Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/n8Qy3rSGsjWQ4cHYZ_4wxrVj_7o.roa
File:                     n8Qy3rSGsjWQ4cHYZ_4wxrVj_7o.roa (raw, json)
Hash identifier:          ZvAFqxTMxvnSTbkPJu+0clrkrEyN0rVBihqjZ+ZH0is=
Subject key identifier:   9F:C4:32:DE:B4:86:B2:35:90:E1:C1:D8:67:FE:30:C6:B5:63:FF:BA
Certificate issuer:       /CN=93503061e1ae503ec63d970b30875dd93ffabbdf
Certificate serial:       018CC348AAE6C28BBB5470F69A68DB01D608
Authority key identifier: 93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/n8Qy3rSGsjWQ4cHYZ_4wxrVj_7o.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a01:bb22:8000::/33 maxlen: 33
                          2a01:bb22::/33 maxlen: 33
                          2a01:bb20::/29 maxlen: 29
                          2a01:bb24::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:e6:c2:8b:bb:54:70:f6:9a:68:db:01:d6:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93503061e1ae503ec63d970b30875dd93ffabbdf
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fc432deb486b23590e1c1d867fe30c6b563ffba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:37:a2:7e:af:e8:9a:62:2b:dd:f0:97:d1:f4:
                    d7:b3:68:8b:1e:d0:9e:f8:23:4c:64:80:8c:08:be:
                    ad:30:c6:0a:e7:4b:f8:9c:48:54:ba:3a:4a:70:a3:
                    df:53:a6:eb:eb:9c:92:a3:67:ff:20:9b:bf:e8:cf:
                    8f:f0:29:49:22:ca:d5:15:2f:2b:c2:cf:74:61:42:
                    1c:57:82:aa:ea:de:79:42:65:55:9c:26:7e:22:b9:
                    7b:48:6b:0d:ca:ed:eb:5e:a3:4e:b1:74:53:80:f6:
                    6b:b3:93:01:1a:0b:a7:14:58:8b:40:de:83:e4:64:
                    4b:0d:14:0c:aa:85:7a:09:c2:0e:f5:4d:9c:b8:7f:
                    e5:37:c9:7d:8f:06:b2:29:25:11:af:ed:a3:34:64:
                    c2:f0:30:86:d8:ef:93:cc:db:20:c4:9d:93:8a:f0:
                    44:c9:9e:fb:85:d2:65:53:e1:e1:8e:29:33:09:ac:
                    02:f3:42:ec:ed:ee:42:97:62:11:fd:32:98:5a:fb:
                    4d:27:dc:5a:7e:11:c4:1d:b7:f9:02:d4:c3:91:bc:
                    81:ac:9b:e6:e8:40:13:82:d8:67:73:16:13:e6:7c:
                    ba:5d:f2:cf:e5:ff:e0:2b:65:21:96:b4:bb:f0:33:
                    f6:04:28:69:92:fb:c1:84:fc:b1:f4:34:ca:03:9e:
                    1a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:C4:32:DE:B4:86:B2:35:90:E1:C1:D8:67:FE:30:C6:B5:63:FF:BA
            X509v3 Authority Key Identifier:
                keyid:93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/n8Qy3rSGsjWQ4cHYZ_4wxrVj_7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:bb20::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:85:b3:ee:b5:82:dd:47:7d:c3:50:7d:c9:f8:4c:98:0e:03:
         eb:d1:16:e2:33:c3:7a:64:20:89:38:61:c7:ec:28:f5:bd:06:
         d4:c4:2d:80:aa:0a:99:57:30:b4:23:ad:87:c6:1d:4d:fa:39:
         42:9d:d0:ab:af:f6:e6:64:2b:25:9e:6f:a2:c2:10:67:67:52:
         b5:0f:0d:5b:c8:20:7e:fe:04:72:b0:10:03:79:6d:85:a5:46:
         45:f5:ea:c4:7e:d4:1e:e9:04:a9:ee:e0:56:bf:98:fd:6a:94:
         23:43:98:16:b6:50:4b:70:e7:a2:0d:5d:35:bd:36:fb:a1:35:
         45:65:ee:e5:c6:60:2c:41:ba:b2:ca:98:00:77:14:09:56:94:
         fa:9c:a7:65:db:d3:ad:15:38:c7:c3:04:96:64:1e:14:1a:96:
         1b:e4:95:b3:ee:e7:67:86:2d:b5:a0:9d:da:c5:af:f9:18:60:
         57:8a:b3:d5:57:21:1c:6b:64:57:87:b8:df:8c:53:2d:cb:52:
         eb:f6:ea:d3:00:67:34:4e:fb:14:68:9c:14:ab:f1:a1:be:83:
         ad:ef:4b:8e:6d:d5:e7:41:64:4c:80:66:06:c2:34:42:22:b5:
         48:16:8c:fa:2a:c3:1d:90:7f:dc:bd:27:4e:5f:bf:46:c5:06:
         2b:db:c9:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSKrmwou7VHD2mmjbAdYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNTAzMDYxZTFhZTUwM2VjNjNkOTcwYjMwODc1ZGQ5M2Zm
YWJiZGYwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmM0MzJkZWI0ODZiMjM1OTBlMWMxZDg2N2ZlMzBjNmI1NjNmZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTeifq/ommIr3fCX0fTXs2iLHtCe
+CNMZICMCL6tMMYK50v4nEhUujpKcKPfU6br65ySo2f/IJu/6M+P8ClJIsrVFS8r
ws90YUIcV4Kq6t55QmVVnCZ+Irl7SGsNyu3rXqNOsXRTgPZrs5MBGgunFFiLQN6D
5GRLDRQMqoV6CcIO9U2cuH/lN8l9jwayKSURr+2jNGTC8DCG2O+TzNsgxJ2TivBE
yZ77hdJlU+HhjikzCawC80Ls7e5Cl2IR/TKYWvtNJ9xafhHEHbf5AtTDkbyBrJvm
6EATgthncxYT5ny6XfLP5f/gK2UhlrS78DP2BChpkvvBhPyx9DTKA54a+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ/EMt60hrI1kOHB2Gf+MMa1Y/+6MB8GA1UdIwQY
MBaAFJNQMGHhrlA+xj2XCzCHXdk/+rvfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEt
YzYyM2VkOGYyZjI4LzEvbjhReTNyU0dzaldRNGNIWVpfNHd4clZqXzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEtYzYyM2VkOGYyZjI4
LzEvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgG7IDAN
BgkqhkiG9w0BAQsFAAOCAQEAt4Wz7rWC3Ud9w1B9yfhMmA4D69EW4jPDemQgiThh
x+wo9b0G1MQtgKoKmVcwtCOth8YdTfo5Qp3Qq6/25mQrJZ5vosIQZ2dStQ8NW8gg
fv4EcrAQA3lthaVGRfXqxH7UHukEqe7gVr+Y/WqUI0OYFrZQS3Dnog1dNb02+6E1
RWXu5cZgLEG6ssqYAHcUCVaU+pynZdvTrRU4x8MElmQeFBqWG+SVs+7nZ4YttaCd
2sWv+RhgV4qz1VchHGtkV4e434xTLctS6/bq0wBnNE77FGicFKvxob6Dre9Ljm3V
50FkTIBmBsI0QiK1SBaM+irDHZB/3L0nTl+/RsUGK9vJag==
-----END CERTIFICATE-----