Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/edd984-9b3e-4786-b1cf-60f6fa881845/1/J5mIAqNmjp5cfUYaF2vDwT--haI.roa
File:                     J5mIAqNmjp5cfUYaF2vDwT--haI.roa (raw, json)
Hash identifier:          V7v8Ht0aYNpEsVanir3Tu88Kxa6nfDvA5aIFafiNTzs=
Subject key identifier:   27:99:88:02:A3:66:8E:9E:5C:7D:46:1A:17:6B:C3:C1:3F:BE:85:A2
Certificate issuer:       /CN=183ae8f8887a1309ba54bc4d2761b4b30ea28e49
Certificate serial:       018CC5DBE4DD64C3754FCE0A05409EF6D05A
Authority key identifier: 18:3A:E8:F8:88:7A:13:09:BA:54:BC:4D:27:61:B4:B3:0E:A2:8E:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GDro-Ih6Ewm6VLxNJ2G0sw6ijkk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/edd984-9b3e-4786-b1cf-60f6fa881845/1/J5mIAqNmjp5cfUYaF2vDwT--haI.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54058
IP address blocks:        2a05:2200::/29 maxlen: 29
                          2a07:4e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/edd984-9b3e-4786-b1cf-60f6fa881845/1/GDro-Ih6Ewm6VLxNJ2G0sw6ijkk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/edd984-9b3e-4786-b1cf-60f6fa881845/1/GDro-Ih6Ewm6VLxNJ2G0sw6ijkk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GDro-Ih6Ewm6VLxNJ2G0sw6ijkk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e4:dd:64:c3:75:4f:ce:0a:05:40:9e:f6:d0:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=183ae8f8887a1309ba54bc4d2761b4b30ea28e49
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27998802a3668e9e5c7d461a176bc3c13fbe85a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:85:70:10:73:2f:a1:92:78:5a:67:77:68:ae:
                    55:0d:aa:5f:43:6b:a7:ef:b5:20:ae:d8:e9:e6:b8:
                    68:bd:de:f1:05:16:5f:bf:14:29:83:c1:79:7c:53:
                    bc:be:75:b3:ac:66:51:92:b7:72:98:31:0c:8d:88:
                    e0:d4:a0:5c:7e:20:de:73:95:bc:f0:a9:5d:e1:e6:
                    fb:e7:1d:ea:92:f0:d6:58:77:8a:3c:59:06:42:d3:
                    53:09:29:90:9f:62:dc:0f:5b:7a:24:11:bd:a5:14:
                    4d:44:bd:2d:89:f2:2e:fb:7a:f2:dc:7d:97:27:24:
                    90:b7:eb:51:ef:e3:52:e8:36:ad:f0:5c:4d:2d:c6:
                    ce:ac:a2:56:83:2b:2a:62:51:9c:25:1f:ef:5b:30:
                    38:52:b4:be:94:77:93:d6:85:a2:02:2d:71:e8:5c:
                    2e:e9:44:6e:89:6f:34:89:9b:57:aa:ea:0b:19:49:
                    5c:f8:b6:e9:5b:82:28:87:77:c7:3a:75:fb:be:49:
                    a1:17:4f:bb:6b:bb:3e:22:44:59:39:b3:fd:aa:57:
                    a6:2e:c6:bd:67:76:d8:53:1b:cf:f3:c2:57:92:45:
                    fb:0c:74:6d:2b:86:db:ab:ce:d5:a1:02:8b:b1:bd:
                    8c:c2:60:a8:6d:a1:fc:b1:25:5a:35:56:0e:6d:1f:
                    62:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:99:88:02:A3:66:8E:9E:5C:7D:46:1A:17:6B:C3:C1:3F:BE:85:A2
            X509v3 Authority Key Identifier:
                keyid:18:3A:E8:F8:88:7A:13:09:BA:54:BC:4D:27:61:B4:B3:0E:A2:8E:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GDro-Ih6Ewm6VLxNJ2G0sw6ijkk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/edd984-9b3e-4786-b1cf-60f6fa881845/1/J5mIAqNmjp5cfUYaF2vDwT--haI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/edd984-9b3e-4786-b1cf-60f6fa881845/1/GDro-Ih6Ewm6VLxNJ2G0sw6ijkk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:2200::/29
                  2a07:4e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:2f:61:4e:72:9c:6e:6b:0b:68:4e:38:e5:8b:93:08:9b:c4:
         e9:2f:25:b0:94:c5:ac:0c:85:bc:af:05:8a:87:89:c9:43:c4:
         c2:e3:30:0c:8c:65:8d:36:49:4f:c9:a7:8a:f1:7c:de:52:0b:
         26:f9:f4:fa:fc:29:8f:7b:3c:ae:2a:bd:2d:c6:f7:11:44:00:
         72:75:7b:56:d6:43:9f:72:39:0c:26:53:25:0f:d3:fe:e6:50:
         9d:fd:5c:ee:2a:63:36:9a:7e:86:be:7e:47:dc:80:55:da:8f:
         1d:f9:75:2b:1c:e2:e7:bc:71:77:25:63:17:cd:98:f3:1b:4e:
         25:e9:48:22:89:9a:82:e1:39:1b:01:ca:5d:35:b3:81:d0:a1:
         b9:7b:2c:f0:02:a8:4a:70:83:d1:d0:d6:53:e6:e4:c6:b2:9e:
         0b:04:6e:86:c8:4c:be:9a:3a:a3:74:96:71:0c:e5:16:e2:2e:
         93:ad:6f:73:12:01:76:8b:37:da:6a:e5:e9:41:4f:0d:03:18:
         e6:95:24:1a:57:39:7e:65:72:52:c1:b1:66:d3:f5:db:25:f5:
         13:0b:ab:eb:f7:0d:c5:7c:54:27:94:bc:18:75:ae:71:6c:b9:
         73:11:38:97:35:83:21:3c:fc:f2:06:3d:aa:4c:d4:92:98:84:
         65:e3:09:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF2+TdZMN1T84KBUCe9tBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4M2FlOGY4ODg3YTEzMDliYTU0YmM0ZDI3NjFiNGIzMGVh
MjhlNDkwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzk5ODgwMmEzNjY4ZTllNWM3ZDQ2MWExNzZiYzNjMTNmYmU4NWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIVwEHMvoZJ4Wmd3aK5VDapfQ2un
77Ugrtjp5rhovd7xBRZfvxQpg8F5fFO8vnWzrGZRkrdymDEMjYjg1KBcfiDec5W8
8Kld4eb75x3qkvDWWHeKPFkGQtNTCSmQn2LcD1t6JBG9pRRNRL0tifIu+3ry3H2X
JySQt+tR7+NS6Dat8FxNLcbOrKJWgysqYlGcJR/vWzA4UrS+lHeT1oWiAi1x6Fwu
6URuiW80iZtXquoLGUlc+LbpW4Ioh3fHOnX7vkmhF0+7a7s+IkRZObP9qlemLsa9
Z3bYUxvP88JXkkX7DHRtK4bbq87VoQKLsb2MwmCobaH8sSVaNVYObR9iqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCeZiAKjZo6eXH1GGhdrw8E/voWiMB8GA1UdIwQY
MBaAFBg66PiIehMJulS8TSdhtLMOoo5JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0Ryby1JaDZFd202Vkx4TkoyRzBzdzZpamtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9lZGQ5ODQtOWIzZS00Nzg2LWIxY2Yt
NjBmNmZhODgxODQ1LzEvSjVtSUFxTm1qcDVjZlVZYUYydkR3VC0taGFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9lZGQ5ODQtOWIzZS00Nzg2LWIxY2YtNjBmNmZhODgxODQ1
LzEvR0Ryby1JaDZFd202Vkx4TkoyRzBzdzZpamtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgUiAAMF
AyoHTkAwDQYJKoZIhvcNAQELBQADggEBAF8vYU5ynG5rC2hOOOWLkwibxOkvJbCU
xawMhbyvBYqHiclDxMLjMAyMZY02SU/Jp4rxfN5SCyb59Pr8KY97PK4qvS3G9xFE
AHJ1e1bWQ59yOQwmUyUP0/7mUJ39XO4qYzaafoa+fkfcgFXajx35dSsc4ue8cXcl
YxfNmPMbTiXpSCKJmoLhORsByl01s4HQobl7LPACqEpwg9HQ1lPm5MayngsEbobI
TL6aOqN0lnEM5RbiLpOtb3MSAXaLN9pq5elBTw0DGOaVJBpXOX5lclLBsWbT9dsl
9RMLq+v3DcV8VCeUvBh1rnFsuXMROJc1gyE8/PIGPapM1JKYhGXjCUY=
-----END CERTIFICATE-----