Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/PswHu72EXw-9uVwXFSkur3b8WUo.roa
File:                     PswHu72EXw-9uVwXFSkur3b8WUo.roa (raw, json)
Hash identifier:          U1MGzETJsMRdLoLvQpIYrFdD62RfExlGvaak4z7I4Cg=
Subject key identifier:   3E:CC:07:BB:BD:84:5F:0F:BD:B9:5C:17:15:29:2E:AF:76:FC:59:4A
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       018CC26D33D4924AE45F735FD2716DD9698D
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/PswHu72EXw-9uVwXFSkur3b8WUo.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        2a0d:3900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:33:d4:92:4a:e4:5f:73:5f:d2:71:6d:d9:69:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ecc07bbbd845f0fbdb95c1715292eaf76fc594a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:a0:d8:1a:98:00:42:6b:a6:2e:3e:51:2e:
                    9c:d0:19:3f:b5:48:5d:98:7c:b3:79:33:d1:c2:b8:
                    53:04:d0:8b:9c:7e:09:c6:66:dc:44:00:ef:ad:09:
                    e6:7c:0d:9b:61:f4:ac:67:18:bd:7d:e3:ad:50:41:
                    72:1d:14:7e:d8:c0:f2:96:d1:b2:8e:02:c1:2d:38:
                    0a:e1:16:ad:84:ca:ca:01:0f:b6:ff:ed:5d:97:f6:
                    08:4e:e1:57:a0:27:b3:aa:c5:0f:28:d8:a8:10:a0:
                    48:88:d3:ed:7b:f3:e0:a8:83:5d:cc:db:b1:72:dc:
                    22:38:35:62:74:ce:7a:cd:fc:1b:1a:34:fb:6a:78:
                    12:59:27:50:be:2a:68:07:fd:d2:5a:69:c4:80:f6:
                    9e:bf:e5:5b:a7:6f:4e:3d:51:f4:1e:7f:f9:1e:a3:
                    15:a8:1c:f8:88:b4:70:24:47:aa:5a:d0:a0:95:4b:
                    bd:62:ac:fe:20:98:79:04:1e:c6:5f:b9:dd:75:da:
                    a6:a9:5a:8f:ac:28:6c:1f:06:17:36:07:b6:61:21:
                    cc:18:0e:30:d8:d7:c3:29:ce:b2:ec:cf:09:c9:1b:
                    3b:00:09:4a:1f:d0:71:6e:e8:1b:70:04:0d:92:e6:
                    d5:ce:22:90:79:28:52:8b:57:d6:bd:0d:72:64:c4:
                    9c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:CC:07:BB:BD:84:5F:0F:BD:B9:5C:17:15:29:2E:AF:76:FC:59:4A
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/PswHu72EXw-9uVwXFSkur3b8WUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3900::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:26:4e:dc:c9:44:57:07:fc:97:25:67:f6:e3:af:2c:53:b4:
         f0:88:49:ec:2c:13:44:1b:85:a3:c8:d5:be:3a:f2:6f:2b:c2:
         77:2e:fc:f0:13:ff:5f:7c:0d:78:d3:b4:89:c0:08:21:af:eb:
         ba:b3:d5:55:22:8b:9b:de:0d:24:fb:01:35:c0:b6:68:69:97:
         ef:0b:d0:13:47:fc:05:6d:11:7b:e6:e7:a4:9e:51:e5:c8:6f:
         dc:28:6a:97:02:d0:41:24:a6:ba:94:60:7a:d9:93:04:a3:2d:
         3f:79:f2:44:69:a0:62:a5:28:c4:8c:d9:66:41:8d:7b:2f:37:
         5b:16:d2:1f:f5:06:88:16:7f:42:f9:24:ac:dd:b8:ee:81:bd:
         f3:0c:7e:15:f8:6a:bd:c4:ef:dd:85:d8:ca:9e:0b:32:89:e9:
         4b:e3:d2:3b:3c:03:6e:2c:3d:79:69:b8:1e:2a:f3:92:02:1f:
         87:d2:2d:35:fd:ec:49:32:20:0a:49:51:d5:06:e5:33:fb:55:
         53:27:df:c3:eb:28:07:35:aa:71:4f:32:d4:91:2c:e9:8c:d1:
         21:72:fb:fe:57:59:6f:74:29:30:95:4d:86:50:3b:57:83:fe:
         be:38:52:25:99:2e:76:a2:ca:e6:d0:83:96:bd:b5:36:89:4a:
         30:7d:33:b7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbTPUkkrkX3Nf0nFt2WmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWNjMDdiYmJkODQ1ZjBmYmRiOTVjMTcxNTI5MmVhZjc2ZmM1OTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxWg2BqYAEJrpi4+US6c0Bk/tUhd
mHyzeTPRwrhTBNCLnH4JxmbcRADvrQnmfA2bYfSsZxi9feOtUEFyHRR+2MDyltGy
jgLBLTgK4RathMrKAQ+2/+1dl/YITuFXoCezqsUPKNioEKBIiNPte/PgqINdzNux
ctwiODVidM56zfwbGjT7angSWSdQvipoB/3SWmnEgPaev+Vbp29OPVH0Hn/5HqMV
qBz4iLRwJEeqWtCglUu9Yqz+IJh5BB7GX7ndddqmqVqPrChsHwYXNge2YSHMGA4w
2NfDKc6y7M8JyRs7AAlKH9BxbugbcAQNkubVziKQeShSi1fWvQ1yZMScaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD7MB7u9hF8PvblcFxUpLq92/FlKMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvUHN3SHU3MkVYdy05dVZ3WEZTa3VyM2I4V1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg05ADAN
BgkqhkiG9w0BAQsFAAOCAQEAiCZO3MlEVwf8lyVn9uOvLFO08IhJ7CwTRBuFo8jV
vjrybyvCdy788BP/X3wNeNO0icAIIa/rurPVVSKLm94NJPsBNcC2aGmX7wvQE0f8
BW0Re+bnpJ5R5chv3ChqlwLQQSSmupRgetmTBKMtP3nyRGmgYqUoxIzZZkGNey83
WxbSH/UGiBZ/QvkkrN247oG98wx+FfhqvcTv3YXYyp4LMonpS+PSOzwDbiw9eWm4
HirzkgIfh9ItNf3sSTIgCklR1QblM/tVUyffw+soBzWqcU8y1JEs6YzRIXL7/ldZ
b3QpMJVNhlA7V4P+vjhSJZkudqLK5tCDlr21NolKMH0ztw==
-----END CERTIFICATE-----