Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/df0b7a-68b3-47d5-b671-df27f10c7097/1/20GXTANrkWw7HA32B3sHGLw2mDw.roa
File:                     20GXTANrkWw7HA32B3sHGLw2mDw.roa (raw, json)
Hash identifier:          roOnjyGlc+xGAQu7zfE28QHfURp5NiSDecKrNG0Aewc=
Subject key identifier:   DB:41:97:4C:03:6B:91:6C:3B:1C:0D:F6:07:7B:07:18:BC:36:98:3C
Certificate issuer:       /CN=5f5ed9921c63bf10db084bad332ea9ff9f8199e6
Certificate serial:       018CC348E05C9FC9595B1C78C08B663F3C62
Authority key identifier: 5F:5E:D9:92:1C:63:BF:10:DB:08:4B:AD:33:2E:A9:FF:9F:81:99:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X17ZkhxjvxDbCEutMy6p_5-BmeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/df0b7a-68b3-47d5-b671-df27f10c7097/1/20GXTANrkWw7HA32B3sHGLw2mDw.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44529
IP address blocks:        2a14:4e80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/df0b7a-68b3-47d5-b671-df27f10c7097/1/X17ZkhxjvxDbCEutMy6p_5-BmeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/df0b7a-68b3-47d5-b671-df27f10c7097/1/X17ZkhxjvxDbCEutMy6p_5-BmeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X17ZkhxjvxDbCEutMy6p_5-BmeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e0:5c:9f:c9:59:5b:1c:78:c0:8b:66:3f:3c:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f5ed9921c63bf10db084bad332ea9ff9f8199e6
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db41974c036b916c3b1c0df6077b0718bc36983c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:65:db:76:c3:29:e6:07:c1:d2:db:41:3d:79:
                    43:30:18:f9:10:f4:d6:7f:4a:39:75:a4:be:5e:69:
                    43:00:04:b5:a2:fb:d2:f4:83:4f:6c:2d:ea:94:86:
                    31:8b:2a:4d:18:cd:63:78:ad:ff:11:13:42:2a:7e:
                    31:7d:77:e1:f6:0f:52:73:ab:d6:59:96:17:6c:88:
                    50:50:f4:78:c6:02:67:30:48:59:1f:c0:50:dd:fb:
                    64:24:f6:e9:81:06:d7:db:93:0e:51:63:1c:a6:24:
                    59:98:e0:ec:fe:02:6c:4d:bf:14:fe:fd:19:f9:ad:
                    7e:64:93:ed:16:73:7f:c9:e5:62:d7:57:15:f4:ac:
                    69:bc:f5:6e:89:ec:05:bf:83:53:9e:50:10:5c:87:
                    ba:25:4e:41:fa:f4:bb:f6:84:e1:ef:c7:9c:7a:f8:
                    c5:d4:bc:81:8f:77:e7:f0:7b:94:e3:bc:6f:ea:c6:
                    5c:dd:1d:2e:ad:c4:40:07:99:88:7c:b6:40:bd:ea:
                    c9:c9:94:bb:9c:25:00:ac:32:e6:ae:12:0d:53:8f:
                    db:be:27:cc:d7:f1:f5:ad:0f:06:2f:87:ae:04:e9:
                    d1:a7:be:6d:ed:a2:fa:d4:81:6f:d3:c9:ae:f5:4a:
                    84:c3:01:1e:43:4b:86:99:47:2e:26:ee:84:1b:f6:
                    43:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:41:97:4C:03:6B:91:6C:3B:1C:0D:F6:07:7B:07:18:BC:36:98:3C
            X509v3 Authority Key Identifier:
                keyid:5F:5E:D9:92:1C:63:BF:10:DB:08:4B:AD:33:2E:A9:FF:9F:81:99:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X17ZkhxjvxDbCEutMy6p_5-BmeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/df0b7a-68b3-47d5-b671-df27f10c7097/1/20GXTANrkWw7HA32B3sHGLw2mDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/df0b7a-68b3-47d5-b671-df27f10c7097/1/X17ZkhxjvxDbCEutMy6p_5-BmeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:85:db:fb:a3:4b:78:81:45:de:06:1d:50:cf:fa:bb:0a:a4:
         71:fd:07:24:86:36:e6:ef:a1:ca:28:d1:66:35:81:f4:a1:c9:
         c6:02:18:bb:6c:ca:75:d2:ac:9c:8b:bf:29:9a:58:97:90:4f:
         07:41:1f:25:3f:cb:76:bf:4a:e0:d0:e5:ef:58:81:f8:b2:c7:
         70:ac:c7:91:e5:8b:02:1d:32:72:80:a9:87:c3:ba:df:69:9c:
         f0:60:1c:9d:56:be:b1:ef:45:83:22:5d:35:0c:cf:e8:c1:58:
         d3:96:f9:1d:b3:30:73:1c:29:83:89:a7:d0:e1:01:64:84:c0:
         41:43:d1:58:c7:5c:f5:d7:49:44:32:2f:20:2c:a6:a3:8a:29:
         a1:8d:a6:e0:5c:a0:0f:cc:1b:12:47:9b:b0:b5:8d:ab:96:74:
         8a:96:eb:d6:d8:5a:b4:fa:17:bc:19:b2:8a:af:36:b9:56:4d:
         c1:de:c8:8d:ff:4a:87:85:b3:ef:43:db:60:ff:dd:76:d0:3a:
         5f:1a:a3:9e:c9:b8:b1:e3:c5:37:a9:58:fa:9b:f6:de:ce:71:
         4b:54:b0:de:2b:88:24:98:51:68:89:2b:6d:73:7a:43:12:1b:
         96:8c:28:72:57:33:fb:a9:61:1b:9f:04:d1:3e:fe:17:70:58:
         0b:15:d3:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSOBcn8lZWxx4wItmPzxiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNWVkOTkyMWM2M2JmMTBkYjA4NGJhZDMzMmVhOWZmOWY4
MTk5ZTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQxOTc0YzAzNmI5MTZjM2IxYzBkZjYwNzdiMDcxOGJjMzY5ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWXbdsMp5gfB0ttBPXlDMBj5EPTW
f0o5daS+XmlDAAS1ovvS9INPbC3qlIYxiypNGM1jeK3/ERNCKn4xfXfh9g9Sc6vW
WZYXbIhQUPR4xgJnMEhZH8BQ3ftkJPbpgQbX25MOUWMcpiRZmODs/gJsTb8U/v0Z
+a1+ZJPtFnN/yeVi11cV9KxpvPVuiewFv4NTnlAQXIe6JU5B+vS79oTh78ecevjF
1LyBj3fn8HuU47xv6sZc3R0urcRAB5mIfLZAverJyZS7nCUArDLmrhINU4/bvifM
1/H1rQ8GL4euBOnRp75t7aL61IFv08mu9UqEwwEeQ0uGmUcuJu6EG/ZDYwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNtBl0wDa5FsOxwN9gd7Bxi8Npg8MB8GA1UdIwQY
MBaAFF9e2ZIcY78Q2whLrTMuqf+fgZnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDE3WmtoeGp2eERiQ0V1dE15NnBfNS1CbWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9kZjBiN2EtNjhiMy00N2Q1LWI2NzEt
ZGYyN2YxMGM3MDk3LzEvMjBHWFRBTnJrV3c3SEEzMkIzc0hHTHcybUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9kZjBiN2EtNjhiMy00N2Q1LWI2NzEtZGYyN2YxMGM3MDk3
LzEvWDE3WmtoeGp2eERiQ0V1dE15NnBfNS1CbWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhROgDAN
BgkqhkiG9w0BAQsFAAOCAQEAVIXb+6NLeIFF3gYdUM/6uwqkcf0HJIY25u+hyijR
ZjWB9KHJxgIYu2zKddKsnIu/KZpYl5BPB0EfJT/Ldr9K4NDl71iB+LLHcKzHkeWL
Ah0ycoCph8O632mc8GAcnVa+se9FgyJdNQzP6MFY05b5HbMwcxwpg4mn0OEBZITA
QUPRWMdc9ddJRDIvICymo4opoY2m4FygD8wbEkebsLWNq5Z0ipbr1thatPoXvBmy
iq82uVZNwd7Ijf9Kh4Wz70PbYP/ddtA6Xxqjnsm4sePFN6lY+pv23s5xS1Sw3iuI
JJhRaIkrbXN6QxIblowoclcz+6lhG58E0T7+F3BYCxXTUA==
-----END CERTIFICATE-----