Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/xfr82hc4sD_t49R5akc9UUDbz4s.roa
File:                     xfr82hc4sD_t49R5akc9UUDbz4s.roa (raw, json)
Hash identifier:          YabFuS5gcX3bmpEDJEsC/69g39/+A3rAE1T8f5RKiR4=
Subject key identifier:   C5:FA:FC:DA:17:38:B0:3F:ED:E3:D4:79:6A:47:3D:51:40:DB:CF:8B
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA81B196E0D5CDE0FBE876947CD17
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/xfr82hc4sD_t49R5akc9UUDbz4s.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45671
IP address blocks:        2a0f:11c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a8:1b:19:6e:0d:5c:de:0f:be:87:69:47:cd:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5fafcda1738b03fede3d4796a473d5140dbcf8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:65:4a:93:e3:71:41:f8:aa:f0:04:1e:e4:49:
                    9c:8c:7f:c9:d2:8f:5e:e0:40:0a:9d:ed:c0:23:66:
                    3a:87:c5:ef:6c:6a:d2:77:ad:cf:a4:5b:bf:d1:65:
                    1c:39:d5:61:d0:9c:ad:41:39:b8:09:14:48:9b:55:
                    90:6e:d1:50:b1:36:05:c9:5d:dd:f7:b3:b2:dc:f0:
                    43:16:36:75:19:5b:07:de:83:ee:ba:4f:34:e4:da:
                    47:43:b4:4b:71:89:43:38:d4:d5:49:26:5e:92:b4:
                    70:ea:8c:22:b1:48:80:e4:24:5b:2d:e3:0c:73:cb:
                    ba:ef:91:3f:ef:59:63:46:87:bd:b1:3d:3c:0d:ea:
                    05:3f:05:3c:09:23:0a:53:b2:f9:57:5f:3f:df:3f:
                    af:f5:e0:c6:ff:1d:49:19:d8:7f:9d:4d:18:96:a8:
                    a0:5c:88:20:c3:7d:5e:51:a6:9c:2a:0d:3a:1c:f0:
                    91:d9:f5:c1:b5:1d:38:20:66:6f:d4:e3:1f:48:31:
                    aa:0a:3e:e2:06:bd:2f:45:27:a4:66:df:96:60:e7:
                    fe:ed:46:7d:5e:70:01:f6:41:1b:d2:ec:bb:6b:a2:
                    a5:a6:c8:40:9c:e9:c2:b6:b1:22:84:3a:44:f9:fe:
                    65:8a:af:e8:43:75:1f:19:40:38:33:ed:e6:a1:4d:
                    74:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:FA:FC:DA:17:38:B0:3F:ED:E3:D4:79:6A:47:3D:51:40:DB:CF:8B
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/xfr82hc4sD_t49R5akc9UUDbz4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:11c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:37:11:60:88:c8:23:16:f3:62:ea:c2:36:95:b0:9d:b7:32:
         d9:46:ac:2b:12:c6:63:d8:a8:0d:87:36:62:9b:46:7c:09:4b:
         43:53:9c:f8:2f:7d:26:5d:9d:1a:88:54:85:87:e3:a6:05:f7:
         95:f0:30:85:03:8e:52:0f:a6:df:34:68:0c:e4:a3:d4:f1:e5:
         ba:c3:fa:d3:5c:f8:e4:e4:3e:b2:6c:a8:05:ee:9b:86:bb:f0:
         5f:e5:d6:a9:e7:cd:7d:49:80:0e:16:80:2f:2f:60:5b:07:2b:
         65:fb:ae:95:f0:e9:58:3c:b3:b8:86:fb:14:c0:de:be:3c:b1:
         f7:42:c3:9e:4a:93:be:65:c4:93:21:c2:fc:b0:6e:27:eb:cf:
         79:37:6d:08:55:9f:f2:fd:72:63:30:5d:37:bc:f6:b6:47:c9:
         14:0c:0a:a0:c1:c1:ea:f9:c7:49:b9:83:b8:0f:be:b6:0e:cf:
         5a:f0:b9:a4:e0:37:ac:d2:81:7d:4e:a7:47:89:5c:87:0a:b2:
         75:f6:fa:88:b7:85:26:dd:f0:88:0c:cf:a7:c4:f8:bb:83:26:
         0d:e7:fb:61:17:c6:1a:7f:c8:a8:c8:b0:37:e9:d5:8d:85:73:
         1c:6c:34:2d:1b:52:71:62:b8:02:5d:0b:fc:6a:09:96:8a:d7:
         8d:1a:b5:99
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb6gbGW4NXN4PvodpR80XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWZhZmNkYTE3MzhiMDNmZWRlM2Q0Nzk2YTQ3M2Q1MTQwZGJjZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWVKk+NxQfiq8AQe5EmcjH/J0o9e
4EAKne3AI2Y6h8XvbGrSd63PpFu/0WUcOdVh0JytQTm4CRRIm1WQbtFQsTYFyV3d
97Oy3PBDFjZ1GVsH3oPuuk805NpHQ7RLcYlDONTVSSZekrRw6owisUiA5CRbLeMM
c8u675E/71ljRoe9sT08DeoFPwU8CSMKU7L5V18/3z+v9eDG/x1JGdh/nU0Ylqig
XIggw31eUaacKg06HPCR2fXBtR04IGZv1OMfSDGqCj7iBr0vRSekZt+WYOf+7UZ9
XnAB9kEb0uy7a6KlpshAnOnCtrEihDpE+f5liq/oQ3UfGUA4M+3moU10VwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMX6/NoXOLA/7ePUeWpHPVFA28+LMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEveGZyODJoYzRzRF90NDlSNWFrYzlVVURiejRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8RwDAN
BgkqhkiG9w0BAQsFAAOCAQEAajcRYIjIIxbzYurCNpWwnbcy2UasKxLGY9ioDYc2
YptGfAlLQ1Oc+C99Jl2dGohUhYfjpgX3lfAwhQOOUg+m3zRoDOSj1PHlusP601z4
5OQ+smyoBe6bhrvwX+XWqefNfUmADhaALy9gWwcrZfuulfDpWDyzuIb7FMDevjyx
90LDnkqTvmXEkyHC/LBuJ+vPeTdtCFWf8v1yYzBdN7z2tkfJFAwKoMHB6vnHSbmD
uA++tg7PWvC5pOA3rNKBfU6nR4lchwqydfb6iLeFJt3wiAzPp8T4u4MmDef7YRfG
Gn/IqMiwN+nVjYVzHGw0LRtScWK4Al0L/GoJlorXjRq1mQ==
-----END CERTIFICATE-----