Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/BQpa0PjAFqNYYQp3weiAR3Lbuck.roa
File:                     BQpa0PjAFqNYYQp3weiAR3Lbuck.roa (raw, json)
Hash identifier:          XrZ82ZR2aUV9pqlwrfUhdnhRKTKGIXfuyGOhcYAbbz0=
Subject key identifier:   05:0A:5A:D0:F8:C0:16:A3:58:61:0A:77:C1:E8:80:47:72:DB:B9:C9
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FAC05035EE61C3FDB21C276E9CBE8
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/BQpa0PjAFqNYYQp3weiAR3Lbuck.roa
Signing time:             Tue 02 Jan 2024 04:30:10 +0000
ROA not before:           Tue 02 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57138
IP address blocks:        2a07:e340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ac:05:03:5e:e6:1c:3f:db:21:c2:76:e9:cb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=050a5ad0f8c016a358610a77c1e8804772dbb9c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:31:22:d0:8a:f6:8b:30:d2:b6:0b:43:71:74:
                    dc:2d:ea:c9:61:4c:2d:08:e4:41:49:89:32:be:6a:
                    fe:18:f8:5b:2c:0e:27:4a:13:8f:dc:71:4c:5b:70:
                    dc:91:36:91:17:ea:7b:30:a3:f9:ae:ed:6d:00:c5:
                    67:73:1e:86:a8:6f:8c:4e:1d:d2:8c:a4:4e:36:fa:
                    d3:76:cd:de:7c:dc:4e:f9:4d:88:94:7c:bd:e3:ed:
                    5f:0a:27:bf:d2:f0:b4:c1:f9:d1:b6:20:83:b0:ac:
                    5e:47:96:d2:45:4f:13:9f:2e:8f:34:b9:7e:64:af:
                    cb:24:1d:40:09:f6:ab:05:80:e1:17:3a:2d:23:89:
                    6a:41:4a:d2:f7:3d:2e:47:46:70:b0:13:d0:08:94:
                    0b:07:61:1c:6c:b4:71:03:35:14:51:8b:90:b5:f7:
                    76:04:db:77:83:b4:4c:13:80:34:e8:3d:9b:23:a4:
                    71:65:ce:62:d7:7d:b6:9e:b5:bc:aa:28:da:27:1d:
                    24:5b:e2:ff:0f:82:b8:d8:bb:78:6c:5d:1b:7c:ec:
                    3e:e4:09:94:ae:62:9c:41:46:33:f6:33:10:1c:c0:
                    a1:1e:39:d3:aa:97:e8:4d:78:9b:bb:4c:93:72:95:
                    2a:7a:92:7a:da:73:57:44:46:c0:b3:86:d5:0c:7d:
                    35:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:0A:5A:D0:F8:C0:16:A3:58:61:0A:77:C1:E8:80:47:72:DB:B9:C9
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/BQpa0PjAFqNYYQp3weiAR3Lbuck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e340::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:82:76:26:47:d4:b1:94:9c:9e:5e:8a:ae:5a:a6:b1:54:11:
         ae:e5:3f:92:86:58:75:34:36:d1:13:ed:9a:0d:35:23:7a:0b:
         03:18:5f:15:10:f4:56:b4:15:40:a5:c4:68:e0:ee:74:08:15:
         3f:20:2d:67:89:df:f1:8b:dc:8c:ab:04:66:d5:10:9a:22:a4:
         65:11:98:67:c2:50:36:3a:bd:d9:13:7e:e4:5a:c2:a7:1b:13:
         2c:51:72:c8:64:4b:87:8b:87:bb:a6:f9:54:e6:49:ca:16:90:
         a4:49:a8:c2:b6:e9:1a:e5:da:a6:12:52:14:4b:99:e7:61:fb:
         59:80:41:42:ab:04:80:66:95:62:9b:35:ab:45:7b:a6:c2:e3:
         b5:07:77:96:87:24:44:fa:71:35:e3:5f:09:3f:ee:fd:f0:16:
         e2:0a:b7:87:13:6f:3c:8d:ce:cc:12:f2:d6:7c:c3:3f:fe:a5:
         66:10:fa:ef:43:e4:ca:14:1d:63:b8:c6:5e:99:0c:af:9d:77:
         10:57:b0:5d:4b:e7:e0:bc:29:c7:e4:2d:fd:d6:37:d0:a1:a6:
         60:67:51:af:3f:49:71:93:73:ac:f0:4e:bd:80:98:de:4c:31:
         eb:55:8f:4f:2b:88:ef:b8:a8:7e:5a:2e:70:ca:dc:ab:a7:4a:
         42:88:2e:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb6wFA17mHD/bIcJ26cvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTBhNWFkMGY4YzAxNmEzNTg2MTBhNzdjMWU4ODA0NzcyZGJiOWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDEi0Ir2izDStgtDcXTcLerJYUwt
CORBSYkyvmr+GPhbLA4nShOP3HFMW3DckTaRF+p7MKP5ru1tAMVncx6GqG+MTh3S
jKRONvrTds3efNxO+U2IlHy94+1fCie/0vC0wfnRtiCDsKxeR5bSRU8Tny6PNLl+
ZK/LJB1ACfarBYDhFzotI4lqQUrS9z0uR0ZwsBPQCJQLB2EcbLRxAzUUUYuQtfd2
BNt3g7RME4A06D2bI6RxZc5i1322nrW8qijaJx0kW+L/D4K42Lt4bF0bfOw+5AmU
rmKcQUYz9jMQHMChHjnTqpfoTXibu0yTcpUqepJ62nNXREbAs4bVDH01RQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAUKWtD4wBajWGEKd8HogEdy27nJMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvQlFwYTBQakFGcU5ZWVFwM3dlaUFSM0xidWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgfjQDAN
BgkqhkiG9w0BAQsFAAOCAQEAjoJ2JkfUsZScnl6KrlqmsVQRruU/koZYdTQ20RPt
mg01I3oLAxhfFRD0VrQVQKXEaODudAgVPyAtZ4nf8YvcjKsEZtUQmiKkZRGYZ8JQ
Njq92RN+5FrCpxsTLFFyyGRLh4uHu6b5VOZJyhaQpEmowrbpGuXaphJSFEuZ52H7
WYBBQqsEgGaVYps1q0V7psLjtQd3lockRPpxNeNfCT/u/fAW4gq3hxNvPI3OzBLy
1nzDP/6lZhD670PkyhQdY7jGXpkMr513EFewXUvn4Lwpx+Qt/dY30KGmYGdRrz9J
cZNzrPBOvYCY3kwx61WPTyuI77iofloucMrcq6dKQoguMg==
-----END CERTIFICATE-----