Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/tLpl64WEtkgLvWUyq2y2E9-xCmA.roa
File:                     tLpl64WEtkgLvWUyq2y2E9-xCmA.roa (raw, json)
Hash identifier:          LXCOzrU1swN350UaNSN1dVbFOvQyJXlh5KjizlIY0O8=
Subject key identifier:   B4:BA:65:EB:85:84:B6:48:0B:BD:65:32:AB:6C:B6:13:DF:B1:0A:60
Certificate issuer:       /CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
Certificate serial:       018CC4255ACCC98EC17256735C915400BD86
Authority key identifier: D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/tLpl64WEtkgLvWUyq2y2E9-xCmA.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60960
IP address blocks:        2a07:7b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:cc:c9:8e:c1:72:56:73:5c:91:54:00:bd:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9efe9d36f5f88fdf04742c4140c7532090ab770
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4ba65eb8584b6480bbd6532ab6cb613dfb10a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6f:a4:29:80:4c:57:4c:d0:e0:a5:29:04:52:
                    31:44:24:55:a8:b6:5e:32:71:e1:87:10:be:58:27:
                    a0:63:99:e6:98:b3:a7:33:cb:b9:c9:37:9e:db:84:
                    b6:cc:71:98:1d:f7:76:55:fd:e1:83:db:e5:3b:4c:
                    4f:15:f2:fa:70:fa:13:ee:ec:b7:7c:b7:f3:f3:a1:
                    f4:12:86:cd:2e:36:16:cc:47:31:28:ad:2e:0b:e7:
                    73:3b:6b:87:45:45:38:dc:e6:2b:f2:b1:71:2e:96:
                    08:d4:48:0d:23:4b:f0:6f:7f:e5:1e:dc:15:cd:09:
                    37:23:e7:ff:57:cf:ee:ea:2b:8b:6f:ea:73:1e:c8:
                    f8:94:4b:a9:01:b6:0b:e0:e5:3d:f9:5f:91:6f:11:
                    3e:1e:fb:b8:f2:7d:a7:f1:69:9d:e4:82:f4:73:48:
                    40:ed:25:20:cd:a5:4c:c3:80:67:7d:2b:a7:da:9b:
                    c2:dc:2d:9c:dd:74:5d:bd:2f:18:2e:2a:be:06:57:
                    7f:a6:77:45:ce:22:88:be:01:14:fc:8c:4b:fc:a3:
                    96:ec:41:70:60:67:42:7d:d3:fc:e1:2d:c0:55:8b:
                    ec:16:d7:cb:72:d8:d2:e6:33:30:db:24:8d:80:04:
                    c8:1c:74:f3:01:4e:20:a0:26:8d:fc:03:4f:07:84:
                    1e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BA:65:EB:85:84:B6:48:0B:BD:65:32:AB:6C:B6:13:DF:B1:0A:60
            X509v3 Authority Key Identifier:
                keyid:D9:EF:E9:D3:6F:5F:88:FD:F0:47:42:C4:14:0C:75:32:09:0A:B7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e_p029fiP3wR0LEFAx1MgkKt3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/tLpl64WEtkgLvWUyq2y2E9-xCmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/55db34-fc79-4004-95c9-39f6d6425338/1/2e_p029fiP3wR0LEFAx1MgkKt3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:ce:4f:5b:bd:bb:7e:90:f1:2e:6b:13:b7:b7:db:92:fb:bc:
         1a:9a:6e:77:80:20:ab:6a:56:9a:0e:90:4b:8e:0d:61:e9:2b:
         b8:3a:57:5a:27:44:fa:73:8d:02:f6:8a:a3:24:0a:01:95:e1:
         ae:de:59:74:9c:96:c4:27:19:d5:50:67:22:ee:d9:21:be:f6:
         81:af:3f:45:25:4d:70:4c:b2:ec:fd:49:a9:4c:13:21:4a:b7:
         98:0c:aa:c3:fc:10:75:0d:e1:d9:b8:1a:94:21:88:84:83:1a:
         81:1d:8a:a7:76:d1:2f:49:de:cd:dd:7f:fd:fd:40:33:0e:34:
         a4:ac:fc:ca:76:ad:a1:75:d2:29:3a:5b:ec:7f:79:1a:42:30:
         97:c8:4f:b7:06:b1:c1:c5:66:62:6a:bc:9e:23:86:07:26:d8:
         62:05:5c:c5:6e:5b:f9:3d:f9:c5:e7:d9:32:a8:99:e7:6d:29:
         c2:8d:a1:2e:00:18:60:e9:65:51:ba:dd:09:fc:bd:41:1f:21:
         4c:eb:0e:8c:1c:14:a2:bc:72:1a:16:ed:92:30:2e:ec:d8:8c:
         8d:82:a4:fa:a8:8e:e0:98:d3:2b:41:11:bf:8c:9d:10:0c:85:
         af:4c:a6:95:9a:d1:14:01:59:0b:9c:4c:7b:72:de:da:ec:e9:
         81:aa:7f:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJVrMyY7BclZzXJFUAL2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZWZlOWQzNmY1Zjg4ZmRmMDQ3NDJjNDE0MGM3NTMyMDkw
YWI3NzAwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJhNjVlYjg1ODRiNjQ4MGJiZDY1MzJhYjZjYjYxM2RmYjEwYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2+kKYBMV0zQ4KUpBFIxRCRVqLZe
MnHhhxC+WCegY5nmmLOnM8u5yTee24S2zHGYHfd2Vf3hg9vlO0xPFfL6cPoT7uy3
fLfz86H0EobNLjYWzEcxKK0uC+dzO2uHRUU43OYr8rFxLpYI1EgNI0vwb3/lHtwV
zQk3I+f/V8/u6iuLb+pzHsj4lEupAbYL4OU9+V+RbxE+Hvu48n2n8Wmd5IL0c0hA
7SUgzaVMw4BnfSun2pvC3C2c3XRdvS8YLiq+Bld/pndFziKIvgEU/IxL/KOW7EFw
YGdCfdP84S3AVYvsFtfLctjS5jMw2ySNgATIHHTzAU4goCaN/ANPB4QerQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLS6ZeuFhLZIC71lMqtsthPfsQpgMB8GA1UdIwQY
MBaAFNnv6dNvX4j98EdCxBQMdTIJCrdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1Yzkt
MzlmNmQ2NDI1MzM4LzEvdExwbDY0V0V0a2dMdldVeXEyeTJFOS14Q21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NWRiMzQtZmM3OS00MDA0LTk1YzktMzlmNmQ2NDI1MzM4
LzEvMmVfcDAyOWZpUDN3UjBMRUZBeDFNZ2tLdDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgd7ADAN
BgkqhkiG9w0BAQsFAAOCAQEAgc5PW727fpDxLmsTt7fbkvu8Gppud4Agq2pWmg6Q
S44NYekruDpXWidE+nONAvaKoyQKAZXhrt5ZdJyWxCcZ1VBnIu7ZIb72ga8/RSVN
cEyy7P1JqUwTIUq3mAyqw/wQdQ3h2bgalCGIhIMagR2Kp3bRL0nezd1//f1AMw40
pKz8ynatoXXSKTpb7H95GkIwl8hPtwaxwcVmYmq8niOGBybYYgVcxW5b+T35xefZ
MqiZ520pwo2hLgAYYOllUbrdCfy9QR8hTOsOjBwUorxyGhbtkjAu7NiMjYKk+qiO
4JjTK0ERv4ydEAyFr0ymlZrRFAFZC5xMe3Le2uzpgap/2Q==
-----END CERTIFICATE-----