Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/lctVlwiErRJrLaPVNil-g0A-cR0.roa
File:                     lctVlwiErRJrLaPVNil-g0A-cR0.roa (raw, json)
Hash identifier:          QcfrbI/yyiaMGtvcWfsV7169CalZT3TEBGBBHOpBCmM=
Subject key identifier:   95:CB:55:97:08:84:AD:12:6B:2D:A3:D5:36:29:7E:83:40:3E:71:1D
Certificate issuer:       /CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
Certificate serial:       018CC5DC6C90348BAF07258FF2D69673911D
Authority key identifier: 0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/lctVlwiErRJrLaPVNil-g0A-cR0.roa
Signing time:             Mon 01 Jan 2024 16:30:06 +0000
ROA not before:           Mon 01 Jan 2024 16:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210960
IP address blocks:        2a0e:b704::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 07:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6c:90:34:8b:af:07:25:8f:f2:d6:96:73:91:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a30b635d357468d7f932d3e1f59d5373cf9f465
        Validity
            Not Before: Jan  1 16:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95cb55970884ad126b2da3d536297e83403e711d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2f:57:82:e6:87:fa:3f:5e:a7:90:d5:5a:dc:
                    6c:1e:0d:10:c7:02:6b:55:18:eb:b8:98:7c:37:ed:
                    7c:ed:35:e0:3e:71:e0:67:d5:93:6a:1b:86:d4:53:
                    19:b4:f7:6c:b7:d0:64:f6:56:6b:af:76:ae:91:dd:
                    2e:81:a1:54:18:64:21:d3:fd:2d:e9:17:94:a8:5c:
                    6d:e6:41:65:8c:fa:82:72:02:8d:b3:4e:7c:ef:17:
                    02:62:1b:f4:f2:39:d5:23:ef:a3:39:be:f9:96:7b:
                    1a:c4:80:80:3d:fc:7c:41:a9:f3:9d:31:fd:92:7b:
                    96:35:0b:04:3a:4a:93:5e:aa:93:68:d5:49:31:6f:
                    a4:4c:4d:93:7d:e6:37:e1:36:27:95:42:53:7d:4e:
                    68:90:6f:df:33:0b:1b:33:04:e3:2f:b1:e7:e3:68:
                    d3:1a:ce:64:f2:d8:0b:b6:bd:2c:40:a3:72:4c:7c:
                    4c:c1:e3:e2:f4:46:b2:ae:4e:17:83:b2:76:21:d6:
                    ce:51:ac:3b:c7:a6:30:14:d4:d1:15:1f:54:6f:71:
                    1e:9b:9e:45:cd:ff:69:2d:3d:73:be:5d:44:6a:30:
                    b8:f4:72:10:db:48:17:db:e6:55:09:2e:f9:b9:84:
                    25:12:8e:43:6b:46:f2:0a:f3:54:2f:b5:55:ad:e3:
                    e3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:CB:55:97:08:84:AD:12:6B:2D:A3:D5:36:29:7E:83:40:3E:71:1D
            X509v3 Authority Key Identifier:
                keyid:0A:30:B6:35:D3:57:46:8D:7F:93:2D:3E:1F:59:D5:37:3C:F9:F4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjC2NdNXRo1_ky0-H1nVNzz59GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/lctVlwiErRJrLaPVNil-g0A-cR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1785f1-ae23-40f0-83f2-6def398ce5c9/1/CjC2NdNXRo1_ky0-H1nVNzz59GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b704::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:bf:49:27:59:5f:3c:9a:8b:d9:5f:16:65:d3:17:4c:22:f3:
         81:13:86:c3:92:53:81:4a:0c:97:3c:0e:d6:e1:a1:a9:b0:a5:
         bb:d6:e6:26:18:df:64:cc:c9:fe:e2:0d:fc:5e:c0:f7:8d:ff:
         ab:67:28:cd:38:5e:5d:40:a9:ef:0b:c0:fa:b3:ec:ae:e5:19:
         09:fa:8c:23:14:9f:30:47:c8:e3:d1:ba:df:c6:12:b3:ea:05:
         0d:e7:6a:98:2e:4c:55:d6:cc:89:95:f7:79:39:54:fc:ab:c2:
         9f:56:3c:91:a9:4c:a0:8a:a0:31:41:4b:88:38:ce:22:0e:b5:
         41:f2:72:e2:ad:3d:76:a3:84:17:bc:1a:7b:67:f5:89:77:ee:
         53:b5:33:84:e0:30:4f:85:21:10:3f:6f:44:69:07:ad:34:7c:
         00:e2:f3:2d:3b:0a:89:33:26:bd:52:6b:06:c6:3d:42:ed:65:
         84:5e:60:7f:7c:f5:07:d3:cc:17:7d:2c:42:70:4a:79:ab:a6:
         af:00:53:4e:d7:f1:3b:1f:c5:d3:c7:ed:c8:97:5a:65:fc:7a:
         5a:e9:d6:8e:c8:06:81:8f:e9:88:70:fa:95:96:ce:05:63:b6:
         4c:22:dd:65:0b:fa:77:7a:ff:44:9f:3a:ae:07:58:2e:ca:13:
         ab:f2:82:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3GyQNIuvByWP8taWc5EdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzBiNjM1ZDM1NzQ2OGQ3ZjkzMmQzZTFmNTlkNTM3M2Nm
OWY0NjUwHhcNMjQwMTAxMTYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWNiNTU5NzA4ODRhZDEyNmIyZGEzZDUzNjI5N2U4MzQwM2U3MTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui9XguaH+j9ep5DVWtxsHg0QxwJr
VRjruJh8N+187TXgPnHgZ9WTahuG1FMZtPdst9Bk9lZrr3aukd0ugaFUGGQh0/0t
6ReUqFxt5kFljPqCcgKNs0587xcCYhv08jnVI++jOb75lnsaxICAPfx8QanznTH9
knuWNQsEOkqTXqqTaNVJMW+kTE2TfeY34TYnlUJTfU5okG/fMwsbMwTjL7Hn42jT
Gs5k8tgLtr0sQKNyTHxMwePi9Eayrk4Xg7J2IdbOUaw7x6YwFNTRFR9Ub3Eem55F
zf9pLT1zvl1EajC49HIQ20gX2+ZVCS75uYQlEo5Da0byCvNUL7VVrePjDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJXLVZcIhK0Say2j1TYpfoNAPnEdMB8GA1UdIwQY
MBaAFAowtjXTV0aNf5MtPh9Z1Tc8+fRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjIt
NmRlZjM5OGNlNWM5LzEvbGN0Vmx3aUVyUkpyTGFQVk5pbC1nMEEtY1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xNzg1ZjEtYWUyMy00MGYwLTgzZjItNmRlZjM5OGNlNWM5
LzEvQ2pDMk5kTlhSbzFfa3kwLUgxblZOeno1OUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg63BDAN
BgkqhkiG9w0BAQsFAAOCAQEAaL9JJ1lfPJqL2V8WZdMXTCLzgROGw5JTgUoMlzwO
1uGhqbClu9bmJhjfZMzJ/uIN/F7A943/q2cozTheXUCp7wvA+rPsruUZCfqMIxSf
MEfI49G638YSs+oFDedqmC5MVdbMiZX3eTlU/KvCn1Y8kalMoIqgMUFLiDjOIg61
QfJy4q09dqOEF7wae2f1iXfuU7UzhOAwT4UhED9vRGkHrTR8AOLzLTsKiTMmvVJr
BsY9Qu1lhF5gf3z1B9PMF30sQnBKeaumrwBTTtfxOx/F08ftyJdaZfx6WunWjsgG
gY/piHD6lZbOBWO2TCLdZQv6d3r/RJ86rgdYLsoTq/KCUA==
-----END CERTIFICATE-----