Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/90Dc4VeDx-LdyMrF2kuqvFGgvBA.roa
File:                     90Dc4VeDx-LdyMrF2kuqvFGgvBA.roa (raw, json)
Hash identifier:          KJhIDc4NkdTtSR3DnCZwd+97ByF5ig6I2me5MNIv8ng=
Subject key identifier:   F7:40:DC:E1:57:83:C7:E2:DD:C8:CA:C5:DA:4B:AA:BC:51:A0:BC:10
Certificate issuer:       /CN=ecc8a1aad0205943a4572389bb74334e1ca28485
Certificate serial:       018D8DB43B355E34BBFBE72F528304C9EF00
Authority key identifier: EC:C8:A1:AA:D0:20:59:43:A4:57:23:89:BB:74:33:4E:1C:A2:84:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7MihqtAgWUOkVyOJu3QzThyihIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/90Dc4VeDx-LdyMrF2kuqvFGgvBA.roa
Signing time:             Fri 09 Feb 2024 11:50:15 +0000
ROA not before:           Fri 09 Feb 2024 11:50:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29442
IP address blocks:        2a02:cac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/7MihqtAgWUOkVyOJu3QzThyihIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/7MihqtAgWUOkVyOJu3QzThyihIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7MihqtAgWUOkVyOJu3QzThyihIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8d:b4:3b:35:5e:34:bb:fb:e7:2f:52:83:04:c9:ef:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecc8a1aad0205943a4572389bb74334e1ca28485
        Validity
            Not Before: Feb  9 11:50:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f740dce15783c7e2ddc8cac5da4baabc51a0bc10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:02:77:e4:f7:cc:f0:8c:94:0d:ea:9a:f8:da:
                    a7:70:ec:ab:c7:a6:0a:1e:b3:e9:19:a5:9c:e9:24:
                    d9:3a:d9:5e:ac:b3:35:bc:77:49:05:78:0f:fd:8b:
                    c4:fc:57:0c:eb:ff:97:50:5d:df:7b:73:94:b9:51:
                    fc:ae:45:89:ea:de:ce:f5:a6:38:6c:59:84:42:d5:
                    18:63:b1:8d:c7:aa:25:d2:39:5e:03:73:85:ee:1a:
                    f0:1e:27:f5:f5:94:b5:72:fc:1f:6b:f2:a6:d5:b3:
                    5b:8f:4f:14:4f:e4:e4:57:d3:7a:5f:6f:1f:30:9d:
                    72:99:be:a3:8b:c6:f9:25:30:fb:cc:86:3e:7b:c5:
                    28:6c:a7:93:2e:da:9b:e7:58:57:d5:01:b9:b6:f5:
                    a9:5b:bb:45:fb:ae:94:5b:65:c7:8a:25:67:f4:53:
                    5f:28:8d:9b:0d:3d:48:c9:d0:2e:bf:08:50:0e:e5:
                    14:ab:b2:20:7b:15:74:f6:07:37:b7:8b:f8:1d:f4:
                    91:6f:44:43:b1:04:bb:89:df:23:55:27:0e:e0:8c:
                    89:e3:8a:a8:f7:5a:b9:0f:79:45:e0:5e:96:94:4e:
                    06:69:3e:3c:cc:c3:e5:87:64:ed:98:03:73:3f:fa:
                    85:a2:1e:a5:bd:7f:35:00:94:5e:1d:5b:44:73:14:
                    59:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:40:DC:E1:57:83:C7:E2:DD:C8:CA:C5:DA:4B:AA:BC:51:A0:BC:10
            X509v3 Authority Key Identifier:
                keyid:EC:C8:A1:AA:D0:20:59:43:A4:57:23:89:BB:74:33:4E:1C:A2:84:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7MihqtAgWUOkVyOJu3QzThyihIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/90Dc4VeDx-LdyMrF2kuqvFGgvBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b3298b-9c5a-4e38-8131-4a68f235c388/1/7MihqtAgWUOkVyOJu3QzThyihIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:cac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:83:c0:fe:0a:20:8d:3f:36:18:25:db:63:ff:f2:2e:14:17:
         91:89:91:80:06:d2:52:60:63:96:f6:04:cc:98:37:91:a5:dc:
         9b:9d:f9:5a:78:84:a8:dd:b8:91:04:86:59:11:32:31:df:82:
         25:d9:1b:b6:de:8e:77:a8:65:95:d7:bd:7f:ed:19:e9:91:45:
         48:03:87:6a:f2:3d:d5:2a:ae:a3:0f:65:01:99:b1:2e:78:5a:
         d5:b1:71:9e:62:40:43:9a:0c:22:eb:0a:9c:85:fc:57:81:b9:
         be:76:6f:b1:ac:73:bb:41:3f:4b:ed:94:19:7e:d6:f6:53:e1:
         4a:b2:1a:ff:cc:56:af:67:99:9c:0c:38:a2:83:bf:d2:09:9a:
         d6:14:14:8b:0c:3c:08:7e:b3:90:9e:d3:55:84:e5:1c:57:04:
         9b:29:64:d6:05:37:8f:6f:0b:85:8f:b9:97:0c:61:ba:fd:48:
         da:d6:31:ee:b1:f8:ad:57:c8:7e:30:a2:ea:e7:57:42:30:4b:
         eb:fb:ac:49:2d:97:c2:3c:24:e9:2c:73:fa:c6:93:3a:5a:77:
         ab:2a:3f:f4:d9:b7:14:3b:4b:bd:11:83:44:5d:ca:cf:a8:8f:
         81:68:e4:78:ea:7f:43:81:66:ac:34:4d:3f:77:94:74:13:d5:
         8e:06:e6:f4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2NtDs1XjS7++cvUoMEye8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYzhhMWFhZDAyMDU5NDNhNDU3MjM4OWJiNzQzMzRlMWNh
Mjg0ODUwHhcNMjQwMjA5MTE1MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzQwZGNlMTU3ODNjN2UyZGRjOGNhYzVkYTRiYWFiYzUxYTBiYzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAJ35PfM8IyUDeqa+NqncOyrx6YK
HrPpGaWc6STZOtlerLM1vHdJBXgP/YvE/FcM6/+XUF3fe3OUuVH8rkWJ6t7O9aY4
bFmEQtUYY7GNx6ol0jleA3OF7hrwHif19ZS1cvwfa/Km1bNbj08UT+TkV9N6X28f
MJ1ymb6ji8b5JTD7zIY+e8UobKeTLtqb51hX1QG5tvWpW7tF+66UW2XHiiVn9FNf
KI2bDT1IydAuvwhQDuUUq7IgexV09gc3t4v4HfSRb0RDsQS7id8jVScO4IyJ44qo
91q5D3lF4F6WlE4GaT48zMPlh2TtmANzP/qFoh6lvX81AJReHVtEcxRZtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPdA3OFXg8fi3cjKxdpLqrxRoLwQMB8GA1UdIwQY
MBaAFOzIoarQIFlDpFcjibt0M04cooSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN01paHF0QWdXVU9rVnlPSnUzUXpUaHlpaElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iMzI5OGItOWM1YS00ZTM4LTgxMzEt
NGE2OGYyMzVjMzg4LzEvOTBEYzRWZUR4LUxkeU1yRjJrdXF2RkdndkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iMzI5OGItOWM1YS00ZTM4LTgxMzEtNGE2OGYyMzVjMzg4
LzEvN01paHF0QWdXVU9rVnlPSnUzUXpUaHlpaElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgLKwDAN
BgkqhkiG9w0BAQsFAAOCAQEAUIPA/gogjT82GCXbY//yLhQXkYmRgAbSUmBjlvYE
zJg3kaXcm535WniEqN24kQSGWREyMd+CJdkbtt6Od6hllde9f+0Z6ZFFSAOHavI9
1Squow9lAZmxLnha1bFxnmJAQ5oMIusKnIX8V4G5vnZvsaxzu0E/S+2UGX7W9lPh
SrIa/8xWr2eZnAw4ooO/0gma1hQUiww8CH6zkJ7TVYTlHFcEmylk1gU3j28LhY+5
lwxhuv1I2tYx7rH4rVfIfjCi6udXQjBL6/usSS2Xwjwk6Sxz+saTOlp3qyo/9Nm3
FDtLvRGDRF3Kz6iPgWjkeOp/Q4FmrDRNP3eUdBPVjgbm9A==
-----END CERTIFICATE-----