Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/xxaH20AWVy7ndpGZgtvrasP59BY.roa
File:                     xxaH20AWVy7ndpGZgtvrasP59BY.roa (raw, json)
Hash identifier:          Wqvg2uarzy/JuB9sjObsL0BBM3IAVRCsEKmiRzArDb0=
Subject key identifier:   C7:16:87:DB:40:16:57:2E:E7:76:91:99:82:DB:EB:6A:C3:F9:F4:16
Certificate issuer:       /CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
Certificate serial:       018CCA2A1C66D974D85D63164B82EF064BC0
Authority key identifier: 81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/xxaH20AWVy7ndpGZgtvrasP59BY.roa
Signing time:             Tue 02 Jan 2024 12:33:26 +0000
ROA not before:           Tue 02 Jan 2024 12:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43617
IP address blocks:        2a0f:3784::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1c:66:d9:74:d8:5d:63:16:4b:82:ef:06:4b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
        Validity
            Not Before: Jan  2 12:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c71687db4016572ee776919982dbeb6ac3f9f416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:df:eb:36:96:18:c1:e1:0c:bd:f7:1a:cd:0b:
                    f4:29:38:c4:44:a2:b4:63:a4:ea:dc:25:85:77:f9:
                    81:f2:d5:8f:8c:9a:99:a1:29:96:6e:5a:9b:79:43:
                    76:bb:3f:82:30:8f:72:87:51:6e:17:44:16:4b:17:
                    98:c0:93:0b:28:5a:c9:5c:44:56:4b:f6:f8:57:fd:
                    42:c0:43:17:ab:aa:3b:f9:88:2c:63:e5:de:9e:b7:
                    08:82:bd:c8:b8:48:55:cc:aa:b7:70:aa:c9:c5:b6:
                    12:cc:a5:ba:cb:fe:cf:f1:b6:33:e1:fa:b1:4c:c4:
                    dc:5d:c6:8f:ea:29:a6:dd:f8:01:1c:1c:67:5b:6a:
                    f9:af:74:f0:25:80:19:7e:f6:68:36:c2:9a:c7:41:
                    ce:aa:11:74:72:b3:c8:50:21:cf:5b:c6:f6:0c:11:
                    e1:cf:4a:03:2f:08:85:22:f5:5b:c2:94:58:b5:aa:
                    ac:b7:98:51:51:69:65:94:22:a4:be:df:8d:f5:6c:
                    c1:37:5e:bc:3f:8f:8e:f2:0f:49:59:92:9f:ee:20:
                    3a:b5:07:d1:29:ac:b8:98:34:89:7a:1c:a2:23:4d:
                    c3:a6:69:13:47:40:e4:01:78:3d:2e:22:b8:bf:1f:
                    d4:3e:d1:72:6f:f4:a2:90:59:b9:b3:d3:79:3d:df:
                    46:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:16:87:DB:40:16:57:2E:E7:76:91:99:82:DB:EB:6A:C3:F9:F4:16
            X509v3 Authority Key Identifier:
                keyid:81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/xxaH20AWVy7ndpGZgtvrasP59BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3784::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:cf:53:b6:78:00:cd:e2:4b:01:87:98:d9:98:bf:cb:53:18:
         1a:61:d1:78:ed:48:52:5b:af:9c:60:d5:e0:a8:4b:89:b5:78:
         54:9b:64:c3:2b:ee:e7:5f:32:24:26:2c:13:4c:30:45:15:34:
         6f:b7:29:be:47:90:c7:d1:59:f8:07:f8:db:25:4e:78:61:0c:
         56:61:32:83:59:5b:d1:5d:26:7a:cc:9f:92:b3:c6:c9:78:95:
         b3:f2:19:2e:81:d7:5d:cf:8b:f1:f2:a8:26:56:55:26:dc:e5:
         ed:cc:cd:bd:a3:46:f0:ec:af:95:dd:53:00:7c:3b:f2:5d:e0:
         0e:52:3e:3a:16:f3:07:ab:d2:95:b3:dc:63:c4:b5:04:fa:3c:
         d7:0c:9e:a2:32:6d:86:fb:21:82:ba:a7:e7:9a:93:ac:72:9a:
         56:e2:90:f8:e9:89:8e:cb:31:63:0b:43:ba:ac:66:b5:75:71:
         94:93:e2:57:2d:5f:6b:70:bc:9c:2f:ea:84:30:38:e5:62:14:
         9b:82:67:01:69:13:0a:d0:54:c2:e1:45:a0:47:dc:fa:0a:8e:
         a4:1c:35:11:84:fa:6b:97:1a:a1:19:a5:ee:97:61:b6:80:ad:
         8b:60:5b:11:ae:c2:a5:dc:52:cd:3e:66:c3:3b:18:37:2a:72:
         43:dc:da:99
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKhxm2XTYXWMWS4LvBkvAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMzNkODljMDZhOGExY2M5ZGJjMzYyMjAxZjdlYzU1OWQ3
ZmRkNDgwHhcNMjQwMTAyMTIzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzE2ODdkYjQwMTY1NzJlZTc3NjkxOTk4MmRiZWI2YWMzZjlmNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN/rNpYYweEMvfcazQv0KTjERKK0
Y6Tq3CWFd/mB8tWPjJqZoSmWblqbeUN2uz+CMI9yh1FuF0QWSxeYwJMLKFrJXERW
S/b4V/1CwEMXq6o7+YgsY+XenrcIgr3IuEhVzKq3cKrJxbYSzKW6y/7P8bYz4fqx
TMTcXcaP6imm3fgBHBxnW2r5r3TwJYAZfvZoNsKax0HOqhF0crPIUCHPW8b2DBHh
z0oDLwiFIvVbwpRYtaqst5hRUWlllCKkvt+N9WzBN168P4+O8g9JWZKf7iA6tQfR
Kay4mDSJehyiI03DpmkTR0DkAXg9LiK4vx/UPtFyb/SikFm5s9N5Pd9GEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMcWh9tAFlcu53aRmYLb62rD+fQWMB8GA1UdIwQY
MBaAFIEz2JwGqKHMnbw2IgH37FWdf91IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEt
YzVmZWJlNDg3YzQwLzEveHhhSDIwQVdWeTduZHBHWmd0dnJhc1A1OUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEtYzVmZWJlNDg3YzQw
LzEvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg83hDAN
BgkqhkiG9w0BAQsFAAOCAQEAHs9TtngAzeJLAYeY2Zi/y1MYGmHReO1IUluvnGDV
4KhLibV4VJtkwyvu518yJCYsE0wwRRU0b7cpvkeQx9FZ+Af42yVOeGEMVmEyg1lb
0V0mesyfkrPGyXiVs/IZLoHXXc+L8fKoJlZVJtzl7czNvaNG8Oyvld1TAHw78l3g
DlI+OhbzB6vSlbPcY8S1BPo81wyeojJthvshgrqn55qTrHKaVuKQ+OmJjssxYwtD
uqxmtXVxlJPiVy1fa3C8nC/qhDA45WIUm4JnAWkTCtBUwuFFoEfc+gqOpBw1EYT6
a5caoRml7pdhtoCti2BbEa7CpdxSzT5mwzsYNypyQ9zamQ==
-----END CERTIFICATE-----