Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/4KbWw4x1Arzs82KzeDm2lwld_R8.roa
File:                     4KbWw4x1Arzs82KzeDm2lwld_R8.roa (raw, json)
Hash identifier:          A0qCuhILp4/kKObfB2e2xq3UPDqX6pQzUSpSl9qnzns=
Subject key identifier:   E0:A6:D6:C3:8C:75:02:BC:EC:F3:62:B3:78:39:B6:97:09:5D:FD:1F
Certificate issuer:       /CN=884bf80e72f50f09bf563493ebdb11a34bba312d
Certificate serial:       018CC5003059604205DC18077BE44A133582
Authority key identifier: 88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/4KbWw4x1Arzs82KzeDm2lwld_R8.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207954
IP address blocks:        2a0f:24c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:30:59:60:42:05:dc:18:07:7b:e4:4a:13:35:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=884bf80e72f50f09bf563493ebdb11a34bba312d
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0a6d6c38c7502bcecf362b37839b697095dfd1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d0:3f:55:6f:e2:d9:a8:ba:0d:ff:cd:12:44:
                    70:59:50:76:87:b5:8b:03:a8:fc:75:a1:db:b0:d8:
                    d5:0f:cb:1f:cf:a3:e9:3f:da:f9:bb:a2:5a:2e:e4:
                    3f:19:ec:9a:fe:eb:8f:2d:0e:c6:18:bc:36:2f:ab:
                    03:7f:da:bf:bd:2b:8d:06:d5:34:aa:55:7e:9d:ad:
                    fa:86:d9:aa:45:5c:31:6b:da:17:65:66:ef:15:6e:
                    5b:55:fb:0f:a1:29:6f:81:39:db:04:78:3a:bd:4a:
                    85:c5:74:aa:9b:30:ed:7d:ee:21:ba:b0:88:a5:f3:
                    9d:7f:e0:5f:e9:55:79:59:5f:a2:55:2e:52:ec:5e:
                    1e:73:91:99:ac:84:2b:f8:54:9a:7a:72:61:08:64:
                    6e:66:42:ae:f1:ac:dd:2c:b0:40:ae:d1:e9:7e:63:
                    09:d5:c5:4b:28:67:70:61:7d:6d:67:ce:64:c5:80:
                    7f:d6:13:ee:9d:34:e8:87:81:90:4a:88:8e:79:44:
                    98:32:13:2a:a8:39:65:ad:cb:e5:82:e3:43:27:d3:
                    73:ba:1b:8a:8d:6d:e1:6d:da:3c:2c:2b:78:87:58:
                    f1:ff:ff:76:cd:cf:9b:c7:67:6b:49:fc:21:1b:12:
                    42:a5:4a:fc:69:84:cf:d5:00:44:49:06:08:72:d4:
                    19:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A6:D6:C3:8C:75:02:BC:EC:F3:62:B3:78:39:B6:97:09:5D:FD:1F
            X509v3 Authority Key Identifier:
                keyid:88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/4KbWw4x1Arzs82KzeDm2lwld_R8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:24c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:fe:0e:eb:49:11:17:59:a2:29:5d:5f:2f:8c:98:b1:64:c3:
         d4:b2:ad:e3:03:e6:0a:a7:e0:42:97:9a:6e:d7:b5:37:a9:4e:
         ae:9e:f3:39:47:e7:0a:56:2e:b5:fd:bd:cf:1a:98:69:53:ef:
         c0:fa:16:eb:f7:92:7e:05:f1:1c:32:5b:51:e6:a7:be:cf:a6:
         c5:50:90:10:b1:90:26:53:85:a2:0a:95:0e:e8:4a:70:67:94:
         c5:0f:c2:07:fb:d0:0f:53:c2:65:44:8c:f8:d2:f0:e7:25:43:
         0d:c5:02:b0:6e:ad:dc:8c:8a:56:15:15:41:56:ad:63:52:ad:
         5a:1d:71:bc:82:45:b1:fa:c1:ce:c1:8c:55:a9:01:bf:28:ce:
         a8:90:7b:19:dd:ec:87:de:ee:14:88:9c:80:40:d4:b7:2a:eb:
         a0:1e:a4:65:f3:70:58:49:f9:8e:c9:f3:14:a6:c5:da:e9:a7:
         bc:42:2a:a6:9d:74:ed:a2:e8:3b:62:c7:d9:0e:46:4d:1e:86:
         24:6a:cc:10:a9:84:cd:c4:eb:db:c7:e4:58:1e:ff:17:33:8e:
         81:f9:a5:c3:2b:31:50:5d:b4:21:c0:c1:c6:2b:cf:64:d6:9c:
         dc:f0:82:4f:69:9c:65:1f:aa:bf:d1:ef:19:22:0c:b6:c8:ba:
         41:d3:ef:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFADBZYEIF3BgHe+RKEzWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NGJmODBlNzJmNTBmMDliZjU2MzQ5M2ViZGIxMWEzNGJi
YTMxMmQwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGE2ZDZjMzhjNzUwMmJjZWNmMzYyYjM3ODM5YjY5NzA5NWRmZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldA/VW/i2ai6Df/NEkRwWVB2h7WL
A6j8daHbsNjVD8sfz6PpP9r5u6JaLuQ/Geya/uuPLQ7GGLw2L6sDf9q/vSuNBtU0
qlV+na36htmqRVwxa9oXZWbvFW5bVfsPoSlvgTnbBHg6vUqFxXSqmzDtfe4hurCI
pfOdf+Bf6VV5WV+iVS5S7F4ec5GZrIQr+FSaenJhCGRuZkKu8azdLLBArtHpfmMJ
1cVLKGdwYX1tZ85kxYB/1hPunTToh4GQSoiOeUSYMhMqqDllrcvlguNDJ9NzuhuK
jW3hbdo8LCt4h1jx//92zc+bx2drSfwhGxJCpUr8aYTP1QBESQYIctQZ3QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOCm1sOMdQK87PNis3g5tpcJXf0fMB8GA1UdIwQY
MBaAFIhL+A5y9Q8Jv1Y0k+vbEaNLujEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGIt
MzZmOTg0N2FjMzViLzEvNEtiV3c0eDFBcnpzODJLemVEbTJsd2xkX1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGItMzZmOTg0N2FjMzVi
LzEvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8kwDAN
BgkqhkiG9w0BAQsFAAOCAQEAe/4O60kRF1miKV1fL4yYsWTD1LKt4wPmCqfgQpea
bte1N6lOrp7zOUfnClYutf29zxqYaVPvwPoW6/eSfgXxHDJbUeanvs+mxVCQELGQ
JlOFogqVDuhKcGeUxQ/CB/vQD1PCZUSM+NLw5yVDDcUCsG6t3IyKVhUVQVatY1Kt
Wh1xvIJFsfrBzsGMVakBvyjOqJB7Gd3sh97uFIicgEDUtyrroB6kZfNwWEn5jsnz
FKbF2umnvEIqpp107aLoO2LH2Q5GTR6GJGrMEKmEzcTr28fkWB7/FzOOgfmlwysx
UF20IcDBxivPZNac3PCCT2mcZR+qv9HvGSIMtsi6QdPv1Q==
-----END CERTIFICATE-----