Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/LdYowE-_7EMd5OAgF1JFOKH9iTQ.roa
File:                     LdYowE-_7EMd5OAgF1JFOKH9iTQ.roa (raw, json)
Hash identifier:          9FXhGvkbgo8uDB74jU3MDRjGJrBV9uFOp1XnC91wykk=
Subject key identifier:   2D:D6:28:C0:4F:BF:EC:43:1D:E4:E0:20:17:52:45:38:A1:FD:89:34
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B639B199DA9173EEEE76ED23EBF0A
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/LdYowE-_7EMd5OAgF1JFOKH9iTQ.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136918
IP address blocks:        2a0e:46c4:2200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:63:9b:19:9d:a9:17:3e:ee:e7:6e:d2:3e:bf:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dd628c04fbfec431de4e02017524538a1fd8934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a7:3f:27:9a:7d:24:21:9e:93:84:88:ff:1a:
                    06:d8:7c:bb:41:b4:a3:a5:4a:84:a1:b1:d5:cb:7f:
                    c8:45:af:e5:d6:48:e2:23:13:b8:3b:fa:78:9f:c6:
                    d1:fa:1e:e7:16:f8:1b:4b:53:9d:7b:22:a6:1e:cb:
                    2b:2a:86:e6:f9:e4:36:00:17:1c:93:8f:31:9f:ab:
                    d4:e6:08:ff:57:e3:63:84:bd:f8:cb:33:e2:a6:b8:
                    be:7e:76:b2:e2:34:a5:39:8d:14:99:45:f2:2e:be:
                    67:9c:96:5d:4d:f7:29:c4:1c:83:b5:ce:be:01:5f:
                    a6:91:d0:26:88:6e:95:52:9b:4f:85:29:61:d9:32:
                    2f:4e:2d:c9:81:e7:39:a3:96:94:2d:b5:4f:e5:9a:
                    ad:ca:3a:b2:ce:5f:4e:f7:5c:dc:20:35:c0:61:ae:
                    bc:89:11:eb:a4:08:f3:ee:9f:3e:11:07:0a:05:e1:
                    7f:29:4f:e6:a6:56:9f:77:db:b2:a6:f5:9c:2f:03:
                    f5:3b:af:56:84:93:d3:b5:cc:65:79:93:b0:40:84:
                    2e:39:ed:fc:30:4e:f4:97:e5:98:ae:b2:ee:fb:7c:
                    7f:69:1e:47:db:16:77:4c:a6:58:ae:b3:90:17:10:
                    5b:2e:68:a7:ef:cb:ac:a6:74:23:21:af:b4:7e:3e:
                    52:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D6:28:C0:4F:BF:EC:43:1D:E4:E0:20:17:52:45:38:A1:FD:89:34
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/LdYowE-_7EMd5OAgF1JFOKH9iTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         0d:81:67:36:07:08:bc:79:8c:f3:57:0c:7d:c3:76:a9:a1:a1:
         ac:12:0d:ec:01:77:ea:79:de:3b:28:02:53:30:10:c2:b5:91:
         b7:86:a9:c6:76:a8:93:39:38:05:11:29:64:c4:66:ed:9c:97:
         57:c6:28:a5:9f:21:45:45:d4:c9:24:d9:fe:51:4c:cd:18:90:
         fe:1d:4b:4d:a3:7b:e8:a5:d8:77:f4:65:8e:b8:6b:c7:5e:6f:
         f4:3f:ee:fd:29:4a:a7:84:2a:2f:8a:51:0b:5d:b5:80:79:49:
         13:c1:e6:d3:bf:2f:cb:6a:54:39:c6:63:aa:7c:fd:8b:8f:0d:
         31:14:29:ff:80:89:b3:04:67:b1:22:cc:da:96:92:18:a0:e7:
         15:e0:9a:a1:62:e2:2b:4c:8f:79:50:4b:f2:aa:29:ac:91:1e:
         a4:25:61:12:5f:61:d2:05:8c:0d:c9:76:d0:00:8e:36:6c:a6:
         d2:15:47:f1:c0:1a:68:22:c6:01:ca:c5:ff:94:4e:ea:c1:f9:
         c0:0c:2d:b1:d3:a9:28:5e:1b:d7:2f:76:32:20:b8:ad:89:44:
         2b:81:63:7a:91:d4:a8:e2:4e:06:43:63:c2:2f:b9:8b:27:e8:
         27:5d:3b:d6:fb:d1:98:bd:a7:f6:3a:59:62:7c:70:ea:6d:64:
         17:d7:ac:dd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS2ObGZ2pFz7u527SPr8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ2MjhjMDRmYmZlYzQzMWRlNGUwMjAxNzUyNDUzOGExZmQ4OTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqc/J5p9JCGek4SI/xoG2Hy7QbSj
pUqEobHVy3/IRa/l1kjiIxO4O/p4n8bR+h7nFvgbS1OdeyKmHssrKobm+eQ2ABcc
k48xn6vU5gj/V+NjhL34yzPipri+fnay4jSlOY0UmUXyLr5nnJZdTfcpxByDtc6+
AV+mkdAmiG6VUptPhSlh2TIvTi3Jgec5o5aULbVP5Zqtyjqyzl9O91zcIDXAYa68
iRHrpAjz7p8+EQcKBeF/KU/mplafd9uypvWcLwP1O69WhJPTtcxleZOwQIQuOe38
ME70l+WYrrLu+3x/aR5H2xZ3TKZYrrOQFxBbLmin78uspnQjIa+0fj5SSwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC3WKMBPv+xDHeTgIBdSRTih/Yk0MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvTGRZb3dFLV83RU1kNU9BZ0YxSkZPS0g5aVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg5GxCIw
DQYJKoZIhvcNAQELBQADggEBAA2BZzYHCLx5jPNXDH3DdqmhoawSDewBd+p53jso
AlMwEMK1kbeGqcZ2qJM5OAURKWTEZu2cl1fGKKWfIUVF1Mkk2f5RTM0YkP4dS02j
e+il2Hf0ZY64a8deb/Q/7v0pSqeEKi+KUQtdtYB5SRPB5tO/L8tqVDnGY6p8/YuP
DTEUKf+AibMEZ7EizNqWkhig5xXgmqFi4itMj3lQS/KqKayRHqQlYRJfYdIFjA3J
dtAAjjZsptIVR/HAGmgixgHKxf+UTurB+cAMLbHTqSheG9cvdjIguK2JRCuBY3qR
1KjiTgZDY8IvuYsn6CddO9b70Zi9p/Y6WWJ8cOptZBfXrN0=
-----END CERTIFICATE-----