Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/4CkxSyLhj_7WH_YwwQWKb6hWsPs.roa
File:                     4CkxSyLhj_7WH_YwwQWKb6hWsPs.roa (raw, json)
Hash identifier:          xnsDQ9iJ7FQPHgm1xwvuS0uJS4Z5f7Gcmbe/tTaZGvA=
Subject key identifier:   E0:29:31:4B:22:E1:8F:FE:D6:1F:F6:30:C1:05:8A:6F:A8:56:B0:FB
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6AFACA139557B1EF2D4F908631937
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/4CkxSyLhj_7WH_YwwQWKb6hWsPs.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35467
IP address blocks:        2a07:3501:1260::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:af:ac:a1:39:55:7b:1e:f2:d4:f9:08:63:19:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e029314b22e18ffed61ff630c1058a6fa856b0fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4f:9d:0d:e7:15:d8:25:c0:59:ad:19:4e:2e:
                    c2:3b:7f:d2:d8:80:57:a4:2e:0e:72:ce:bb:f9:c8:
                    bb:53:d1:8c:1f:2f:50:c6:9a:c8:46:bc:70:d1:3d:
                    9c:34:85:6d:33:9f:35:a7:7e:71:eb:47:65:5b:eb:
                    78:e4:ab:de:aa:e5:36:55:47:94:4c:22:77:13:d9:
                    00:6e:13:22:f2:b0:52:3a:5f:4d:58:e9:9b:96:fe:
                    b5:5a:a9:6f:af:e5:e1:b0:ee:22:3d:a5:84:91:43:
                    ab:b2:46:54:50:ac:53:6e:5e:68:3b:aa:ca:d9:57:
                    cd:d5:0c:cd:3b:39:69:fe:5f:98:c4:86:8b:50:68:
                    f5:7f:0c:f2:d9:ab:05:cb:4b:fa:fa:fe:1c:c3:0b:
                    a4:1a:6d:ad:43:21:01:fd:23:6d:a2:cc:d6:ef:8d:
                    ed:b5:ce:76:72:26:ab:48:34:6a:8b:61:ed:93:4f:
                    32:f0:2a:97:fe:c4:26:46:d2:75:17:30:06:ec:bd:
                    2a:9b:c3:9b:da:29:a5:31:77:60:41:19:46:52:35:
                    a2:69:a3:14:44:1a:78:9f:af:2a:29:ae:be:f0:2f:
                    03:e8:24:9d:08:ec:b4:dc:e8:ae:53:70:67:c4:97:
                    b4:e0:7d:8b:02:58:c8:75:6e:0a:51:5f:02:06:b4:
                    4f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:29:31:4B:22:E1:8F:FE:D6:1F:F6:30:C1:05:8A:6F:A8:56:B0:FB
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/4CkxSyLhj_7WH_YwwQWKb6hWsPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1260::/48

    Signature Algorithm: sha256WithRSAEncryption
         bb:93:40:c6:1b:48:08:42:14:ef:c4:a8:29:4a:d4:52:46:9b:
         0d:49:15:f2:22:7e:4c:9b:f7:fe:55:4a:5f:da:37:9c:d3:af:
         b1:01:3d:6e:4a:b7:b9:ad:85:9f:cb:10:d3:8d:ce:de:b4:76:
         e4:67:d2:26:26:31:ac:cd:86:52:c3:a4:ff:b3:ea:31:35:da:
         8a:f7:43:7b:29:3a:f9:1a:8e:f2:e7:c4:ef:42:44:f5:19:e4:
         91:18:4d:6f:ba:ce:bd:c9:cb:21:41:53:87:8d:36:1e:d7:2e:
         e0:8e:38:54:21:2b:96:24:ab:61:f4:25:fa:d3:41:e9:4d:19:
         4b:3b:f2:62:36:f2:c0:63:33:36:7e:4e:e1:3d:bb:bb:3a:9b:
         d2:ee:23:80:3f:61:e9:c0:92:ce:dd:34:b6:d5:55:a9:e7:9a:
         4d:e1:2b:23:57:8b:93:ce:c7:c2:b6:65:59:cd:3d:31:38:b5:
         e4:9c:3a:ac:a2:20:bb:c4:6c:79:69:62:83:93:1b:ef:3e:74:
         c8:43:35:72:94:4d:be:2f:3b:10:a5:ad:a1:80:ce:18:17:48:
         5b:be:a7:84:2a:4f:40:44:fa:7c:80:f0:47:2c:9c:bc:18:cf:
         e1:7e:51:80:51:1a:e9:b1:35:14:8b:9f:21:01:d7:c4:f8:4a:
         54:01:c0:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtq+soTlVex7y1PkIYxk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDI5MzE0YjIyZTE4ZmZlZDYxZmY2MzBjMTA1OGE2ZmE4NTZiMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgE+dDecV2CXAWa0ZTi7CO3/S2IBX
pC4Ocs67+ci7U9GMHy9QxprIRrxw0T2cNIVtM581p35x60dlW+t45KvequU2VUeU
TCJ3E9kAbhMi8rBSOl9NWOmblv61Wqlvr+XhsO4iPaWEkUOrskZUUKxTbl5oO6rK
2VfN1QzNOzlp/l+YxIaLUGj1fwzy2asFy0v6+v4cwwukGm2tQyEB/SNtoszW743t
tc52ciarSDRqi2Htk08y8CqX/sQmRtJ1FzAG7L0qm8Ob2imlMXdgQRlGUjWiaaMU
RBp4n68qKa6+8C8D6CSdCOy03OiuU3BnxJe04H2LAljIdW4KUV8CBrRP8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOApMUsi4Y/+1h/2MMEFim+oVrD7MB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvNENreFN5TGhqXzdXSF9Zd3dRV0tiNmhXc1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARJg
MA0GCSqGSIb3DQEBCwUAA4IBAQC7k0DGG0gIQhTvxKgpStRSRpsNSRXyIn5Mm/f+
VUpf2jec06+xAT1uSre5rYWfyxDTjc7etHbkZ9ImJjGszYZSw6T/s+oxNdqK90N7
KTr5Go7y58TvQkT1GeSRGE1vus69ycshQVOHjTYe1y7gjjhUISuWJKth9CX600Hp
TRlLO/JiNvLAYzM2fk7hPbu7OpvS7iOAP2HpwJLO3TS21VWp55pN4SsjV4uTzsfC
tmVZzT0xOLXknDqsoiC7xGx5aWKDkxvvPnTIQzVylE2+LzsQpa2hgM4YF0hbvqeE
Kk9ARPp8gPBHLJy8GM/hflGAURrpsTUUi58hAdfE+EpUAcCT
-----END CERTIFICATE-----