Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/cdAYaxUCWrRHjCiBNLvOK_r_XMU.roa
File:                     cdAYaxUCWrRHjCiBNLvOK_r_XMU.roa (raw, json)
Hash identifier:          o/XIOfeJ7L9kfMxB9gE91RYf12y8BKnMynIEj0lEhgE=
Subject key identifier:   71:D0:18:6B:15:02:5A:B4:47:8C:28:81:34:BB:CE:2B:FA:FF:5C:C5
Certificate issuer:       /CN=d34403a30b313759af9626afd8d3d23805fcc80e
Certificate serial:       018CC56E2710F0CAA388E1ADA67FFA7D92F0
Authority key identifier: D3:44:03:A3:0B:31:37:59:AF:96:26:AF:D8:D3:D2:38:05:FC:C8:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00QDowsxN1mvliav2NPSOAX8yA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/cdAYaxUCWrRHjCiBNLvOK_r_XMU.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57454
IP address blocks:        2a0c:cd40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/00QDowsxN1mvliav2NPSOAX8yA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/00QDowsxN1mvliav2NPSOAX8yA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00QDowsxN1mvliav2NPSOAX8yA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:27:10:f0:ca:a3:88:e1:ad:a6:7f:fa:7d:92:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34403a30b313759af9626afd8d3d23805fcc80e
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d0186b15025ab4478c288134bbce2bfaff5cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:22:7a:8b:18:86:cb:11:e0:ca:b5:15:a9:80:
                    1b:87:43:c3:9b:f0:e9:3f:f5:06:c8:87:5b:a6:6b:
                    b7:2c:c5:8a:1f:de:b3:24:da:f7:93:e3:06:89:f6:
                    7a:1d:c2:81:f5:2e:d1:e2:4e:fb:6c:43:50:a3:a1:
                    f1:87:1e:68:96:79:56:45:b1:21:c0:88:ae:7a:0e:
                    3e:fc:0c:13:d4:9f:41:ce:05:a8:4c:00:a8:a2:2b:
                    98:98:c1:00:fa:22:25:65:00:61:09:9d:c0:bb:c4:
                    32:ff:56:67:ff:62:65:d2:1c:a9:11:12:26:19:58:
                    c2:68:77:bc:dd:14:1c:bb:e3:cd:1f:23:52:4c:a5:
                    12:63:97:f8:91:b6:54:79:65:14:80:bc:e1:8e:95:
                    4b:96:52:91:28:05:6c:15:7f:61:31:64:c5:6d:e1:
                    39:8d:bc:c4:2d:5c:80:76:58:c5:4c:21:17:ae:09:
                    90:96:47:9a:80:14:aa:1f:4d:51:1f:d7:a6:c2:0d:
                    1d:c1:14:e5:1d:49:23:9e:f4:06:8a:61:7c:f7:a9:
                    8c:05:f0:f9:8a:fe:7e:20:91:f9:dd:1d:63:86:9a:
                    a8:64:61:41:4f:29:34:9b:7b:8d:cc:ca:13:e2:b8:
                    8b:cb:61:16:a6:6e:ef:79:b3:e3:df:3c:96:6b:8a:
                    25:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D0:18:6B:15:02:5A:B4:47:8C:28:81:34:BB:CE:2B:FA:FF:5C:C5
            X509v3 Authority Key Identifier:
                keyid:D3:44:03:A3:0B:31:37:59:AF:96:26:AF:D8:D3:D2:38:05:FC:C8:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00QDowsxN1mvliav2NPSOAX8yA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/cdAYaxUCWrRHjCiBNLvOK_r_XMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/00QDowsxN1mvliav2NPSOAX8yA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:cd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:c9:eb:52:b0:b7:ea:10:69:b3:d3:d4:c1:e2:e5:ee:1a:90:
         b5:6b:b0:2c:29:09:eb:6d:be:f2:e1:4e:34:bb:44:b2:9c:45:
         c8:3c:cb:33:0f:0c:5c:5a:26:64:b3:0a:c2:e9:0d:ac:65:a2:
         89:a4:f9:90:45:79:4b:f9:ea:62:17:60:b9:4f:68:ba:b3:59:
         87:21:82:8e:a7:a9:e1:8b:85:97:47:a4:f5:07:67:58:34:79:
         90:02:1b:df:70:38:27:82:8f:c6:38:29:bb:dd:7c:13:7b:99:
         e3:8d:82:11:d4:5e:ec:98:41:60:d8:2f:2d:5c:86:ab:a9:7e:
         2d:c0:d3:1d:36:0a:8f:fd:7f:ec:08:cd:99:6b:ee:d5:7f:87:
         4e:52:70:e8:0f:9c:88:b1:21:fc:a4:be:d2:2c:21:1e:f8:f9:
         84:f6:07:af:ff:08:36:de:85:3c:a2:78:91:cf:2e:fb:9e:86:
         d5:7e:3d:14:92:ea:0b:da:51:44:1a:09:b4:65:20:e9:1c:6a:
         02:a0:b3:6d:ef:d6:90:88:96:00:fa:26:3c:34:1d:3d:7a:8f:
         60:f6:17:8b:36:b8:eb:2a:42:d9:27:12:be:e5:d0:c9:a9:4c:
         9a:70:ae:d9:85:08:52:89:98:bf:02:27:fa:5b:6b:04:06:cb:
         d9:03:84:fa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbicQ8MqjiOGtpn/6fZLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNDQwM2EzMGIzMTM3NTlhZjk2MjZhZmQ4ZDNkMjM4MDVm
Y2M4MGUwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQwMTg2YjE1MDI1YWI0NDc4YzI4ODEzNGJiY2UyYmZhZmY1Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyJ6ixiGyxHgyrUVqYAbh0PDm/Dp
P/UGyIdbpmu3LMWKH96zJNr3k+MGifZ6HcKB9S7R4k77bENQo6Hxhx5olnlWRbEh
wIiueg4+/AwT1J9BzgWoTACooiuYmMEA+iIlZQBhCZ3Au8Qy/1Zn/2Jl0hypERIm
GVjCaHe83RQcu+PNHyNSTKUSY5f4kbZUeWUUgLzhjpVLllKRKAVsFX9hMWTFbeE5
jbzELVyAdljFTCEXrgmQlkeagBSqH01RH9emwg0dwRTlHUkjnvQGimF896mMBfD5
iv5+IJH53R1jhpqoZGFBTyk0m3uNzMoT4riLy2EWpm7vebPj3zyWa4ol/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHHQGGsVAlq0R4wogTS7ziv6/1zFMB8GA1UdIwQY
MBaAFNNEA6MLMTdZr5Ymr9jT0jgF/MgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDBRRG93c3hOMW12bGlhdjJOUFNPQVg4eUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81Njc4Y2QtZDc3Yi00NTYzLWFmZTMt
YjQwNTI3ZGQ0M2ZjLzEvY2RBWWF4VUNXclJIakNpQk5Mdk9LX3JfWE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81Njc4Y2QtZDc3Yi00NTYzLWFmZTMtYjQwNTI3ZGQ0M2Zj
LzEvMDBRRG93c3hOMW12bGlhdjJOUFNPQVg4eUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgzNQDAN
BgkqhkiG9w0BAQsFAAOCAQEApcnrUrC36hBps9PUweLl7hqQtWuwLCkJ622+8uFO
NLtEspxFyDzLMw8MXFomZLMKwukNrGWiiaT5kEV5S/nqYhdguU9ourNZhyGCjqep
4YuFl0ek9QdnWDR5kAIb33A4J4KPxjgpu918E3uZ442CEdRe7JhBYNgvLVyGq6l+
LcDTHTYKj/1/7AjNmWvu1X+HTlJw6A+ciLEh/KS+0iwhHvj5hPYHr/8INt6FPKJ4
kc8u+56G1X49FJLqC9pRRBoJtGUg6RxqAqCzbe/WkIiWAPomPDQdPXqPYPYXiza4
6ypC2ScSvuXQyalMmnCu2YUIUomYvwIn+ltrBAbL2QOE+g==
-----END CERTIFICATE-----