Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/bw19npsKBwD1l4HkfCmcBa4naF4.roa
File:                     bw19npsKBwD1l4HkfCmcBa4naF4.roa (raw, json)
Hash identifier:          mWu4uEQcNi9QA5X5k4nEeRvrlwk/nmFxxfcmTbc3ROA=
Subject key identifier:   6F:0D:7D:9E:9B:0A:07:00:F5:97:81:E4:7C:29:9C:05:AE:27:68:5E
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       018F075DA57768F2262744DD03637099D4D8
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/bw19npsKBwD1l4HkfCmcBa4naF4.roa
Signing time:             Mon 22 Apr 2024 19:52:08 +0000
ROA not before:           Mon 22 Apr 2024 19:52:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25016
IP address blocks:        2a02:20c8:9880::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:07:5d:a5:77:68:f2:26:27:44:dd:03:63:70:99:d4:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Apr 22 19:52:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f0d7d9e9b0a0700f59781e47c299c05ae27685e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:02:f3:c0:8f:f3:67:cb:a4:3e:f9:30:24:04:
                    c1:72:d4:d6:e0:2a:e0:bc:5a:90:14:89:0d:48:90:
                    38:ab:91:1d:17:7b:49:3b:1e:f7:37:93:f5:9b:29:
                    3b:cd:96:63:78:5e:88:73:ff:be:4b:94:77:4b:8c:
                    4a:87:f2:5b:8d:a9:f0:43:47:b9:cd:06:9c:67:b4:
                    21:73:5e:d0:95:57:45:c8:e8:0e:c4:85:b7:c2:b1:
                    a1:33:61:9b:a4:0c:55:1d:5b:01:87:9c:a3:8d:c9:
                    50:f1:73:0d:ce:af:19:aa:f7:53:71:43:ee:6d:e6:
                    01:6b:4f:51:fe:7d:4c:d9:df:a7:17:8b:94:42:37:
                    0e:3a:53:22:6a:7f:8a:e1:1f:45:7a:5e:ba:92:45:
                    ae:00:ba:f2:cd:d8:15:fb:78:8b:26:e6:87:9b:7f:
                    05:44:89:fc:00:d2:77:81:89:41:89:d9:20:6c:f8:
                    70:a7:d8:ad:2a:7d:d3:e3:dd:05:91:7f:0a:34:a0:
                    5d:c3:ec:c4:ff:05:6b:fb:a4:1d:ab:fa:53:ff:e6:
                    14:06:cd:32:ee:26:2e:bd:f3:da:8f:28:28:86:43:
                    d2:f9:2a:c2:ef:c1:a3:41:c2:4c:05:21:14:3a:60:
                    41:7a:8a:a0:a8:45:fd:fa:ed:78:26:5b:18:63:1f:
                    14:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:0D:7D:9E:9B:0A:07:00:F5:97:81:E4:7C:29:9C:05:AE:27:68:5E
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/bw19npsKBwD1l4HkfCmcBa4naF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:20c8:9880::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:d3:71:86:ec:63:68:42:b9:38:e0:bc:e8:c9:52:c7:0e:81:
         10:5a:8a:88:6b:3e:42:bb:9e:36:3c:23:86:bb:c2:c4:65:7c:
         2c:bc:da:08:a8:64:e0:0b:0a:5e:d6:1d:45:42:36:19:4e:dc:
         97:9b:e3:5d:b7:42:15:ab:7c:25:fa:05:b1:94:12:3e:bb:ae:
         75:33:7e:63:d6:57:3f:73:62:1b:d4:e8:d8:01:64:05:26:d3:
         9d:c1:05:19:8a:12:61:99:f1:38:3e:ea:32:4a:32:c2:8e:72:
         8f:8e:a6:1e:9f:8b:04:e6:a0:43:cb:8a:63:b5:bc:54:37:6a:
         3c:8e:13:29:9b:62:79:1d:af:43:29:62:10:ea:40:73:29:3d:
         df:bb:c3:ea:50:c3:9b:b0:65:69:e7:41:82:79:63:7f:ec:3e:
         04:a2:fc:5f:ab:50:c2:0e:1d:60:92:f4:e1:2e:41:c6:26:e3:
         87:63:c3:27:30:b0:41:9b:b5:8e:e6:93:d9:ac:01:40:38:63:
         69:a0:74:1b:d7:e0:74:c1:48:ce:80:9b:bb:58:ce:c9:24:e3:
         e1:18:bd:49:28:2e:e1:6c:3e:9c:db:87:4e:0a:ee:da:df:52:
         83:0a:3f:5f:3f:79:e8:4a:b3:30:b1:87:db:9e:8e:36:df:96:
         8e:7b:c3:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8HXaV3aPImJ0TdA2NwmdTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjQwNDIyMTk1MjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjBkN2Q5ZTliMGEwNzAwZjU5NzgxZTQ3YzI5OWMwNWFlMjc2ODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgLzwI/zZ8ukPvkwJATBctTW4Crg
vFqQFIkNSJA4q5EdF3tJOx73N5P1myk7zZZjeF6Ic/++S5R3S4xKh/JbjanwQ0e5
zQacZ7Qhc17QlVdFyOgOxIW3wrGhM2GbpAxVHVsBh5yjjclQ8XMNzq8ZqvdTcUPu
beYBa09R/n1M2d+nF4uUQjcOOlMian+K4R9Fel66kkWuALryzdgV+3iLJuaHm38F
RIn8ANJ3gYlBidkgbPhwp9itKn3T490FkX8KNKBdw+zE/wVr+6Qdq/pT/+YUBs0y
7iYuvfPajygohkPS+SrC78GjQcJMBSEUOmBBeoqgqEX9+u14JlsYYx8U0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG8NfZ6bCgcA9ZeB5HwpnAWuJ2heMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvYncxOW5wc0tCd0QxbDRIa2ZDbWNCYTRuYUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgyJiA
MA0GCSqGSIb3DQEBCwUAA4IBAQAG03GG7GNoQrk44LzoyVLHDoEQWoqIaz5Cu542
PCOGu8LEZXwsvNoIqGTgCwpe1h1FQjYZTtyXm+Ndt0IVq3wl+gWxlBI+u651M35j
1lc/c2Ib1OjYAWQFJtOdwQUZihJhmfE4PuoySjLCjnKPjqYen4sE5qBDy4pjtbxU
N2o8jhMpm2J5Ha9DKWIQ6kBzKT3fu8PqUMObsGVp50GCeWN/7D4Eovxfq1DCDh1g
kvThLkHGJuOHY8MnMLBBm7WO5pPZrAFAOGNpoHQb1+B0wUjOgJu7WM7JJOPhGL1J
KC7hbD6c24dOCu7a31KDCj9fP3noSrMwsYfbno4235aOe8PN
-----END CERTIFICATE-----