Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/kvXrUyeBQi_5Duxjgp6-Ld2-A04.roa
File:                     kvXrUyeBQi_5Duxjgp6-Ld2-A04.roa (raw, json)
Hash identifier:          glGX1DcdIMwDvGOnafHtJAAh4snkHR3QKJd7pP+0ois=
Subject key identifier:   92:F5:EB:53:27:81:42:2F:F9:0E:EC:63:82:9E:BE:2D:DD:BE:03:4E
Certificate issuer:       /CN=884bf80e72f50f09bf563493ebdb11a34bba312d
Certificate serial:       018CC50030E31A42F248D394FE67515242C4
Authority key identifier: 88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/kvXrUyeBQi_5Duxjgp6-Ld2-A04.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209112
IP address blocks:        2a0e:1200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:30:e3:1a:42:f2:48:d3:94:fe:67:51:52:42:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=884bf80e72f50f09bf563493ebdb11a34bba312d
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92f5eb532781422ff90eec63829ebe2dddbe034e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ef:d1:ac:b4:17:6f:c7:75:ac:d0:bd:de:8b:
                    d9:28:ee:43:df:8f:6b:19:57:42:62:54:45:1b:a1:
                    52:cd:f4:75:b0:19:a1:c4:fc:42:ef:b0:85:17:27:
                    66:ab:6a:f4:ae:1b:af:bc:37:ce:4d:90:8a:cd:ad:
                    e6:5a:80:2c:58:0a:4b:77:28:21:10:ae:c9:cb:6e:
                    57:11:ea:2f:e1:b4:94:d2:56:37:8b:d6:8d:dd:47:
                    82:67:3c:f3:f5:55:7a:61:81:d5:17:68:f2:ad:ea:
                    2e:86:ef:14:f6:6e:87:73:72:60:80:a6:f8:a3:e1:
                    6e:d3:89:65:55:14:f1:22:0c:11:d7:f4:d3:b3:f1:
                    86:a5:ba:ce:aa:12:f9:2a:e6:8e:c7:05:0e:3a:71:
                    f2:ae:18:43:21:eb:44:97:fd:17:84:10:42:3b:55:
                    97:92:b6:be:ef:be:69:96:5c:45:c3:f4:85:a1:53:
                    49:5f:89:42:be:b5:ed:d4:1b:16:30:3e:82:5f:ed:
                    70:ba:24:45:60:01:ad:bd:53:70:51:de:e8:94:8d:
                    03:78:bb:4d:71:67:c2:8e:16:65:1b:98:ca:da:a3:
                    f6:b1:e0:cb:f7:9b:bc:3f:c2:1b:fb:5a:29:6a:ed:
                    20:57:04:a3:4b:09:76:ab:a1:dd:31:2b:47:0e:44:
                    14:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F5:EB:53:27:81:42:2F:F9:0E:EC:63:82:9E:BE:2D:DD:BE:03:4E
            X509v3 Authority Key Identifier:
                keyid:88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/kvXrUyeBQi_5Duxjgp6-Ld2-A04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1200::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:04:7a:a4:eb:d3:63:b8:93:54:5c:32:85:06:38:ee:30:c9:
         1d:6d:fb:f9:d8:f1:c2:ab:cd:b0:b1:1e:e7:13:09:19:86:be:
         95:ac:1c:9b:aa:e7:b9:bd:79:e8:88:07:f8:28:b4:c7:74:c7:
         a3:69:ae:91:29:18:80:62:69:52:66:fc:df:70:84:d2:ce:c5:
         3f:37:73:12:e4:15:f6:34:e2:32:f1:0a:d3:20:20:7c:f4:a7:
         b7:57:81:55:de:62:79:c5:c8:59:9e:77:7a:62:b6:e3:7f:91:
         48:cb:d8:48:4e:67:02:ae:63:36:55:2b:8e:42:3d:f2:df:41:
         e9:77:3c:27:5b:1f:4b:0d:ee:68:0b:bf:09:32:53:11:dd:09:
         3c:18:67:4d:b5:f2:02:61:89:6f:0d:ba:bb:fe:91:7c:cf:61:
         58:e3:76:40:74:17:1f:39:06:c8:52:bf:e6:ba:3e:c1:da:33:
         d6:5a:19:93:ce:da:3d:42:c8:a2:3b:5e:9d:d7:0c:bb:26:31:
         6a:3d:52:7e:ca:2a:72:83:dc:a8:b1:6e:07:a9:1f:a7:dc:9f:
         9d:5f:ab:3d:83:5c:48:97:05:2b:25:a7:b4:51:d2:69:9b:24:
         a2:10:3f:8b:3f:be:e1:18:d1:2e:48:10:cc:8d:6a:83:9e:44:
         98:df:3e:d2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFADDjGkLySNOU/mdRUkLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NGJmODBlNzJmNTBmMDliZjU2MzQ5M2ViZGIxMWEzNGJi
YTMxMmQwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmY1ZWI1MzI3ODE0MjJmZjkwZWVjNjM4MjllYmUyZGRkYmUwMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+/RrLQXb8d1rNC93ovZKO5D349r
GVdCYlRFG6FSzfR1sBmhxPxC77CFFydmq2r0rhuvvDfOTZCKza3mWoAsWApLdygh
EK7Jy25XEeov4bSU0lY3i9aN3UeCZzzz9VV6YYHVF2jyreouhu8U9m6Hc3JggKb4
o+Fu04llVRTxIgwR1/TTs/GGpbrOqhL5KuaOxwUOOnHyrhhDIetEl/0XhBBCO1WX
kra+775pllxFw/SFoVNJX4lCvrXt1BsWMD6CX+1wuiRFYAGtvVNwUd7olI0DeLtN
cWfCjhZlG5jK2qP2seDL95u8P8Ib+1opau0gVwSjSwl2q6HdMStHDkQUFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJL161MngUIv+Q7sY4Kevi3dvgNOMB8GA1UdIwQY
MBaAFIhL+A5y9Q8Jv1Y0k+vbEaNLujEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGIt
MzZmOTg0N2FjMzViLzEva3ZYclV5ZUJRaV81RHV4amdwNi1MZDItQTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGItMzZmOTg0N2FjMzVi
LzEvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg4SADAN
BgkqhkiG9w0BAQsFAAOCAQEAAQR6pOvTY7iTVFwyhQY47jDJHW37+djxwqvNsLEe
5xMJGYa+lawcm6rnub156IgH+Ci0x3THo2mukSkYgGJpUmb833CE0s7FPzdzEuQV
9jTiMvEK0yAgfPSnt1eBVd5iecXIWZ53emK243+RSMvYSE5nAq5jNlUrjkI98t9B
6Xc8J1sfSw3uaAu/CTJTEd0JPBhnTbXyAmGJbw26u/6RfM9hWON2QHQXHzkGyFK/
5ro+wdoz1loZk87aPULIojtendcMuyYxaj1SfsoqcoPcqLFuB6kfp9yfnV+rPYNc
SJcFKyWntFHSaZskohA/iz++4RjRLkgQzI1qg55EmN8+0g==
-----END CERTIFICATE-----