Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/H8LG-Jxo1jQvjPZQ29U1ITbynB4.roa
File:                     H8LG-Jxo1jQvjPZQ29U1ITbynB4.roa (raw, json)
Hash identifier:          pAWiZ45UtcjOaDYzLamhUDtPIGPorvbMTlNphEXas70=
Subject key identifier:   1F:C2:C6:F8:9C:68:D6:34:2F:8C:F6:50:DB:D5:35:21:36:F2:9C:1E
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       018CC5006F9F865D82BC8A20515CB0A351B4
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/H8LG-Jxo1jQvjPZQ29U1ITbynB4.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196782
IP address blocks:        2a03:2a80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6f:9f:86:5d:82:bc:8a:20:51:5c:b0:a3:51:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fc2c6f89c68d6342f8cf650dbd5352136f29c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6e:af:40:c1:10:34:7f:bc:b2:78:14:75:8f:
                    15:0b:0d:c0:f2:32:fd:b2:f8:23:e2:a2:02:3a:be:
                    e4:6d:34:79:a4:2c:10:22:ea:e9:be:84:ca:00:f6:
                    53:8e:ad:77:17:ca:b7:c5:f3:35:7e:b7:8f:a7:43:
                    27:61:c4:fb:ab:0f:47:84:6a:a6:6b:26:8e:27:ff:
                    3b:3c:af:5f:d2:7c:c7:97:16:2c:10:85:12:ed:ac:
                    a8:2e:1c:63:98:1d:a4:c2:82:83:1e:b8:80:ca:ad:
                    de:0b:2c:90:24:2b:df:4f:37:37:ec:09:d0:7e:25:
                    a4:64:e8:3f:84:d3:78:cf:49:f1:dc:41:cd:b4:52:
                    13:9a:6f:d6:60:4c:8e:27:dd:e5:e2:45:73:54:a1:
                    cf:af:67:98:f6:44:3c:ce:44:40:22:ab:83:18:39:
                    6c:c2:5f:b2:1a:79:57:56:af:e0:7a:45:88:ac:78:
                    e8:24:78:f0:9e:56:ff:b7:3c:60:42:81:91:9c:01:
                    82:5e:b5:7b:6f:15:ca:f0:50:4d:b3:a3:b0:7b:76:
                    da:a5:5d:1c:09:30:e2:6a:1c:23:95:3b:ad:d5:b5:
                    1a:c8:f8:ff:03:da:47:ea:ea:b0:90:36:10:58:e0:
                    a5:34:9b:ce:c1:f4:e6:3d:a1:fd:40:f5:c3:39:d8:
                    a3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:C2:C6:F8:9C:68:D6:34:2F:8C:F6:50:DB:D5:35:21:36:F2:9C:1E
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/H8LG-Jxo1jQvjPZQ29U1ITbynB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:28:81:d5:b9:bd:27:80:53:5d:86:c6:f0:2a:be:cc:74:b6:
         34:30:f5:60:93:2d:f8:e0:da:fd:e2:e1:a6:84:97:c9:df:cb:
         1d:d7:f0:fa:82:fe:dc:d2:ee:14:4e:9e:33:5a:ef:f8:01:59:
         3b:4b:72:2d:ff:ab:fd:20:e4:ab:ec:a2:1b:26:56:86:fc:da:
         01:4e:37:cf:e3:5c:b0:ce:35:62:ea:0e:9d:a4:36:3b:33:a1:
         1b:0a:0e:b3:aa:6a:d7:6a:38:8b:f3:93:c6:45:f5:90:89:6b:
         c1:92:30:e6:92:23:f7:29:51:ce:93:d0:c2:9a:b1:0c:e0:7c:
         b9:38:6e:bc:d7:29:b4:48:25:58:6e:e0:52:25:41:d1:c2:1e:
         2b:30:3a:21:af:07:11:05:7e:07:e7:b1:3a:b9:fb:89:e2:2c:
         ba:c4:0e:68:b5:98:a6:40:69:fc:e7:aa:91:63:f1:ef:e0:47:
         9d:92:1d:ed:4b:d2:3b:14:c9:d9:5c:8b:bc:72:53:59:8a:d8:
         83:10:06:77:87:1b:e7:0d:ba:4e:67:dd:0e:0b:13:52:c5:7d:
         c7:39:fb:c3:50:8a:aa:14:1a:bb:c8:d9:db:c6:bd:86:48:a2:
         a8:e1:ce:03:f2:7c:a1:cb:83:bb:70:30:07:ce:fb:09:8c:2e:
         af:90:6c:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAG+fhl2CvIogUVywo1G0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmMyYzZmODljNjhkNjM0MmY4Y2Y2NTBkYmQ1MzUyMTM2ZjI5YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG6vQMEQNH+8sngUdY8VCw3A8jL9
svgj4qICOr7kbTR5pCwQIurpvoTKAPZTjq13F8q3xfM1frePp0MnYcT7qw9HhGqm
ayaOJ/87PK9f0nzHlxYsEIUS7ayoLhxjmB2kwoKDHriAyq3eCyyQJCvfTzc37AnQ
fiWkZOg/hNN4z0nx3EHNtFITmm/WYEyOJ93l4kVzVKHPr2eY9kQ8zkRAIquDGDls
wl+yGnlXVq/gekWIrHjoJHjwnlb/tzxgQoGRnAGCXrV7bxXK8FBNs6Owe3bapV0c
CTDiahwjlTut1bUayPj/A9pH6uqwkDYQWOClNJvOwfTmPaH9QPXDOdijPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB/CxvicaNY0L4z2UNvVNSE28pweMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvSDhMRy1KeG8xalF2alBaUTI5VTFJVGJ5bkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMqgDAN
BgkqhkiG9w0BAQsFAAOCAQEAWCiB1bm9J4BTXYbG8Cq+zHS2NDD1YJMt+ODa/eLh
poSXyd/LHdfw+oL+3NLuFE6eM1rv+AFZO0tyLf+r/SDkq+yiGyZWhvzaAU43z+Nc
sM41YuoOnaQ2OzOhGwoOs6pq12o4i/OTxkX1kIlrwZIw5pIj9ylRzpPQwpqxDOB8
uThuvNcptEglWG7gUiVB0cIeKzA6Ia8HEQV+B+exOrn7ieIsusQOaLWYpkBp/Oeq
kWPx7+BHnZId7UvSOxTJ2VyLvHJTWYrYgxAGd4cb5w26TmfdDgsTUsV9xzn7w1CK
qhQau8jZ28a9hkiiqOHOA/J8ocuDu3AwB877CYwur5BsGA==
-----END CERTIFICATE-----