Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0h42V4ugE74JlWduoQtP8s71SNc.roa
File:                     0h42V4ugE74JlWduoQtP8s71SNc.roa (raw, json)
Hash identifier:          HvAkbWXnDBWc0C1zXnWr/QsikhXVbjhfNidTog/tjAM=
Subject key identifier:   D2:1E:36:57:8B:A0:13:BE:09:95:67:6E:A1:0B:4F:F2:CE:F5:48:D7
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018F061F0B6864002ADBE391D4B1D27A16CF
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0h42V4ugE74JlWduoQtP8s71SNc.roa
Signing time:             Mon 22 Apr 2024 14:04:08 +0000
ROA not before:           Mon 22 Apr 2024 14:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:4bc7::/32 maxlen: 32
                          2a0e:ccc5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0b:68:64:00:2a:db:e3:91:d4:b1:d2:7a:16:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Apr 22 14:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d21e36578ba013be0995676ea10b4ff2cef548d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:12:6f:ff:0b:63:a6:87:9a:e6:f1:d1:dd:4f:
                    e8:5b:14:c5:2b:74:7c:71:87:3e:fb:f3:42:92:e2:
                    b5:f1:b4:33:61:ad:ed:e7:96:fb:0b:98:42:92:85:
                    6f:1d:40:8f:46:d1:2a:c7:43:82:2f:c6:55:be:cf:
                    27:7c:19:30:14:54:16:44:22:5c:c2:d2:72:ac:7d:
                    cf:2a:3a:f4:b6:5e:5c:d6:a2:bd:d2:00:61:d6:e1:
                    de:38:ad:f7:44:d0:1e:d4:80:88:54:f6:d3:ac:ac:
                    ab:5c:f1:3a:5b:5e:1b:18:99:57:05:cb:25:5e:c7:
                    e7:8c:af:c9:c6:b5:ab:78:7f:29:ea:03:3c:3f:15:
                    54:bf:88:d4:04:6f:1d:f6:6c:89:22:a9:28:12:a3:
                    02:a0:18:76:57:e5:2c:51:c2:bc:b2:68:1f:78:4f:
                    d4:c4:7e:f6:d6:5a:8b:38:89:fb:05:81:05:76:ee:
                    55:e8:fc:5e:f6:80:c0:b5:41:ea:77:2a:c8:e7:0c:
                    fb:4d:29:19:dd:96:95:89:f6:53:4a:6f:c9:bb:45:
                    19:97:22:7d:31:8d:0f:74:3c:e3:2b:8e:e6:b1:ad:
                    c1:6f:11:5b:5f:c6:03:f6:d2:f2:17:50:c1:f4:84:
                    a6:96:7b:d8:f0:93:77:b3:dc:86:5f:1e:3a:0d:e7:
                    33:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:1E:36:57:8B:A0:13:BE:09:95:67:6E:A1:0B:4F:F2:CE:F5:48:D7
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0h42V4ugE74JlWduoQtP8s71SNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc7::/32
                  2a0e:ccc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:a1:fb:1f:49:e8:64:1d:63:5a:67:8a:f8:cc:ef:b6:d7:af:
         3f:32:ca:63:68:b6:04:31:dd:0a:9b:1d:97:eb:79:66:b1:e5:
         07:d0:5a:91:07:e2:97:50:60:31:a7:ee:8e:b4:a0:ad:e9:1b:
         a6:77:9a:4e:d0:c5:6f:29:63:b2:fa:f8:85:aa:f6:20:67:e8:
         3e:11:55:a0:19:5d:e8:0c:82:8b:cc:e4:20:1e:52:97:08:0c:
         fb:db:0c:ad:28:ee:93:52:34:f9:f9:4a:cf:65:f1:ed:3c:f4:
         6f:7c:49:c4:7f:7b:22:3f:2d:b3:1c:87:5e:fe:30:54:2f:fc:
         a7:61:76:60:2c:34:52:5a:06:4a:f0:de:38:92:4e:da:e1:3e:
         56:5b:8f:f9:6a:b5:dd:3e:7f:81:33:60:3b:9b:1c:d6:98:64:
         28:6f:44:fb:c3:32:cb:00:e2:42:ba:c1:3a:fc:44:c0:1d:46:
         b2:e4:12:f8:b6:d9:93:bd:ea:ae:9c:40:3f:05:e6:27:79:4b:
         e3:07:26:a1:f4:a3:53:9e:d7:a4:31:1e:8d:02:f0:9a:2f:2f:
         55:96:87:16:c4:50:9e:6d:a4:a0:57:68:67:85:95:09:d3:cf:
         26:22:5e:d3:af:76:07:d5:7a:00:fe:63:d1:25:b7:c2:4f:55:
         65:46:49:a0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8GHwtoZAAq2+OR1LHSehbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwNDIyMTQwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjFlMzY1NzhiYTAxM2JlMDk5NTY3NmVhMTBiNGZmMmNlZjU0OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxJv/wtjpoea5vHR3U/oWxTFK3R8
cYc++/NCkuK18bQzYa3t55b7C5hCkoVvHUCPRtEqx0OCL8ZVvs8nfBkwFFQWRCJc
wtJyrH3PKjr0tl5c1qK90gBh1uHeOK33RNAe1ICIVPbTrKyrXPE6W14bGJlXBcsl
XsfnjK/JxrWreH8p6gM8PxVUv4jUBG8d9myJIqkoEqMCoBh2V+UsUcK8smgfeE/U
xH721lqLOIn7BYEFdu5V6Pxe9oDAtUHqdyrI5wz7TSkZ3ZaVifZTSm/Ju0UZlyJ9
MY0PdDzjK47msa3BbxFbX8YD9tLyF1DB9ISmlnvY8JN3s9yGXx46DeczdQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNIeNleLoBO+CZVnbqELT/LO9UjXMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvMGg0MlY0dWdFNzRKbFdkdW9RdFA4czcxU05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg5LxwMF
ACoOzMUwDQYJKoZIhvcNAQELBQADggEBAHOh+x9J6GQdY1pnivjM77bXrz8yymNo
tgQx3QqbHZfreWax5QfQWpEH4pdQYDGn7o60oK3pG6Z3mk7QxW8pY7L6+IWq9iBn
6D4RVaAZXegMgovM5CAeUpcIDPvbDK0o7pNSNPn5Ss9l8e089G98ScR/eyI/LbMc
h17+MFQv/KdhdmAsNFJaBkrw3jiSTtrhPlZbj/lqtd0+f4EzYDubHNaYZChvRPvD
MssA4kK6wTr8RMAdRrLkEvi22ZO96q6cQD8F5id5S+MHJqH0o1Oe16QxHo0C8Jov
L1WWhxbEUJ5tpKBXaGeFlQnTzyYiXtOvdgfVegD+Y9Elt8JPVWVGSaA=
-----END CERTIFICATE-----