Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/DX0p_KYIMXCYvniXS1sFFSgQjek.roa
File:                     DX0p_KYIMXCYvniXS1sFFSgQjek.roa (raw, json)
Hash identifier:          ULLjWl/wcBlK15GUKLWrt6OYY7inXFJnfZ1eThRsQxk=
Subject key identifier:   0D:7D:29:FC:A6:08:31:70:98:BE:78:97:4B:5B:05:15:28:10:8D:E9
Certificate issuer:       /CN=a66246b806e89aba40e7e58888f3576513a3934a
Certificate serial:       018CE4AE2942352FC4654DE17632FD04343D
Authority key identifier: A6:62:46:B8:06:E8:9A:BA:40:E7:E5:88:88:F3:57:65:13:A3:93:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/DX0p_KYIMXCYvniXS1sFFSgQjek.roa
Signing time:             Sun 07 Jan 2024 16:07:48 +0000
ROA not before:           Sun 07 Jan 2024 16:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202685
IP address blocks:        2a0e:8e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e4:ae:29:42:35:2f:c4:65:4d:e1:76:32:fd:04:34:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a66246b806e89aba40e7e58888f3576513a3934a
        Validity
            Not Before: Jan  7 16:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d7d29fca608317098be78974b5b051528108de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7a:3f:03:b1:e0:a4:1a:d7:75:cc:f3:3c:7f:
                    65:be:69:72:35:53:c2:ae:0b:24:6c:9f:b2:84:ba:
                    13:66:ad:bc:66:2b:24:ca:b1:40:52:97:ef:a1:a6:
                    05:5d:33:9a:4d:6d:cb:b7:ae:8a:76:73:1d:88:88:
                    a4:06:d7:a8:10:e9:db:fe:8a:b8:8f:24:5d:e6:72:
                    02:d0:4f:72:15:3d:11:d8:3d:3f:f5:b5:b0:f9:43:
                    a3:9d:2b:ab:04:e9:b0:78:06:57:31:d7:69:df:7f:
                    bd:f8:b5:9f:f8:37:1d:ec:be:13:20:33:15:08:56:
                    f2:33:24:2e:e2:2c:3b:4f:1c:eb:c0:68:34:97:bc:
                    ea:d5:6c:c6:c1:ee:5b:4a:ce:ee:bb:2d:1d:34:9d:
                    55:f5:af:1e:98:28:ca:24:18:59:fb:c4:c3:02:20:
                    fa:1f:ea:d6:70:eb:87:cd:cc:f9:5a:22:54:33:4a:
                    8a:b9:6a:80:0b:ad:6a:9a:08:55:94:aa:51:dd:d6:
                    76:26:78:88:8d:8d:b6:be:e9:64:c7:e7:e4:de:03:
                    e8:c8:ce:9e:b8:ee:3d:b5:ea:1d:d8:5e:87:2c:a7:
                    73:7b:5f:93:eb:4b:84:b9:ae:5a:42:47:7f:f1:9b:
                    99:8b:0c:5a:1f:fe:a5:8f:2b:00:2f:b9:4d:6a:e5:
                    6f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:7D:29:FC:A6:08:31:70:98:BE:78:97:4B:5B:05:15:28:10:8D:E9
            X509v3 Authority Key Identifier:
                keyid:A6:62:46:B8:06:E8:9A:BA:40:E7:E5:88:88:F3:57:65:13:A3:93:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/DX0p_KYIMXCYvniXS1sFFSgQjek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:18:7d:82:00:61:3b:12:30:26:ae:95:89:07:6f:be:8f:38:
         5b:a8:f8:83:59:75:1e:d0:49:0b:df:22:4e:fd:ce:61:28:a6:
         87:50:da:ab:ca:99:0e:92:ab:51:0d:ca:f5:6b:39:74:f5:5a:
         5f:4a:5c:03:fe:a6:ca:91:7a:3a:ed:b5:c0:31:cf:a5:bc:61:
         a9:1c:f3:6f:ca:dd:fb:46:a2:f4:6e:8a:da:ef:5c:a0:93:1f:
         9b:57:63:f3:fe:fb:5b:88:42:45:2a:14:c9:5d:d3:d8:3b:f0:
         22:f0:d8:22:49:e3:9c:b4:b8:ea:62:62:57:92:ae:48:ee:22:
         5e:e6:ad:78:3b:2e:11:53:ca:d6:ac:2a:7c:c2:04:b9:94:6c:
         a3:37:48:b3:bd:2e:43:38:2e:ed:26:fe:cf:57:76:fc:55:13:
         d2:49:b8:9b:4c:e8:77:71:48:05:89:12:86:6a:88:f3:6a:aa:
         80:4a:b6:bd:97:f8:6b:45:06:7a:6a:01:d6:c8:d2:3a:2e:5e:
         46:a3:54:fb:53:e0:4e:c2:03:5c:b2:10:ff:86:67:ac:01:e0:
         33:d5:f2:aa:8d:7b:cc:7c:dc:c3:7b:a3:ad:ce:5b:25:65:27:
         87:8c:ad:26:0c:cb:52:b3:a5:6e:6c:c5:25:fb:76:cd:06:b9:
         a6:88:24:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzkrilCNS/EZU3hdjL9BDQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NjI0NmI4MDZlODlhYmE0MGU3ZTU4ODg4ZjM1NzY1MTNh
MzkzNGEwHhcNMjQwMTA3MTYwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDdkMjlmY2E2MDgzMTcwOThiZTc4OTc0YjViMDUxNTI4MTA4ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXo/A7HgpBrXdczzPH9lvmlyNVPC
rgskbJ+yhLoTZq28ZiskyrFAUpfvoaYFXTOaTW3Lt66KdnMdiIikBteoEOnb/oq4
jyRd5nIC0E9yFT0R2D0/9bWw+UOjnSurBOmweAZXMddp33+9+LWf+Dcd7L4TIDMV
CFbyMyQu4iw7TxzrwGg0l7zq1WzGwe5bSs7uuy0dNJ1V9a8emCjKJBhZ+8TDAiD6
H+rWcOuHzcz5WiJUM0qKuWqAC61qmghVlKpR3dZ2JniIjY22vulkx+fk3gPoyM6e
uO49teod2F6HLKdze1+T60uEua5aQkd/8ZuZiwxaH/6ljysAL7lNauVvgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA19KfymCDFwmL54l0tbBRUoEI3pMB8GA1UdIwQY
MBaAFKZiRrgG6Jq6QOfliIjzV2UTo5NKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG1KR3VBYm9tcnBBNS1XSWlQTlhaUk9qazBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81NTUyMjEtMDAwZC00OWY2LTgzMzUt
NGZkMjhjNjYxOWFlLzEvRFgwcF9LWUlNWENZdm5pWFMxc0ZGU2dRamVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81NTUyMjEtMDAwZC00OWY2LTgzMzUtNGZkMjhjNjYxOWFl
LzEvcG1KR3VBYm9tcnBBNS1XSWlQTlhaUk9qazBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6OgDAN
BgkqhkiG9w0BAQsFAAOCAQEAkBh9ggBhOxIwJq6ViQdvvo84W6j4g1l1HtBJC98i
Tv3OYSimh1Daq8qZDpKrUQ3K9Ws5dPVaX0pcA/6mypF6Ou21wDHPpbxhqRzzb8rd
+0ai9G6K2u9coJMfm1dj8/77W4hCRSoUyV3T2DvwIvDYIknjnLS46mJiV5KuSO4i
XuateDsuEVPK1qwqfMIEuZRsozdIs70uQzgu7Sb+z1d2/FUT0km4m0zod3FIBYkS
hmqI82qqgEq2vZf4a0UGemoB1sjSOi5eRqNU+1PgTsIDXLIQ/4ZnrAHgM9Xyqo17
zHzcw3ujrc5bJWUnh4ytJgzLUrOlbmzFJft2zQa5pogkiQ==
-----END CERTIFICATE-----