Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/V4IefJzAo7zfiNjdfPVqnP8dodk.roa
File:                     V4IefJzAo7zfiNjdfPVqnP8dodk.roa (raw, json)
Hash identifier:          s/LpZLuZEKmpoRn5iedxMYeBA+0aXfRfrjIrpF0sNxQ=
Subject key identifier:   57:82:1E:7C:9C:C0:A3:BC:DF:88:D8:DD:7C:F5:6A:9C:FF:1D:A1:D9
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0ED02FBD12A965BBFE432D51FBB3
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/V4IefJzAo7zfiNjdfPVqnP8dodk.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39831
IP address blocks:        2a05:4380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0e:d0:2f:bd:12:a9:65:bb:fe:43:2d:51:fb:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57821e7c9cc0a3bcdf88d8dd7cf56a9cff1da1d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9d:0d:d8:fd:2f:b2:1d:21:ef:de:1c:2d:ab:
                    b9:6c:d1:53:76:e0:5a:d5:5b:97:4f:8f:1f:ef:b9:
                    97:b5:00:73:d2:79:e5:b2:9d:2f:25:7e:3e:cb:aa:
                    12:1f:01:7b:03:f0:cc:2d:3c:50:cf:27:7c:e8:79:
                    59:a4:35:cb:42:2e:fa:0d:43:e0:62:c8:51:23:b7:
                    b4:62:5a:69:21:39:db:36:31:f3:18:c2:8a:b9:ed:
                    bd:5e:2e:5c:b9:e4:88:d7:55:fa:ea:5a:93:5e:3a:
                    fb:ff:e5:33:dd:bc:ec:ea:00:00:a2:f1:e0:58:a0:
                    84:8a:02:c1:bc:25:03:25:9b:11:91:9f:7c:92:67:
                    03:48:29:4c:38:a6:3c:d5:8d:00:eb:f3:67:ed:8e:
                    e4:1c:85:5d:bf:18:dc:10:79:7f:5b:7e:ca:f9:fc:
                    6b:e8:e3:15:81:23:fb:7c:8f:2c:ad:af:bd:77:27:
                    25:0a:3f:26:d8:aa:62:10:4e:41:84:55:5a:86:dc:
                    cc:51:e6:ec:63:cb:55:33:b4:48:65:f6:ce:2e:c0:
                    ff:44:0a:be:13:2f:12:be:53:b1:d4:5f:40:a2:b1:
                    25:1d:db:72:d9:33:9e:46:7b:32:2d:10:09:c7:0b:
                    25:38:a4:46:cb:51:a7:9d:f6:09:e3:c8:0c:79:f1:
                    1b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:82:1E:7C:9C:C0:A3:BC:DF:88:D8:DD:7C:F5:6A:9C:FF:1D:A1:D9
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/V4IefJzAo7zfiNjdfPVqnP8dodk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4380::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:13:95:9e:b8:f4:e2:0a:a1:f1:ba:85:a1:4a:0c:eb:c6:dc:
         6a:c8:23:3e:59:42:d7:4c:3e:e8:40:86:0c:2c:3a:32:3f:29:
         e0:f2:90:12:92:3c:a9:35:7e:46:a8:85:a7:99:f5:bb:49:73:
         46:f2:8f:ed:d1:1d:43:fc:04:30:de:e4:c3:01:4f:b1:72:f5:
         7a:a4:7f:26:5a:0e:47:84:22:49:06:f0:db:ed:60:07:2a:37:
         8e:5d:e6:7f:aa:0e:77:8a:ef:24:55:bd:5f:54:22:05:fb:bc:
         9b:85:de:54:b4:8b:a4:18:e8:bf:86:2c:40:2f:b5:ae:e3:38:
         44:f9:80:79:00:ea:15:fa:62:2e:3b:d5:6f:78:e4:df:eb:3e:
         2c:ee:b9:da:88:06:27:e3:36:88:8c:66:68:f1:43:f0:39:d6:
         3b:fe:ee:52:2a:f0:93:f9:96:97:55:4f:e5:73:45:ed:ef:91:
         2a:0b:23:40:cd:ef:df:02:f8:9e:82:39:9d:24:79:45:6a:29:
         fb:97:07:b1:7b:b8:35:95:59:3a:43:f4:36:ed:e1:ca:f8:42:
         98:ba:04:d0:e8:5f:ae:7c:05:00:b9:f5:1c:cf:36:22:5f:2b:
         5a:bb:16:24:b0:f6:2d:8a:69:86:09:9e:e9:d4:0b:30:28:01:
         60:f6:84:53
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbg7QL70SqWW7/kMtUfuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzgyMWU3YzljYzBhM2JjZGY4OGQ4ZGQ3Y2Y1NmE5Y2ZmMWRhMWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp0N2P0vsh0h794cLau5bNFTduBa
1VuXT48f77mXtQBz0nnlsp0vJX4+y6oSHwF7A/DMLTxQzyd86HlZpDXLQi76DUPg
YshRI7e0YlppITnbNjHzGMKKue29Xi5cueSI11X66lqTXjr7/+Uz3bzs6gAAovHg
WKCEigLBvCUDJZsRkZ98kmcDSClMOKY81Y0A6/Nn7Y7kHIVdvxjcEHl/W37K+fxr
6OMVgSP7fI8sra+9dyclCj8m2KpiEE5BhFVahtzMUebsY8tVM7RIZfbOLsD/RAq+
Ey8SvlOx1F9AorElHdty2TOeRnsyLRAJxwslOKRGy1GnnfYJ48gMefEbpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFeCHnycwKO834jY3Xz1apz/HaHZMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVjRJZWZKekFvN3pmaU5qZGZQVnFuUDhkb2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgVDgDAN
BgkqhkiG9w0BAQsFAAOCAQEALBOVnrj04gqh8bqFoUoM68bcasgjPllC10w+6ECG
DCw6Mj8p4PKQEpI8qTV+RqiFp5n1u0lzRvKP7dEdQ/wEMN7kwwFPsXL1eqR/JloO
R4QiSQbw2+1gByo3jl3mf6oOd4rvJFW9X1QiBfu8m4XeVLSLpBjov4YsQC+1ruM4
RPmAeQDqFfpiLjvVb3jk3+s+LO652ogGJ+M2iIxmaPFD8DnWO/7uUirwk/mWl1VP
5XNF7e+RKgsjQM3v3wL4noI5nSR5RWop+5cHsXu4NZVZOkP0Nu3hyvhCmLoE0Ohf
rnwFALn1HM82Il8rWrsWJLD2LYpphgme6dQLMCgBYPaEUw==
-----END CERTIFICATE-----