Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/suZaZtJ8y-Sg16GI0WHrzAvww0w.roa
File:                     suZaZtJ8y-Sg16GI0WHrzAvww0w.roa (raw, json)
Hash identifier:          c3xVfTpval6AC/kTWBM7v+h9QAQ1AjJB2t5N0TB+AxQ=
Subject key identifier:   B2:E6:5A:66:D2:7C:CB:E4:A0:D7:A1:88:D1:61:EB:CC:0B:F0:C3:4C
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       018E8A6E406B4183467AAF22D5558E8C2BB0
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/suZaZtJ8y-Sg16GI0WHrzAvww0w.roa
Signing time:             Fri 29 Mar 2024 13:37:45 +0000
ROA not before:           Fri 29 Mar 2024 13:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45027
IP address blocks:        2a0e:7040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8a:6e:40:6b:41:83:46:7a:af:22:d5:55:8e:8c:2b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Mar 29 13:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2e65a66d27ccbe4a0d7a188d161ebcc0bf0c34c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:52:df:5f:86:33:f6:b5:2a:d0:bd:2a:68:fb:
                    c8:0a:48:1e:d0:19:27:7e:fc:2f:fc:04:cb:ba:ac:
                    fd:10:1c:44:75:1f:2d:d7:3c:bd:c2:d6:f7:89:94:
                    4a:01:65:b9:6b:d8:af:a7:a3:5d:f1:6a:cc:2a:55:
                    68:ec:d3:b7:2f:19:6c:54:1f:89:32:56:f8:68:db:
                    7f:04:a3:ef:bb:df:ae:b8:67:41:40:ee:b4:ff:0e:
                    90:b6:eb:67:b7:7c:31:3d:fd:bf:24:4f:75:97:d9:
                    f8:4d:05:71:82:e5:28:6d:6e:4a:a5:a7:c8:74:27:
                    d8:1a:03:2e:39:66:2b:84:cc:4c:d7:2b:ea:20:31:
                    65:58:65:ba:1f:73:03:d1:d9:f6:64:ae:d3:32:96:
                    33:78:55:4e:fd:21:99:9c:c1:35:31:d7:ba:f7:36:
                    34:8d:71:12:ba:a2:b9:89:3d:74:74:0e:50:cc:d6:
                    3a:18:11:48:82:19:e2:9b:c8:91:88:d7:74:ad:0e:
                    1b:89:c7:f3:d4:b1:a7:aa:1a:c3:4a:9e:64:f6:96:
                    df:10:4f:aa:31:fe:26:99:a2:f8:89:a9:e1:d4:92:
                    0d:da:22:ed:7b:1a:73:be:7c:db:c0:6b:8b:0a:7a:
                    1b:8c:3d:bb:c8:c9:ba:5a:cf:32:c7:6d:87:53:1d:
                    71:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E6:5A:66:D2:7C:CB:E4:A0:D7:A1:88:D1:61:EB:CC:0B:F0:C3:4C
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/suZaZtJ8y-Sg16GI0WHrzAvww0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7040::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:e0:87:4f:6c:c6:d1:41:50:c2:41:dd:79:40:2b:34:c4:06:
         ce:9e:f4:33:44:6b:47:df:54:63:c6:ef:b6:b5:ab:81:03:3c:
         7a:dd:59:d4:f4:99:67:56:ef:e3:a6:cd:5d:e6:62:cc:a4:40:
         72:0c:06:c8:c1:ea:8a:d1:1e:12:c5:32:18:c0:95:ba:4a:fe:
         7b:62:18:67:1b:ce:fc:43:6c:1d:5f:88:1d:08:74:e0:5a:5a:
         fe:22:b0:37:14:f8:60:3d:95:20:11:33:aa:f8:86:7d:2e:3e:
         60:74:c0:f1:0c:33:f1:bb:12:60:fc:82:25:a2:47:42:05:35:
         6a:da:6d:1b:c2:f4:ac:d9:bc:63:4d:35:de:6a:61:8c:24:37:
         54:00:12:95:ce:50:1b:5d:93:12:e4:7d:65:36:23:5c:9f:65:
         17:44:b1:2d:39:89:e6:d2:10:b1:b9:d9:01:b8:c9:9d:6f:94:
         14:f8:66:08:41:14:8a:24:a5:69:39:95:1b:5f:ad:a7:e4:6b:
         84:74:6b:2a:a4:8e:09:9e:0c:a6:65:8c:e6:98:53:55:8e:8f:
         b1:66:30:1d:86:1f:0d:d3:83:05:08:fc:cd:b7:73:01:ca:bb:
         dd:47:2e:b5:a5:d4:32:5b:7e:f3:8a:ef:68:e2:7f:f2:74:20:
         f8:fc:51:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6KbkBrQYNGeq8i1VWOjCuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwMzI5MTMzNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU2NWE2NmQyN2NjYmU0YTBkN2ExODhkMTYxZWJjYzBiZjBjMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFLfX4Yz9rUq0L0qaPvICkge0Bkn
fvwv/ATLuqz9EBxEdR8t1zy9wtb3iZRKAWW5a9ivp6Nd8WrMKlVo7NO3LxlsVB+J
Mlb4aNt/BKPvu9+uuGdBQO60/w6Qtutnt3wxPf2/JE91l9n4TQVxguUobW5KpafI
dCfYGgMuOWYrhMxM1yvqIDFlWGW6H3MD0dn2ZK7TMpYzeFVO/SGZnME1Mde69zY0
jXESuqK5iT10dA5QzNY6GBFIghnim8iRiNd0rQ4bicfz1LGnqhrDSp5k9pbfEE+q
Mf4mmaL4ianh1JIN2iLtexpzvnzbwGuLCnobjD27yMm6Ws8yx22HUx1x4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLLmWmbSfMvkoNehiNFh68wL8MNMMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvc3VaYVp0Sjh5LVNnMTZHSTBXSHJ6QXZ3dzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5wQDAN
BgkqhkiG9w0BAQsFAAOCAQEAG+CHT2zG0UFQwkHdeUArNMQGzp70M0RrR99UY8bv
trWrgQM8et1Z1PSZZ1bv46bNXeZizKRAcgwGyMHqitEeEsUyGMCVukr+e2IYZxvO
/ENsHV+IHQh04Fpa/iKwNxT4YD2VIBEzqviGfS4+YHTA8Qwz8bsSYPyCJaJHQgU1
atptG8L0rNm8Y0013mphjCQ3VAASlc5QG12TEuR9ZTYjXJ9lF0SxLTmJ5tIQsbnZ
AbjJnW+UFPhmCEEUiiSlaTmVG1+tp+RrhHRrKqSOCZ4MpmWM5phTVY6PsWYwHYYf
DdODBQj8zbdzAcq73UcutaXUMlt+84rvaOJ/8nQg+PxRWQ==
-----END CERTIFICATE-----