Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/_tQz1_qcEqZds29GsToVUuQy0Q4.roa
File:                     _tQz1_qcEqZds29GsToVUuQy0Q4.roa (raw, json)
Hash identifier:          SNarZuKFOz7fnrJ2jsOzIkNgJb/p5eMXGxq1LhUDDbU=
Subject key identifier:   FE:D4:33:D7:FA:9C:12:A6:5D:B3:6F:46:B1:3A:15:52:E4:32:D1:0E
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC72756D88C61CCE8318AE85077E4F236
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/_tQz1_qcEqZds29GsToVUuQy0Q4.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205909
IP address blocks:        2a0b:6b86:600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:56:d8:8c:61:cc:e8:31:8a:e8:50:77:e4:f2:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fed433d7fa9c12a65db36f46b13a1552e432d10e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:2f:41:e1:fe:ba:3d:f4:da:bc:bd:f4:66:e1:
                    bf:ae:bf:3b:a0:5f:31:c5:0c:61:8f:83:92:8d:24:
                    18:b3:49:26:e1:4e:08:1d:ba:bc:a0:e5:c4:ff:cd:
                    ce:e2:84:07:94:7b:3d:61:ee:bf:db:f7:c2:34:13:
                    91:16:41:3f:ea:80:24:3a:4c:54:8f:dd:86:ec:5e:
                    28:a4:4e:32:97:8d:5e:07:f8:b6:f4:b8:b5:db:ba:
                    a5:d4:87:d5:29:23:8d:4c:f9:63:c5:a4:86:f9:c9:
                    1b:5c:98:7e:c5:21:b4:27:e6:58:b1:98:6b:ca:cc:
                    ae:54:2f:28:aa:0d:b7:24:f7:71:45:5d:49:65:51:
                    1c:7e:39:0b:aa:71:bc:e1:a2:34:1a:26:cf:f9:7b:
                    43:5b:88:35:8a:5b:26:56:9e:94:8d:7e:f3:e0:b6:
                    ee:9e:e7:0b:de:5a:9b:f9:6b:e5:75:94:9b:c5:2d:
                    81:f6:5d:1f:05:b8:9f:c0:f8:3f:16:1d:4e:f3:da:
                    5c:9f:36:57:9d:03:3d:ca:8c:74:5a:c3:f8:4f:f2:
                    60:ac:75:76:5e:9f:c1:8a:b2:ce:8e:9d:2d:87:0c:
                    fa:a4:76:0d:ea:a6:90:3f:16:96:8f:36:79:5d:a8:
                    d3:52:3d:ab:18:c1:7d:15:0e:ec:28:3c:af:5d:e3:
                    27:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D4:33:D7:FA:9C:12:A6:5D:B3:6F:46:B1:3A:15:52:E4:32:D1:0E
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/_tQz1_qcEqZds29GsToVUuQy0Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:14:0d:7b:af:43:09:18:17:aa:67:68:e4:d8:5f:48:15:b2:
         16:ef:72:34:c1:15:68:e5:e8:ca:09:19:28:06:a3:bc:33:ee:
         c6:de:a0:28:9c:7e:84:48:81:f7:d8:c7:05:65:fa:2f:a8:9a:
         84:d3:37:98:8c:4d:fa:af:34:d1:6e:5e:e7:3d:d2:56:2c:1f:
         18:e4:f2:e0:40:e6:20:98:f4:18:bc:fd:ab:6d:30:a4:48:6d:
         a7:1b:e2:96:1a:7f:d2:68:f9:5a:6d:a8:cf:84:bf:be:b2:ab:
         43:d9:ef:d7:61:ab:7d:6f:3e:33:89:c9:df:01:35:a9:83:7b:
         2e:58:d6:05:66:bc:e8:11:b0:87:d7:eb:44:f4:cb:ec:a9:c0:
         5a:4a:cb:5a:8b:62:36:83:32:fc:da:bc:c1:ed:07:5c:6c:96:
         97:d8:ac:ee:22:49:d9:7a:19:dc:ca:87:76:33:39:40:c4:89:
         6b:01:4c:05:ab:0f:9b:5a:3f:e4:b7:31:1f:80:d9:47:17:80:
         8f:11:ab:9a:9d:93:37:a1:a1:54:45:82:da:09:23:47:86:38:
         d5:23:19:fd:7a:6c:f5:7d:4a:ab:c7:32:ad:8a:cd:b9:4d:9b:
         9d:5d:e9:7a:a8:94:b2:6e:00:5d:31:fe:41:af:8d:3b:60:f4:
         f5:34:ba:99
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1bYjGHM6DGK6FB35PI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQ0MzNkN2ZhOWMxMmE2NWRiMzZmNDZiMTNhMTU1MmU0MzJkMTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny9B4f66PfTavL30ZuG/rr87oF8x
xQxhj4OSjSQYs0km4U4IHbq8oOXE/83O4oQHlHs9Ye6/2/fCNBORFkE/6oAkOkxU
j92G7F4opE4yl41eB/i29Li127ql1IfVKSONTPljxaSG+ckbXJh+xSG0J+ZYsZhr
ysyuVC8oqg23JPdxRV1JZVEcfjkLqnG84aI0GibP+XtDW4g1ilsmVp6UjX7z4Lbu
nucL3lqb+WvldZSbxS2B9l0fBbifwPg/Fh1O89pcnzZXnQM9yox0WsP4T/JgrHV2
Xp/BirLOjp0thwz6pHYN6qaQPxaWjzZ5XajTUj2rGMF9FQ7sKDyvXeMnBQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP7UM9f6nBKmXbNvRrE6FVLkMtEOMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvX3RRejFfcWNFcVpkczI5R3NUb1ZVdVF5MFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgYw
DQYJKoZIhvcNAQELBQADggEBAA4UDXuvQwkYF6pnaOTYX0gVshbvcjTBFWjl6MoJ
GSgGo7wz7sbeoCicfoRIgffYxwVl+i+omoTTN5iMTfqvNNFuXuc90lYsHxjk8uBA
5iCY9Bi8/attMKRIbacb4pYaf9Jo+VptqM+Ev76yq0PZ79dhq31vPjOJyd8BNamD
ey5Y1gVmvOgRsIfX60T0y+ypwFpKy1qLYjaDMvzavMHtB1xslpfYrO4iSdl6GdzK
h3YzOUDEiWsBTAWrD5taP+S3MR+A2UcXgI8Rq5qdkzehoVRFgtoJI0eGONUjGf16
bPV9SqvHMq2KzblNm51d6XqolLJuAF0x/kGvjTtg9PU0upk=
-----END CERTIFICATE-----