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpGalVuNkRWQzNPYVRzVzBLN2MwU2JUTVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hYjIzODktOGQzNi00M2ZlLWFmNDIt
OWEzODQxOTY3MTgxLzEvMVFpcDJMRlZEbHhXQXhmY1VJaGJCUVQtclRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hYjIzODktOGQzNi00M2ZlLWFmNDItOWEzODQxOTY3MTgx
LzEvUnpGalVuNkRWQzNPYVRzVzBLN2MwU2JUTVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgTXADAN
BgkqhkiG9w0BAQsFAAOCAQEAsLFJjnUBku5IKvhlmRtDuoZLmA+pmoP/j43iyKHt
jS/WLICj4I/1I+TfPVI4tvBWmf+uM2gS4QVQujELFMQT2hK/48apRmXBLP3Iej9R
miSZsoiZKJHMJX9WNf8kRTaekXz76AC93Uc0P89BP+caXU5vKuNfaN+A2e4HbBw+
GiI89ladUM2bQ+0Bz0zrz0m7wHIjK77BGHHubFU6jJ51o2OBkayTcmS2xqbIyqLU
vgv8KfPzFEvXZdhCFOqZVISsPfTsIdCiwIznzm8lPXdGxPa/YKm3URC5gbPkm8p7
jMrGf5txu6MYgKlGmkJgZUL16cO8V5qmTSUdOiS3ppipvg==
-----END CERTIFICATE-----