Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/1ZUApkpoA4JxbENM9fdLq9RCw6s.roa
File:                     1ZUApkpoA4JxbENM9fdLq9RCw6s.roa (raw, json)
Hash identifier:          ENqCY5S+xeW/zqIKhj0aOu8TaP/f2U9kHEfTysqP98M=
Subject key identifier:   D5:95:00:A6:4A:68:03:82:71:6C:43:4C:F5:F7:4B:AB:D4:42:C3:AB
Certificate issuer:       /CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
Certificate serial:       018CC5013232AAB9C709D79CC4A22247A90A
Authority key identifier: 97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/1ZUApkpoA4JxbENM9fdLq9RCw6s.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41179
IP address blocks:        2a05:a944::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:32:32:aa:b9:c7:09:d7:9c:c4:a2:22:47:a9:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d59500a64a680382716c434cf5f74babd442c3ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d5:ba:3e:4c:3b:00:fc:2b:6d:7e:ee:ca:b7:
                    d1:b9:dd:3f:c1:1f:cc:b2:56:cc:01:62:ac:de:65:
                    af:be:8d:61:03:8f:88:3d:11:38:a1:6e:b4:c4:a2:
                    dc:80:e8:af:60:ff:c4:89:14:ee:80:a7:08:94:67:
                    cc:dc:5b:9f:e4:33:ed:8f:7c:44:5f:8e:dc:88:16:
                    20:23:55:e5:a2:cf:a8:d6:d3:e5:d1:36:d8:58:ce:
                    8a:70:f1:7f:02:5b:d9:f2:98:a0:9a:f6:8b:5f:3e:
                    17:da:09:ea:21:c2:94:c1:1b:0c:57:2f:d7:e1:e1:
                    15:98:ba:a1:c6:e2:02:5c:db:29:5d:c4:5e:d5:48:
                    cf:7b:00:27:ed:c6:f7:91:e9:10:ab:7f:db:5d:36:
                    39:24:c6:b7:1e:39:f8:92:cd:df:a5:63:ea:bf:a5:
                    83:f9:c1:12:d6:e7:45:0d:ea:44:09:9e:99:8d:bf:
                    be:6f:e7:57:75:7c:db:0d:f8:d6:31:57:7c:96:6e:
                    18:13:2e:0b:fd:48:45:ef:7d:38:39:20:41:4b:f1:
                    62:60:a5:53:81:4d:39:a9:65:2c:30:e7:67:f0:93:
                    54:29:a7:89:9d:5a:e3:d8:cd:e8:52:9f:ef:0a:30:
                    94:f0:a7:9b:20:f6:cb:47:ed:06:ce:cc:29:43:10:
                    be:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:95:00:A6:4A:68:03:82:71:6C:43:4C:F5:F7:4B:AB:D4:42:C3:AB
            X509v3 Authority Key Identifier:
                keyid:97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/1ZUApkpoA4JxbENM9fdLq9RCw6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:a944::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:19:22:3c:ce:c9:29:c7:1a:30:6c:32:9f:d3:96:fc:c4:27:
         80:c9:4b:09:58:bb:8d:38:4a:1f:0c:f7:d3:aa:a2:23:66:9d:
         16:74:44:2c:e8:d3:c1:73:a7:c2:d4:83:18:3f:3e:61:50:de:
         4c:e1:3a:66:c5:ec:62:4a:7d:50:11:36:90:b5:b5:e6:95:16:
         7a:6e:43:23:2a:e6:f4:c2:26:37:aa:da:b0:78:0e:72:67:ef:
         d2:47:be:cc:e2:9a:bb:20:45:9b:a6:1a:d7:7a:0a:88:93:1c:
         73:15:98:ff:d7:d3:e5:f6:b0:d4:cd:87:77:da:8a:06:25:ed:
         04:94:41:a0:0d:97:e3:57:f4:6e:01:72:55:25:d6:aa:16:c9:
         f3:00:ac:ad:99:36:a2:8f:40:c8:63:82:40:a4:d5:9a:ae:e3:
         9a:99:0e:93:70:47:e1:5e:cb:e9:9f:11:81:f7:e5:84:ed:d9:
         92:90:43:28:4e:b9:a2:6d:7c:08:7f:2b:f5:17:b5:af:68:c5:
         39:a3:91:0b:17:2f:5f:b5:18:6f:b5:7f:8e:40:0c:ec:9e:67:
         78:2d:e7:93:6c:ae:52:8f:04:ec:5d:44:7a:61:0a:89:e6:df:
         af:67:eb:26:68:4d:cc:6d:f9:aa:4e:98:89:ec:4c:ba:56:ba:
         a1:24:46:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFATIyqrnHCdecxKIiR6kKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YmNiZWU0NGY0Y2VmMDkxOTg1ZTU0NmE2ODU0ZjljY2Iy
YWRhOGEwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk1MDBhNjRhNjgwMzgyNzE2YzQzNGNmNWY3NGJhYmQ0NDJjM2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktW6Pkw7APwrbX7uyrfRud0/wR/M
slbMAWKs3mWvvo1hA4+IPRE4oW60xKLcgOivYP/EiRTugKcIlGfM3Fuf5DPtj3xE
X47ciBYgI1Xlos+o1tPl0TbYWM6KcPF/AlvZ8pigmvaLXz4X2gnqIcKUwRsMVy/X
4eEVmLqhxuICXNspXcRe1UjPewAn7cb3kekQq3/bXTY5JMa3Hjn4ks3fpWPqv6WD
+cES1udFDepECZ6Zjb++b+dXdXzbDfjWMVd8lm4YEy4L/UhF7304OSBBS/FiYKVT
gU05qWUsMOdn8JNUKaeJnVrj2M3oUp/vCjCU8KebIPbLR+0GzswpQxC+YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNWVAKZKaAOCcWxDTPX3S6vUQsOrMB8GA1UdIwQY
MBaAFJe8vuRPTO8JGYXlRqaFT5zLKtqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDd5LTVFOU03d2taaGVWR3BvVlBuTXNxMm9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8wYjJlZWYtNzVlOS00M2IyLTkwODgt
ODMwM2FkMTM3MWRkLzEvMVpVQXBrcG9BNEp4YkVOTTlmZExxOVJDdzZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8wYjJlZWYtNzVlOS00M2IyLTkwODgtODMwM2FkMTM3MWRk
LzEvbDd5LTVFOU03d2taaGVWR3BvVlBuTXNxMm9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWpRAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVGSI8zskpxxowbDKf05b8xCeAyUsJWLuNOEof
DPfTqqIjZp0WdEQs6NPBc6fC1IMYPz5hUN5M4TpmxexiSn1QETaQtbXmlRZ6bkMj
Kub0wiY3qtqweA5yZ+/SR77M4pq7IEWbphrXegqIkxxzFZj/19Pl9rDUzYd32ooG
Je0ElEGgDZfjV/RuAXJVJdaqFsnzAKytmTaij0DIY4JApNWaruOamQ6TcEfhXsvp
nxGB9+WE7dmSkEMoTrmibXwIfyv1F7WvaMU5o5ELFy9ftRhvtX+OQAzsnmd4LeeT
bK5SjwTsXUR6YQqJ5t+vZ+smaE3MbfmqTpiJ7Ey6VrqhJEYA
-----END CERTIFICATE-----