Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/_U2W79cFB0j0JGTZTqokLJJSamQ.roa
File:                     _U2W79cFB0j0JGTZTqokLJJSamQ.roa (raw, json)
Hash identifier:          5P29wB6iZjChwrrpffNZqvHQ+Uy81I3ZNmISHXaVuvc=
Subject key identifier:   FD:4D:96:EF:D7:05:07:48:F4:24:64:D9:4E:AA:24:2C:92:52:6A:64
Certificate issuer:       /CN=0bac82804700ad36538bf86f34c073e971430da5
Certificate serial:       018CC56E4500907C19EFD898830D55058BF5
Authority key identifier: 0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/_U2W79cFB0j0JGTZTqokLJJSamQ.roa
Signing time:             Mon 01 Jan 2024 14:29:47 +0000
ROA not before:           Mon 01 Jan 2024 14:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59758
IP address blocks:        2a01:3f1:e000::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:45:00:90:7c:19:ef:d8:98:83:0d:55:05:8b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bac82804700ad36538bf86f34c073e971430da5
        Validity
            Not Before: Jan  1 14:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd4d96efd7050748f42464d94eaa242c92526a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:47:e8:80:a9:7b:65:05:87:50:4e:9a:49:9d:
                    ce:cd:f4:53:4b:66:65:31:d1:11:3c:f0:cd:f0:8f:
                    8a:63:0d:33:e4:65:dd:8e:33:b2:6e:ad:8a:94:9f:
                    f9:27:17:36:c1:b4:dd:77:34:19:28:dd:a8:80:f2:
                    f3:f0:cf:3f:0c:88:05:88:f5:0d:40:96:aa:0b:9e:
                    93:79:10:ea:c9:df:b8:a6:b9:fc:5d:60:80:5b:2e:
                    d4:7b:cf:3b:8a:e6:9b:8a:c9:ca:f3:10:e4:cb:49:
                    b2:79:06:69:8c:d2:cb:1a:59:4d:9f:1e:ac:76:3c:
                    29:07:13:5c:dd:35:db:3d:ff:c8:15:57:11:43:74:
                    d7:da:38:aa:97:d3:0f:73:78:49:ae:1d:a4:7a:88:
                    4d:5b:9f:17:c1:72:5f:2a:48:9a:8b:1b:cf:b5:86:
                    90:c1:b0:dd:b1:6d:08:29:8b:13:1e:38:6b:21:56:
                    33:1f:67:fa:b7:11:45:c1:b9:1a:a2:fc:f6:8c:e1:
                    e9:9a:6d:4d:f8:f9:a2:a2:4d:b6:aa:e2:df:3d:a6:
                    0f:c8:0f:99:4a:25:5e:18:cf:14:aa:cc:8e:17:a3:
                    e3:5c:5b:21:9a:83:16:c2:a8:3e:94:fc:32:8a:20:
                    17:b5:74:be:b3:07:54:96:24:3d:d0:6a:13:0c:5d:
                    62:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4D:96:EF:D7:05:07:48:F4:24:64:D9:4E:AA:24:2C:92:52:6A:64
            X509v3 Authority Key Identifier:
                keyid:0B:AC:82:80:47:00:AD:36:53:8B:F8:6F:34:C0:73:E9:71:43:0D:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6yCgEcArTZTi_hvNMBz6XFDDaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/_U2W79cFB0j0JGTZTqokLJJSamQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a72891-de2f-4156-a011-43f64bcea99d/1/C6yCgEcArTZTi_hvNMBz6XFDDaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3f1:e000::/38

    Signature Algorithm: sha256WithRSAEncryption
         bb:a4:ed:5a:31:8e:88:3d:23:23:28:51:4d:06:0f:b5:9e:85:
         15:e9:76:11:b3:95:cb:d1:0e:35:7f:c8:64:8e:8e:b5:0e:13:
         a0:4b:df:e1:2b:2c:fb:f0:cc:a1:35:2e:ab:36:d8:fa:0e:0a:
         9d:f8:25:aa:ba:bd:fa:76:40:3a:c4:a2:ce:c4:1e:be:60:f9:
         c2:e3:25:e3:3f:dc:a2:5d:39:08:50:aa:ab:cc:3d:51:0e:38:
         c3:69:c6:79:01:a6:b4:b2:63:79:02:57:de:c9:41:a0:3d:e1:
         94:e0:2d:2d:7c:47:41:7a:a9:56:82:2f:b8:56:3a:80:95:37:
         bd:74:2c:df:ce:eb:f0:98:27:74:5c:6b:24:95:58:d7:ef:6d:
         3b:51:30:7e:42:12:5d:b6:28:d7:3e:e6:a1:8e:b2:40:a0:00:
         f4:d7:68:70:1f:1e:7b:63:7d:db:76:fb:24:59:1a:e2:86:5a:
         76:6c:2d:af:07:92:59:c9:af:65:f6:e3:91:90:e9:d3:1c:c3:
         e0:09:8f:c4:bd:73:88:f9:04:bf:2e:cf:f9:a0:16:e6:12:83:
         bd:14:1a:49:75:90:45:eb:83:ba:7b:37:d5:50:e7:50:94:40:
         73:fe:84:4a:9a:de:cd:79:08:f1:2e:54:69:45:cc:60:15:70:
         94:0d:83:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbkUAkHwZ79iYgw1VBYv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWM4MjgwNDcwMGFkMzY1MzhiZjg2ZjM0YzA3M2U5NzE0
MzBkYTUwHhcNMjQwMTAxMTQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRkOTZlZmQ3MDUwNzQ4ZjQyNDY0ZDk0ZWFhMjQyYzkyNTI2YTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0fogKl7ZQWHUE6aSZ3OzfRTS2Zl
MdERPPDN8I+KYw0z5GXdjjOybq2KlJ/5Jxc2wbTddzQZKN2ogPLz8M8/DIgFiPUN
QJaqC56TeRDqyd+4prn8XWCAWy7Ue887iuabisnK8xDky0myeQZpjNLLGllNnx6s
djwpBxNc3TXbPf/IFVcRQ3TX2jiql9MPc3hJrh2keohNW58XwXJfKkiaixvPtYaQ
wbDdsW0IKYsTHjhrIVYzH2f6txFFwbkaovz2jOHpmm1N+Pmiok22quLfPaYPyA+Z
SiVeGM8UqsyOF6PjXFshmoMWwqg+lPwyiiAXtXS+swdUliQ90GoTDF1ifwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP1Nlu/XBQdI9CRk2U6qJCySUmpkMB8GA1UdIwQY
MBaAFAusgoBHAK02U4v4bzTAc+lxQw2lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEt
NDNmNjRiY2VhOTlkLzEvX1UyVzc5Y0ZCMGowSkdUWlRxb2tMSkpTYW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hNzI4OTEtZGUyZi00MTU2LWEwMTEtNDNmNjRiY2VhOTlk
LzEvQzZ5Q2dFY0FyVFpUaV9odk5NQno2WEZERGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgED8eAw
DQYJKoZIhvcNAQELBQADggEBALuk7Voxjog9IyMoUU0GD7WehRXpdhGzlcvRDjV/
yGSOjrUOE6BL3+ErLPvwzKE1Lqs22PoOCp34Jaq6vfp2QDrEos7EHr5g+cLjJeM/
3KJdOQhQqqvMPVEOOMNpxnkBprSyY3kCV97JQaA94ZTgLS18R0F6qVaCL7hWOoCV
N710LN/O6/CYJ3RcaySVWNfvbTtRMH5CEl22KNc+5qGOskCgAPTXaHAfHntjfdt2
+yRZGuKGWnZsLa8HklnJr2X245GQ6dMcw+AJj8S9c4j5BL8uz/mgFuYSg70UGkl1
kEXrg7p7N9VQ51CUQHP+hEqa3s15CPEuVGlFzGAVcJQNg4g=
-----END CERTIFICATE-----