Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/V0K4GGNoZJWvjQ3kjmavoAsUBp8.roa
File:                     V0K4GGNoZJWvjQ3kjmavoAsUBp8.roa (raw, json)
Hash identifier:          NOVUvWeN8f7p4gh43mLObLLvTd5nkmplsQmmsJQZuHs=
Subject key identifier:   57:42:B8:18:63:68:64:95:AF:8D:0D:E4:8E:66:AF:A0:0B:14:06:9F
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       018EBAAEAF2250E85786B28C5D535E458D07
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/V0K4GGNoZJWvjQ3kjmavoAsUBp8.roa
Signing time:             Sun 07 Apr 2024 22:29:54 +0000
ROA not before:           Sun 07 Apr 2024 22:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44752
IP address blocks:        2a04:a684::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ba:ae:af:22:50:e8:57:86:b2:8c:5d:53:5e:45:8d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Apr  7 22:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5742b81863686495af8d0de48e66afa00b14069f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:82:ce:b5:57:3d:b4:6f:39:ea:e3:b3:6f:c1:
                    19:36:c3:85:1c:65:a7:5e:f3:28:1d:ef:9e:cf:7f:
                    39:8a:e6:c8:cb:cb:db:d3:99:ca:63:3f:51:3e:c8:
                    8b:da:8f:a0:b3:87:7a:ac:cb:f1:68:13:40:55:8c:
                    87:ba:93:85:de:68:b3:fa:d1:65:a4:6f:43:6c:cc:
                    8a:7f:7a:54:dc:a7:09:4c:1a:52:46:12:de:a4:52:
                    79:62:98:7b:91:8f:6d:db:3c:52:7c:f7:d6:f7:ee:
                    20:23:53:fc:3f:d9:56:18:7f:1f:1c:4b:b5:23:c4:
                    83:37:ff:b0:69:33:6d:7e:81:45:78:ea:dd:7e:59:
                    8f:6a:07:d8:b9:dd:7a:a6:80:0c:89:08:b4:1c:5b:
                    31:d5:b2:67:71:f7:46:a4:93:60:a6:d9:31:e0:49:
                    46:24:9a:81:76:8f:f8:54:46:9f:61:c5:ec:eb:59:
                    eb:bc:21:cf:9e:f4:a0:bd:42:e8:16:58:f3:72:b0:
                    3e:0b:87:62:ef:d5:91:50:b0:2f:f3:2a:95:2e:84:
                    64:71:6e:a4:8b:1c:80:70:96:de:97:e0:09:7d:ba:
                    a4:c8:38:bd:2f:8c:81:33:2a:ac:70:86:8a:42:6d:
                    4e:d2:22:bd:fb:a8:e6:1f:63:f6:d9:b5:fb:f0:8e:
                    2b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:42:B8:18:63:68:64:95:AF:8D:0D:E4:8E:66:AF:A0:0B:14:06:9F
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/V0K4GGNoZJWvjQ3kjmavoAsUBp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:a684::/30

    Signature Algorithm: sha256WithRSAEncryption
         c2:6f:15:6b:9e:ed:7e:53:b7:60:41:43:0e:24:ab:c0:17:5e:
         15:07:7a:f1:dc:49:6e:99:63:dc:00:07:92:42:64:5f:35:40:
         bf:56:69:3b:74:61:a7:32:8b:c4:00:0b:bd:59:e9:80:fb:01:
         35:4c:0b:1c:96:65:65:be:2f:e2:71:83:6e:fc:e0:a4:a8:49:
         2e:17:5d:35:d4:82:c1:70:36:c0:92:a2:b5:8f:b2:17:97:29:
         8e:7f:6a:e2:28:58:e9:94:7d:2b:29:79:0f:e7:7f:e7:2c:9d:
         ef:6e:57:16:21:61:7e:da:57:27:e4:5b:34:02:d8:2c:31:4a:
         6e:b6:23:e1:87:7f:e5:75:af:ca:39:da:72:7f:57:bd:00:75:
         ee:93:29:51:16:2a:c3:f3:b0:87:68:3d:92:97:d8:bb:c3:99:
         28:ea:9c:46:ff:f0:c2:ea:e8:56:c5:c0:1f:c7:31:44:d1:1e:
         b1:13:bf:26:56:fb:a6:f1:aa:eb:ff:57:eb:0a:17:f3:9c:3a:
         e3:75:2f:3b:e2:a6:77:6d:77:81:97:c4:88:ab:51:3c:8a:36:
         cb:1d:17:a3:cf:b5:8b:f1:29:04:dc:d6:26:4f:70:d7:8a:53:
         f1:7b:f0:2b:e6:25:78:2c:fc:44:6f:28:14:cc:dc:76:6d:18:
         1e:9d:b4:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY66rq8iUOhXhrKMXVNeRY0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjQwNDA3MjIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzQyYjgxODYzNjg2NDk1YWY4ZDBkZTQ4ZTY2YWZhMDBiMTQwNjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoLOtVc9tG856uOzb8EZNsOFHGWn
XvMoHe+ez385iubIy8vb05nKYz9RPsiL2o+gs4d6rMvxaBNAVYyHupOF3miz+tFl
pG9DbMyKf3pU3KcJTBpSRhLepFJ5Yph7kY9t2zxSfPfW9+4gI1P8P9lWGH8fHEu1
I8SDN/+waTNtfoFFeOrdflmPagfYud16poAMiQi0HFsx1bJncfdGpJNgptkx4ElG
JJqBdo/4VEafYcXs61nrvCHPnvSgvULoFljzcrA+C4di79WRULAv8yqVLoRkcW6k
ixyAcJbel+AJfbqkyDi9L4yBMyqscIaKQm1O0iK9+6jmH2P22bX78I4rrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFdCuBhjaGSVr40N5I5mr6ALFAafMB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvVjBLNEdHTm9aSld2alEza2ptYXZvQXNVQnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKgSmhDAN
BgkqhkiG9w0BAQsFAAOCAQEAwm8Va57tflO3YEFDDiSrwBdeFQd68dxJbplj3AAH
kkJkXzVAv1ZpO3RhpzKLxAALvVnpgPsBNUwLHJZlZb4v4nGDbvzgpKhJLhddNdSC
wXA2wJKitY+yF5cpjn9q4ihY6ZR9Kyl5D+d/5yyd725XFiFhftpXJ+RbNALYLDFK
brYj4Yd/5XWvyjnacn9XvQB17pMpURYqw/Owh2g9kpfYu8OZKOqcRv/wwuroVsXA
H8cxRNEesRO/Jlb7pvGq6/9X6woX85w643UvO+Kmd213gZfEiKtRPIo2yx0Xo8+1
i/EpBNzWJk9w14pT8XvwK+YleCz8RG8oFMzcdm0YHp20kg==
-----END CERTIFICATE-----