Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XG94-lGgMy6Mw-2p52j25LSFsfU.roa
File:                     XG94-lGgMy6Mw-2p52j25LSFsfU.roa (raw, json)
Hash identifier:          NLwmOvVY47PKYtYaiv5eg+/ECsoq/rTUML0QAMIc/3w=
Subject key identifier:   5C:6F:78:FA:51:A0:33:2E:8C:C3:ED:A9:E7:68:F6:E4:B4:85:B1:F5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0E85ED8880044E2C5F73BC8476CC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XG94-lGgMy6Mw-2p52j25LSFsfU.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39827
IP address blocks:        2a04:3a40::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0e:85:ed:88:80:04:4e:2c:5f:73:bc:84:76:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c6f78fa51a0332e8cc3eda9e768f6e4b485b1f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:28:f1:c7:7c:9b:45:03:f8:d8:f6:c6:42:a7:
                    f5:d5:ef:ea:6c:3d:b6:0e:e1:c1:24:73:ec:67:0d:
                    57:6a:fd:d9:4b:31:92:c1:ca:ca:28:6e:b4:2d:8b:
                    28:de:43:73:71:8a:37:ee:cd:78:87:cf:e6:0b:9e:
                    4a:a7:08:7c:04:22:48:54:64:fd:fd:99:a0:ae:72:
                    92:31:3b:9e:c3:6b:33:ad:56:8c:ea:14:f3:6a:74:
                    04:55:c0:fc:48:1a:a4:f1:91:fd:da:04:be:ca:ca:
                    56:94:63:6b:a0:fc:be:67:7e:6a:f1:4e:c3:ed:79:
                    83:3d:7d:9a:06:35:4a:2c:b5:a8:c2:df:4e:9d:4a:
                    9b:d8:12:92:03:43:e0:de:41:ad:98:93:93:05:d9:
                    70:03:ec:07:d0:30:cc:10:9e:89:cf:98:dc:d0:89:
                    21:ad:e6:74:14:45:29:9d:bc:fd:8b:6a:7d:ec:73:
                    b3:69:cf:c3:16:16:12:84:1f:81:99:1e:e2:20:c3:
                    ad:25:fe:6e:05:0a:95:55:dd:74:d9:c5:c7:c1:32:
                    36:a1:a6:d9:80:a8:b8:94:dd:e7:32:84:68:67:a5:
                    e2:08:98:64:1b:f6:41:45:b8:79:0c:84:3c:96:3d:
                    3f:c8:52:d4:ed:e6:81:e2:48:6f:a1:29:80:9a:c5:
                    d6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:6F:78:FA:51:A0:33:2E:8C:C3:ED:A9:E7:68:F6:E4:B4:85:B1:F5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XG94-lGgMy6Mw-2p52j25LSFsfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:3a40::/33

    Signature Algorithm: sha256WithRSAEncryption
         b0:f7:dd:82:ca:1a:6d:30:ac:4c:d3:32:11:70:5f:7f:53:a6:
         5d:16:72:e6:66:17:06:d8:67:48:c9:5d:cf:9b:42:86:55:e7:
         84:f4:8a:95:51:97:b7:0e:0d:d2:02:ff:6c:80:4d:17:f2:0c:
         8b:b0:53:c0:ad:e0:b4:fe:b1:90:72:25:c6:c1:b8:93:fd:ab:
         71:c1:66:09:99:af:5b:f9:b9:b3:b9:f2:09:ac:6c:01:4d:15:
         c4:58:02:03:43:86:e5:c8:6e:87:50:bf:e5:c9:ef:81:ed:76:
         63:71:a1:4c:99:48:97:60:3b:c8:9a:f4:78:a7:97:dc:94:6b:
         52:3b:20:e6:d3:2e:94:6a:fd:bf:2a:4e:62:dd:7f:2e:3b:d4:
         ef:68:3d:70:f7:a9:8e:9f:f0:28:4f:be:42:79:f9:4b:18:af:
         61:20:a9:4f:24:c7:96:b6:35:ab:fa:71:55:21:8e:8c:55:62:
         53:16:5a:c1:63:ef:8d:22:32:e6:58:f1:7a:de:cb:30:a7:da:
         2e:13:72:14:8a:ca:04:ba:da:ea:d4:64:36:ce:dd:52:f1:2c:
         21:98:37:e1:e0:fc:58:e8:6f:ec:56:5a:57:ac:72:7d:b1:2a:
         6e:77:d6:91:86:b5:06:d4:2e:bd:bc:e6:2f:e6:7e:a4:0a:5d:
         eb:ca:0f:68
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbg6F7YiABE4sX3O8hHbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzZmNzhmYTUxYTAzMzJlOGNjM2VkYTllNzY4ZjZlNGI0ODViMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnijxx3ybRQP42PbGQqf11e/qbD22
DuHBJHPsZw1Xav3ZSzGSwcrKKG60LYso3kNzcYo37s14h8/mC55Kpwh8BCJIVGT9
/ZmgrnKSMTuew2szrVaM6hTzanQEVcD8SBqk8ZH92gS+yspWlGNroPy+Z35q8U7D
7XmDPX2aBjVKLLWowt9OnUqb2BKSA0Pg3kGtmJOTBdlwA+wH0DDMEJ6Jz5jc0Ikh
reZ0FEUpnbz9i2p97HOzac/DFhYShB+BmR7iIMOtJf5uBQqVVd102cXHwTI2oabZ
gKi4lN3nMoRoZ6XiCJhkG/ZBRbh5DIQ8lj0/yFLU7eaB4khvoSmAmsXWswIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFxvePpRoDMujMPtqedo9uS0hbH1MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWEc5NC1sR2dNeTZNdy0ycDUyajI1TFNGc2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgQ6QAAw
DQYJKoZIhvcNAQELBQADggEBALD33YLKGm0wrEzTMhFwX39Tpl0WcuZmFwbYZ0jJ
Xc+bQoZV54T0ipVRl7cODdIC/2yATRfyDIuwU8Ct4LT+sZByJcbBuJP9q3HBZgmZ
r1v5ubO58gmsbAFNFcRYAgNDhuXIbodQv+XJ74HtdmNxoUyZSJdgO8ia9Hinl9yU
a1I7IObTLpRq/b8qTmLdfy471O9oPXD3qY6f8ChPvkJ5+UsYr2EgqU8kx5a2Nav6
cVUhjoxVYlMWWsFj740iMuZY8XreyzCn2i4TchSKygS62urUZDbO3VLxLCGYN+Hg
/Fjob+xWWlescn2xKm531pGGtQbULr285i/mfqQKXevKD2g=
-----END CERTIFICATE-----