Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/0wHpflQI31kShgib9usWCa7OqTc.roa
File:                     0wHpflQI31kShgib9usWCa7OqTc.roa (raw, json)
Hash identifier:          ygVcjqDZInZ09D1qOVG6xH2HYLeP60g26d7nIWj8JtI=
Subject key identifier:   D3:01:E9:7E:54:08:DF:59:12:86:08:9B:F6:EB:16:09:AE:CE:A9:37
Certificate issuer:       /CN=acde2358f57439c44f6b1662f55615a0aab6bacb
Certificate serial:       018CC94C07D3E32EDE17DA52498794FF5927
Authority key identifier: AC:DE:23:58:F5:74:39:C4:4F:6B:16:62:F5:56:15:A0:AA:B6:BA:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rN4jWPV0OcRPaxZi9VYVoKq2uss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/0wHpflQI31kShgib9usWCa7OqTc.roa
Signing time:             Tue 02 Jan 2024 08:30:52 +0000
ROA not before:           Tue 02 Jan 2024 08:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202204
IP address blocks:        2a09:5c0::/29 maxlen: 48
                          2a00:ea0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/rN4jWPV0OcRPaxZi9VYVoKq2uss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/rN4jWPV0OcRPaxZi9VYVoKq2uss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rN4jWPV0OcRPaxZi9VYVoKq2uss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:07:d3:e3:2e:de:17:da:52:49:87:94:ff:59:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acde2358f57439c44f6b1662f55615a0aab6bacb
        Validity
            Not Before: Jan  2 08:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d301e97e5408df591286089bf6eb1609aecea937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:72:c4:0e:96:cd:62:d6:ae:f5:b5:49:b8:82:
                    c8:2e:3e:5c:5e:fb:ad:df:b2:bd:11:2f:95:5b:1e:
                    08:0d:66:33:20:09:96:61:9b:15:ea:8e:f2:74:a9:
                    48:3e:97:71:10:fe:aa:f2:42:09:e1:97:0c:3e:cc:
                    0f:c2:6f:5c:2b:aa:45:a2:ff:9c:f4:6f:b4:d8:00:
                    6f:1c:72:cc:3e:92:75:d7:5a:89:e5:6d:dc:26:e8:
                    ed:31:47:a4:7f:ef:47:36:73:ba:8b:e8:3f:61:c3:
                    fa:2c:76:55:02:fa:e4:b2:a0:17:9c:fa:a4:41:90:
                    a0:bc:f1:95:c1:d4:1f:56:29:11:b1:e3:68:cc:02:
                    f5:da:a7:cd:6b:2f:54:75:12:57:e7:c7:10:92:a8:
                    a6:e7:fd:81:cb:1d:27:f7:f8:10:3e:d3:f5:f9:89:
                    a4:0e:4d:47:84:8b:82:d1:95:29:10:5a:c7:d0:80:
                    6e:80:23:19:28:76:e9:3c:2d:2b:62:bd:11:d7:dd:
                    0e:85:05:f7:81:a0:6d:ea:22:39:30:eb:97:9a:38:
                    e4:f3:fa:f9:6a:58:e5:98:00:91:c0:68:08:8d:95:
                    ad:15:97:3a:cc:9f:2e:a2:7d:e4:ba:56:11:e1:c4:
                    6b:c3:84:26:a9:a3:1e:ae:82:22:e6:00:6e:9e:15:
                    49:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:01:E9:7E:54:08:DF:59:12:86:08:9B:F6:EB:16:09:AE:CE:A9:37
            X509v3 Authority Key Identifier:
                keyid:AC:DE:23:58:F5:74:39:C4:4F:6B:16:62:F5:56:15:A0:AA:B6:BA:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rN4jWPV0OcRPaxZi9VYVoKq2uss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/0wHpflQI31kShgib9usWCa7OqTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/rN4jWPV0OcRPaxZi9VYVoKq2uss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ea0::/29
                  2a09:5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:9d:fb:37:9f:a2:34:e3:c2:5b:3f:87:a7:65:d8:fd:fc:d1:
         5c:e5:47:01:90:b6:77:dc:1f:0a:66:e7:af:8d:c1:fd:6f:9a:
         12:5b:8f:6c:3e:a9:29:61:c9:f3:94:03:7d:a1:8a:4a:3e:ba:
         44:e6:cc:4c:46:d3:2f:6d:b5:6d:d1:c1:e7:91:09:e3:94:37:
         d7:6f:fe:e9:31:d4:c6:ac:f1:55:93:65:08:3e:17:24:46:69:
         e7:1e:c2:15:95:a5:ef:fd:ac:69:79:c5:63:0c:4c:aa:e9:9a:
         b0:bc:71:b9:08:09:68:59:e4:be:d4:d5:2c:8c:f0:87:a8:b2:
         a5:5b:de:b9:74:3f:92:f4:ce:30:d6:65:f4:b5:a3:37:fc:93:
         55:86:6a:21:96:19:b6:b9:e0:f6:2e:7f:e0:ae:56:31:5f:c2:
         5e:8d:db:9d:cb:1d:0b:9c:db:e2:70:53:fc:b0:33:75:aa:32:
         d3:b2:3d:e1:50:32:03:c8:0c:91:72:ef:0a:5b:85:98:24:3b:
         40:81:7b:8c:eb:88:c7:ee:ef:88:f0:96:c7:89:61:55:b3:72:
         ae:90:6e:4a:03:7e:4e:6d:94:d2:c9:c8:bd:45:c7:3c:b4:70:
         80:f6:a5:ed:22:81:6d:07:74:a2:0a:ad:3c:cd:02:ff:cf:80:
         1f:0e:cd:0b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTAfT4y7eF9pSSYeU/1knMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZGUyMzU4ZjU3NDM5YzQ0ZjZiMTY2MmY1NTYxNWEwYWFi
NmJhY2IwHhcNMjQwMTAyMDgzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzAxZTk3ZTU0MDhkZjU5MTI4NjA4OWJmNmViMTYwOWFlY2VhOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnLEDpbNYtau9bVJuILILj5cXvut
37K9ES+VWx4IDWYzIAmWYZsV6o7ydKlIPpdxEP6q8kIJ4ZcMPswPwm9cK6pFov+c
9G+02ABvHHLMPpJ111qJ5W3cJujtMUekf+9HNnO6i+g/YcP6LHZVAvrksqAXnPqk
QZCgvPGVwdQfVikRseNozAL12qfNay9UdRJX58cQkqim5/2Byx0n9/gQPtP1+Ymk
Dk1HhIuC0ZUpEFrH0IBugCMZKHbpPC0rYr0R190OhQX3gaBt6iI5MOuXmjjk8/r5
aljlmACRwGgIjZWtFZc6zJ8uon3kulYR4cRrw4QmqaMeroIi5gBunhVJ2QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNMB6X5UCN9ZEoYIm/brFgmuzqk3MB8GA1UdIwQY
MBaAFKzeI1j1dDnET2sWYvVWFaCqtrrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck40aldQVjBPY1JQYXhaaTlWWVZvS3EydXNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9iNjVlMzMtZjk0Ny00OTY4LWEyN2Mt
ZGQ5OWQzOTdlNGQ2LzEvMHdIcGZsUUkzMWtTaGdpYjl1c1dDYTdPcVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9iNjVlMzMtZjk0Ny00OTY4LWEyN2MtZGQ5OWQzOTdlNGQ2
LzEvck40aldQVjBPY1JQYXhaaTlWWVZvS3EydXNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgAOoAMF
AyoJBcAwDQYJKoZIhvcNAQELBQADggEBALGd+zefojTjwls/h6dl2P380VzlRwGQ
tnfcHwpm56+Nwf1vmhJbj2w+qSlhyfOUA32hiko+ukTmzExG0y9ttW3RweeRCeOU
N9dv/ukx1Mas8VWTZQg+FyRGaecewhWVpe/9rGl5xWMMTKrpmrC8cbkICWhZ5L7U
1SyM8IeosqVb3rl0P5L0zjDWZfS1ozf8k1WGaiGWGba54PYuf+CuVjFfwl6N253L
HQuc2+JwU/ywM3WqMtOyPeFQMgPIDJFy7wpbhZgkO0CBe4zriMfu74jwlseJYVWz
cq6QbkoDfk5tlNLJyL1Fxzy0cID2pe0igW0HdKIKrTzNAv/PgB8OzQs=
-----END CERTIFICATE-----