Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/meuwHpSlXu-oVxCb3fmsYhAWIfw.roa
File:                     meuwHpSlXu-oVxCb3fmsYhAWIfw.roa (raw, json)
Hash identifier:          QI0IZ1II2CMs3HfyDrUcPVsejynGcyTCKTFjUCL/Q98=
Subject key identifier:   99:EB:B0:1E:94:A5:5E:EF:A8:57:10:9B:DD:F9:AC:62:10:16:21:FC
Certificate issuer:       /CN=884bf80e72f50f09bf563493ebdb11a34bba312d
Certificate serial:       018CC50030987AC41F454F0DEB326680E188
Authority key identifier: 88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/meuwHpSlXu-oVxCb3fmsYhAWIfw.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208083
IP address blocks:        2a0f:a180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:30:98:7a:c4:1f:45:4f:0d:eb:32:66:80:e1:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=884bf80e72f50f09bf563493ebdb11a34bba312d
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99ebb01e94a55eefa857109bddf9ac62101621fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:38:6f:7b:79:1b:fb:3c:d4:99:71:a4:b6:cf:
                    7c:2e:d6:7a:0c:33:c0:50:57:df:37:6e:01:99:73:
                    f3:3c:66:63:d5:6e:f5:37:a7:3b:b8:fd:5f:c7:71:
                    39:43:88:c4:c8:e1:ac:98:28:b7:e5:2a:78:03:29:
                    81:22:f6:6e:90:8e:b4:d9:d5:d3:2f:cc:8e:f4:bb:
                    95:d8:31:21:01:d8:bf:3e:32:fc:62:63:26:52:f9:
                    4e:de:03:76:84:16:fe:0d:4e:73:21:75:e8:80:2b:
                    7e:55:31:03:fe:fd:eb:fa:0b:82:21:3d:b3:ab:bb:
                    50:fb:47:93:5e:33:06:91:3f:66:8c:fc:a7:7c:90:
                    cc:f7:bb:0d:b5:90:6a:45:29:85:8f:37:88:86:7d:
                    51:f4:dd:6c:f7:eb:8d:1d:58:c5:4d:28:96:8d:e0:
                    0c:f1:ea:e4:ec:0a:35:ab:fa:07:8a:98:01:43:0c:
                    19:da:99:34:93:ea:1c:30:13:cd:09:db:b3:1a:28:
                    75:66:d9:2a:d9:a9:04:bd:1a:e9:af:97:f8:72:25:
                    97:94:de:77:81:3e:86:2e:9f:61:39:8f:9e:64:0c:
                    06:92:ea:02:cc:72:31:30:4b:63:b5:7d:47:97:7d:
                    61:dd:00:d9:fd:c7:6b:8d:9d:b8:9c:b6:f8:94:fe:
                    a3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:EB:B0:1E:94:A5:5E:EF:A8:57:10:9B:DD:F9:AC:62:10:16:21:FC
            X509v3 Authority Key Identifier:
                keyid:88:4B:F8:0E:72:F5:0F:09:BF:56:34:93:EB:DB:11:A3:4B:BA:31:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEv4DnL1Dwm_VjST69sRo0u6MS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/meuwHpSlXu-oVxCb3fmsYhAWIfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b12e4d-8a1a-4010-9a8b-36f9847ac35b/1/iEv4DnL1Dwm_VjST69sRo0u6MS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:a180::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:ca:c4:f6:02:73:01:73:c4:9b:18:23:f4:f4:be:fe:48:a3:
         4d:f9:4a:ff:50:e8:aa:68:68:7c:6f:77:74:aa:60:d4:6d:98:
         4c:bf:5a:35:c5:91:23:2b:07:26:81:88:87:eb:37:24:58:f2:
         07:72:41:92:05:6a:ce:db:ea:c6:93:0f:80:60:5b:e2:1f:50:
         7d:d0:76:19:c9:56:d0:88:a1:7c:60:ac:9e:8e:8c:f4:56:07:
         27:2d:a7:8f:6e:57:bc:50:a4:7b:ed:fb:58:3f:44:66:6c:00:
         f0:8b:6c:66:46:ea:64:19:da:de:d2:7a:6a:a1:1c:55:4e:5b:
         de:14:30:c1:29:14:ee:4b:1b:6f:fb:3e:72:34:90:39:76:97:
         2b:de:db:6a:45:c6:95:d5:cc:ed:40:98:69:a6:61:6d:11:29:
         fd:1b:b6:8b:28:29:54:79:f8:a0:b5:d6:15:c3:39:ad:35:dc:
         d2:5d:b1:7b:e0:50:8b:f8:09:e4:fb:51:c4:51:ff:97:56:3c:
         b9:74:03:7a:3c:8c:12:73:87:d7:72:03:11:21:1d:f3:c9:4e:
         57:8e:3a:61:33:7e:ad:8c:4e:a5:2e:ba:0d:d3:01:6b:b0:0a:
         13:4a:10:8f:f0:36:44:04:74:57:7d:e7:a8:cd:5e:38:27:a5:
         06:50:50:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFADCYesQfRU8N6zJmgOGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NGJmODBlNzJmNTBmMDliZjU2MzQ5M2ViZGIxMWEzNGJi
YTMxMmQwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWViYjAxZTk0YTU1ZWVmYTg1NzEwOWJkZGY5YWM2MjEwMTYyMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDhve3kb+zzUmXGkts98LtZ6DDPA
UFffN24BmXPzPGZj1W71N6c7uP1fx3E5Q4jEyOGsmCi35Sp4AymBIvZukI602dXT
L8yO9LuV2DEhAdi/PjL8YmMmUvlO3gN2hBb+DU5zIXXogCt+VTED/v3r+guCIT2z
q7tQ+0eTXjMGkT9mjPynfJDM97sNtZBqRSmFjzeIhn1R9N1s9+uNHVjFTSiWjeAM
8erk7Ao1q/oHipgBQwwZ2pk0k+ocMBPNCduzGih1Ztkq2akEvRrpr5f4ciWXlN53
gT6GLp9hOY+eZAwGkuoCzHIxMEtjtX1Hl31h3QDZ/cdrjZ24nLb4lP6jYwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJnrsB6UpV7vqFcQm935rGIQFiH8MB8GA1UdIwQY
MBaAFIhL+A5y9Q8Jv1Y0k+vbEaNLujEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGIt
MzZmOTg0N2FjMzViLzEvbWV1d0hwU2xYdS1vVnhDYjNmbXNZaEFXSWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMTJlNGQtOGExYS00MDEwLTlhOGItMzZmOTg0N2FjMzVi
LzEvaUV2NERuTDFEd21fVmpTVDY5c1JvMHU2TVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+hgDAN
BgkqhkiG9w0BAQsFAAOCAQEAL8rE9gJzAXPEmxgj9PS+/kijTflK/1DoqmhofG93
dKpg1G2YTL9aNcWRIysHJoGIh+s3JFjyB3JBkgVqztvqxpMPgGBb4h9QfdB2GclW
0IihfGCsno6M9FYHJy2nj25XvFCke+37WD9EZmwA8ItsZkbqZBna3tJ6aqEcVU5b
3hQwwSkU7ksbb/s+cjSQOXaXK97bakXGldXM7UCYaaZhbREp/Ru2iygpVHn4oLXW
FcM5rTXc0l2xe+BQi/gJ5PtRxFH/l1Y8uXQDejyMEnOH13IDESEd88lOV446YTN+
rYxOpS66DdMBa7AKE0oQj/A2RAR0V33nqM1eOCelBlBQBQ==
-----END CERTIFICATE-----