Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iE_uhKoiA6vnfTpqREnaU8cllXU.roa
File:                     iE_uhKoiA6vnfTpqREnaU8cllXU.roa (raw, json)
Hash identifier:          3LR98TDZt8IanKP73NZOSJNm4YF/S6m5hE4x9loM6Ho=
Subject key identifier:   88:4F:EE:84:AA:22:03:AB:E7:7D:3A:6A:44:49:DA:53:C7:25:95:75
Certificate issuer:       /CN=884bf80e72f50f09bf563493ebdb11a34bba312d
Certificate serial:       018CC500313D1115239035E3D1AA137515D2
Authority key identifier: 88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iE_uhKoiA6vnfTpqREnaU8cllXU.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209289
IP address blocks:        2a09:aac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:31:3d:11:15:23:90:35:e3:d1:aa:13:75:15:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=884bf80e72f50f09bf563493ebdb11a34bba312d
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=884fee84aa2203abe77d3a6a4449da53c7259575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:f0:f8:37:17:45:01:98:e6:02:77:29:37:
                    18:12:89:ec:c1:70:58:ee:c2:ca:62:0c:1b:9e:c6:
                    5a:ca:8d:e2:f3:93:fb:66:e1:2d:fe:37:43:09:a7:
                    1d:6f:65:1d:b9:50:1f:36:00:a3:2b:24:12:6c:14:
                    c2:cc:88:e9:70:91:9a:fc:13:aa:11:88:a5:da:ce:
                    71:85:4e:eb:20:31:fb:ed:b4:4b:de:fd:63:33:78:
                    c4:50:8d:14:5b:2a:c2:cb:69:bf:c7:db:c2:1b:32:
                    c3:f2:c0:55:d9:70:88:5c:0e:12:de:16:4b:0a:86:
                    3d:c3:c3:f2:8a:45:9c:96:ef:1f:53:22:c6:91:ab:
                    0f:23:bb:8b:38:b3:8d:fa:f4:d6:e3:0a:00:b4:fa:
                    27:63:de:f0:78:99:a0:c0:dc:57:cc:8c:84:c3:2f:
                    fb:50:6f:e8:72:c3:f0:08:53:69:ba:76:d0:a6:cb:
                    ec:ae:e1:41:31:67:bc:bc:d0:a2:22:75:76:64:16:
                    ac:28:69:20:83:53:55:87:1c:b1:49:e3:b4:db:56:
                    96:cf:a6:6d:1a:b3:f2:25:41:7b:5e:96:0a:80:83:
                    e1:b2:56:36:f3:1d:05:19:55:89:e7:d0:2e:8c:49:
                    3b:f2:f8:7a:cc:53:50:0b:02:71:2f:cc:af:67:0b:
                    22:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4F:EE:84:AA:22:03:AB:E7:7D:3A:6A:44:49:DA:53:C7:25:95:75
            X509v3 Authority Key Identifier:
                keyid:88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iE_uhKoiA6vnfTpqREnaU8cllXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:aac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:61:ba:78:0f:ca:4a:0e:81:f1:08:d2:50:89:d1:f3:fa:ae:
         9a:7f:90:e5:55:db:e0:9f:64:54:85:c1:f1:8c:2b:ce:f5:bb:
         b6:b6:a5:b6:dd:0e:73:1c:16:2a:24:34:40:8d:6b:53:51:ad:
         dd:38:00:37:2d:67:91:96:50:b7:c3:68:de:6f:42:4f:ad:e2:
         ee:1a:9a:b3:85:cb:18:86:88:eb:6b:12:c5:fd:50:6d:02:1f:
         60:40:9b:39:fe:4d:26:ba:7a:ec:41:5d:4e:0c:66:0b:80:2b:
         0a:a0:72:9c:86:02:30:c9:b9:f7:07:9d:73:d4:01:09:5c:7f:
         0c:59:7e:75:3b:4b:67:28:87:bc:7d:a6:64:ce:ef:95:a0:77:
         c0:d7:07:13:33:5c:91:7c:28:99:2e:a7:10:2e:93:dc:6d:32:
         4f:3d:14:1b:41:e9:fa:ae:e2:f9:89:be:ea:78:b9:08:6e:3b:
         b7:cb:a9:b4:ad:f1:cf:cd:92:a7:1f:fc:ba:ab:f6:dd:22:22:
         bd:66:ab:a4:06:f9:55:80:c7:38:b9:47:f2:96:f1:ef:56:93:
         75:fa:bd:14:22:fa:e9:37:ce:64:d0:44:d2:cf:62:1a:27:12:
         e1:15:5a:71:d6:24:c9:29:98:78:8a:7f:6c:c2:f0:d1:aa:fe:
         f1:ae:a5:a2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFADE9ERUjkDXj0aoTdRXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NGJmODBlNzJmNTBmMDliZjU2MzQ5M2ViZGIxMWEzNGJi
YTMxMmQwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODRmZWU4NGFhMjIwM2FiZTc3ZDNhNmE0NDQ5ZGE1M2M3MjU5NTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW3w+DcXRQGY5gJ3KTcYEonswXBY
7sLKYgwbnsZayo3i85P7ZuEt/jdDCacdb2UduVAfNgCjKyQSbBTCzIjpcJGa/BOq
EYil2s5xhU7rIDH77bRL3v1jM3jEUI0UWyrCy2m/x9vCGzLD8sBV2XCIXA4S3hZL
CoY9w8PyikWclu8fUyLGkasPI7uLOLON+vTW4woAtPonY97weJmgwNxXzIyEwy/7
UG/ocsPwCFNpunbQpsvsruFBMWe8vNCiInV2ZBasKGkgg1NVhxyxSeO021aWz6Zt
GrPyJUF7XpYKgIPhslY28x0FGVWJ59AujEk78vh6zFNQCwJxL8yvZwsiQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIhP7oSqIgOr5306akRJ2lPHJZV1MB8GA1UdIwQY
MBaAFIhL+A5y9Q8Jv1Y0k+vbEaNLujEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGIt
MzZmOTg0N2FjMzViLzEvaUVfdWhLb2lBNnZuZlRwcVJFbmFVOGNsbFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGItMzZmOTg0N2FjMzVi
LzEvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgmqwDAN
BgkqhkiG9w0BAQsFAAOCAQEAlWG6eA/KSg6B8QjSUInR8/qumn+Q5VXb4J9kVIXB
8YwrzvW7traltt0OcxwWKiQ0QI1rU1Gt3TgANy1nkZZQt8No3m9CT63i7hqas4XL
GIaI62sSxf1QbQIfYECbOf5NJrp67EFdTgxmC4ArCqBynIYCMMm59wedc9QBCVx/
DFl+dTtLZyiHvH2mZM7vlaB3wNcHEzNckXwomS6nEC6T3G0yTz0UG0Hp+q7i+Ym+
6ni5CG47t8uptK3xz82Spx/8uqv23SIivWarpAb5VYDHOLlH8pbx71aTdfq9FCL6
6TfOZNBE0s9iGicS4RVacdYkySmYeIp/bMLw0ar+8a6log==
-----END CERTIFICATE-----