Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/iuFcG4JvU-XtjLsxFcqrE4sc6Yc.roa
File:                     iuFcG4JvU-XtjLsxFcqrE4sc6Yc.roa (raw, json)
Hash identifier:          r5TXlu/5hPxZs4KawFLqQ+QOy8ZxkMOOq5NRdFtzfBQ=
Subject key identifier:   8A:E1:5C:1B:82:6F:53:E5:ED:8C:BB:31:15:CA:AB:13:8B:1C:E9:87
Certificate issuer:       /CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
Certificate serial:       018CC9BCDB38720DF6E8044CBFE732B2F964
Authority key identifier: AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/iuFcG4JvU-XtjLsxFcqrE4sc6Yc.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50022
IP address blocks:        2a05:7401:4000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:db:38:72:0d:f6:e8:04:4c:bf:e7:32:b2:f9:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ae15c1b826f53e5ed8cbb3115caab138b1ce987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:02:57:26:25:e0:45:6d:13:e0:24:64:ce:db:
                    f6:d2:c4:26:b5:f2:0b:6a:c3:9c:02:83:4c:e4:ba:
                    e7:77:c6:78:eb:5b:f1:af:04:e5:f6:02:59:71:eb:
                    ad:0e:ce:d1:0c:85:ca:b5:5b:bf:c4:38:b6:b1:07:
                    ee:c1:ad:67:7d:eb:cd:1b:41:6c:c4:5a:52:71:e2:
                    9d:89:93:96:1e:35:86:28:2a:a7:61:96:7e:a8:aa:
                    46:da:57:67:07:7f:35:37:49:f6:27:1e:b9:f2:c2:
                    41:44:4c:65:02:02:02:63:ab:bd:ac:0e:a4:24:08:
                    88:c0:55:ba:46:05:67:31:81:58:1a:75:96:73:59:
                    ab:8b:24:1f:18:f9:de:b0:62:75:c2:05:b8:4b:b7:
                    3f:da:15:b1:b9:f0:18:fe:9d:9c:fb:08:91:01:ec:
                    da:74:29:2d:3f:62:d1:71:1d:32:0a:85:0f:80:04:
                    64:88:91:89:b8:8e:b1:73:86:d4:3d:b3:ae:af:94:
                    9c:b4:c0:53:24:d4:83:64:8e:62:89:24:1c:2c:62:
                    ca:57:46:35:07:74:67:9d:44:e3:f6:2a:41:ee:8d:
                    64:a2:1d:4f:25:89:e1:2e:16:02:73:f9:be:b7:3c:
                    3c:67:46:88:6e:f5:01:4b:44:14:f8:f8:36:64:e9:
                    a8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E1:5C:1B:82:6F:53:E5:ED:8C:BB:31:15:CA:AB:13:8B:1C:E9:87
            X509v3 Authority Key Identifier:
                keyid:AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/iuFcG4JvU-XtjLsxFcqrE4sc6Yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:7401:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         c0:99:00:01:07:5d:e5:9f:ce:b3:13:86:a0:6f:f7:f2:1c:b4:
         1a:14:41:90:24:e1:a5:45:c8:93:d9:2c:e2:98:9a:9d:7b:d7:
         bc:d9:e6:2f:db:b6:2b:e4:17:53:e6:f6:33:73:4e:09:5b:37:
         38:d2:47:b5:20:20:54:d8:fa:99:73:bf:84:81:0a:1c:8f:45:
         c7:8d:18:c5:3d:18:e3:2f:f1:0e:de:38:44:ac:20:19:8f:a4:
         2c:13:10:3b:59:23:d5:e7:25:6a:4c:5d:77:71:c2:3e:81:64:
         77:d0:8f:c5:21:44:e9:50:6f:2f:6d:b6:f5:cd:40:9e:48:06:
         03:d6:93:cc:cb:76:3c:ca:83:c6:52:7c:a7:24:74:01:59:2b:
         f2:a9:98:bc:55:a2:ca:6c:e4:99:b3:08:a7:7f:3f:6c:34:d4:
         22:52:a2:9c:9f:05:30:0c:15:7b:01:ea:eb:aa:1d:4c:89:45:
         d2:c9:06:fd:08:c5:ec:bb:35:cf:d2:66:42:3f:d7:e0:95:a9:
         e9:f5:72:f9:93:69:c3:d3:3d:dd:8b:8b:b6:e8:9f:da:ae:b8:
         63:4c:64:86:5f:d1:76:c9:9a:81:2f:45:c6:a7:9f:a0:f1:0d:
         d0:0d:60:a0:5c:2e:60:38:6b:10:69:d5:2e:51:57:30:89:6c:
         5a:97:71:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNs4cg326ARMv+cysvlkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2Y3NDdkZjVmMjQzNTMxNTRkYzRkNGJmNzBkMmRkY2I1
M2U5MDAwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUxNWMxYjgyNmY1M2U1ZWQ4Y2JiMzExNWNhYWIxMzhiMWNlOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwJXJiXgRW0T4CRkztv20sQmtfIL
asOcAoNM5Lrnd8Z461vxrwTl9gJZceutDs7RDIXKtVu/xDi2sQfuwa1nfevNG0Fs
xFpSceKdiZOWHjWGKCqnYZZ+qKpG2ldnB381N0n2Jx658sJBRExlAgICY6u9rA6k
JAiIwFW6RgVnMYFYGnWWc1mriyQfGPnesGJ1wgW4S7c/2hWxufAY/p2c+wiRAeza
dCktP2LRcR0yCoUPgARkiJGJuI6xc4bUPbOur5SctMBTJNSDZI5iiSQcLGLKV0Y1
B3RnnUTj9ipB7o1koh1PJYnhLhYCc/m+tzw8Z0aIbvUBS0QU+Pg2ZOmo9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIrhXBuCb1Pl7Yy7MRXKqxOLHOmHMB8GA1UdIwQY
MBaAFK5/dH318kNTFU3E1L9w0t3LU+kAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2Et
YzZmMWU2YWM5YmE5LzEvaXVGY0c0SnZVLVh0akxzeEZjcXJFNHNjNlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2EtYzZmMWU2YWM5YmE5
LzEvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgV0AUAw
DQYJKoZIhvcNAQELBQADggEBAMCZAAEHXeWfzrMThqBv9/IctBoUQZAk4aVFyJPZ
LOKYmp1717zZ5i/btivkF1Pm9jNzTglbNzjSR7UgIFTY+plzv4SBChyPRceNGMU9
GOMv8Q7eOESsIBmPpCwTEDtZI9XnJWpMXXdxwj6BZHfQj8UhROlQby9ttvXNQJ5I
BgPWk8zLdjzKg8ZSfKckdAFZK/KpmLxVosps5JmzCKd/P2w01CJSopyfBTAMFXsB
6uuqHUyJRdLJBv0Ixey7Nc/SZkI/1+CVqen1cvmTacPTPd2Li7bon9quuGNMZIZf
0XbJmoEvRcann6DxDdANYKBcLmA4axBp1S5RVzCJbFqXcQQ=
-----END CERTIFICATE-----