Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rtNpujaXHEla0EUsrFGm0dFzLC4.roa
File:                     rtNpujaXHEla0EUsrFGm0dFzLC4.roa (raw, json)
Hash identifier:          nvqrXjsegN7gWlQk+TVfqznHqnZYoJ3S9VgT/h04gOI=
Subject key identifier:   AE:D3:69:BA:36:97:1C:49:5A:D0:45:2C:AC:51:A6:D1:D1:73:2C:2E
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6B225B39482052DB7A7CF1EF8D8E2
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rtNpujaXHEla0EUsrFGm0dFzLC4.roa
Signing time:             Mon 01 Jan 2024 06:29:39 +0000
ROA not before:           Mon 01 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50554
IP address blocks:        2a07:3501:1230::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b2:25:b3:94:82:05:2d:b7:a7:cf:1e:f8:d8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aed369ba36971c495ad0452cac51a6d1d1732c2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:39:0a:0d:8b:36:72:ea:be:65:59:1d:39:58:
                    2e:d9:a3:c0:9f:63:3d:b8:33:2a:ba:f8:11:77:77:
                    03:23:c5:2c:0a:ce:3b:0a:6e:6d:db:a9:15:48:c6:
                    0a:a7:05:b4:06:88:7c:95:e1:7b:d4:59:a5:9f:36:
                    55:f6:29:44:a1:34:36:52:2e:25:9e:26:84:d9:a2:
                    38:2f:3c:4d:ca:5c:a1:cd:38:3e:a8:4f:7e:e0:06:
                    70:e1:1f:bb:24:75:ee:6f:87:d0:3c:f4:40:b0:ba:
                    f7:b4:77:fe:81:77:85:54:27:ee:b6:75:45:7b:d8:
                    7d:9a:99:51:6e:8d:5e:38:2a:68:44:fd:82:a7:6a:
                    3a:b4:0b:4a:ca:06:49:12:35:34:4b:5a:25:45:1f:
                    5d:6b:60:9d:88:eb:4d:35:f6:b9:aa:30:68:d0:f1:
                    e0:9f:d6:1c:98:51:b2:25:83:c1:b9:ff:dd:08:da:
                    e3:59:57:e6:8c:94:41:25:a3:70:d0:24:86:93:7e:
                    1a:72:6e:d0:81:0f:a2:f2:02:df:2e:11:75:cb:14:
                    8e:be:b6:85:f4:f9:18:dd:de:de:d2:99:35:7b:4b:
                    7d:45:06:2e:e9:4c:fc:4d:16:19:c5:1e:44:7d:16:
                    cb:32:51:09:82:9c:8c:f8:ab:54:3e:e9:f0:8b:fb:
                    86:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D3:69:BA:36:97:1C:49:5A:D0:45:2C:AC:51:A6:D1:D1:73:2C:2E
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/rtNpujaXHEla0EUsrFGm0dFzLC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1230::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:6d:4d:bd:41:3a:dc:3d:f2:96:ee:e9:0d:57:44:e9:83:6e:
         e5:3e:b7:ee:ee:f9:59:be:8a:de:68:d7:d8:78:23:b4:e0:80:
         e2:dd:cc:0d:0e:0c:a3:cc:48:6c:16:e2:66:84:1d:2e:f5:d6:
         03:ba:62:37:f6:3c:a8:62:08:4d:30:07:13:79:14:26:f0:95:
         39:0b:6f:57:89:8d:ba:4b:e6:3d:3e:3f:3a:3b:e1:63:b5:bf:
         d5:69:cf:22:e8:8d:2c:cd:62:84:97:21:9c:9a:56:5d:fc:a0:
         2a:d9:30:80:c7:88:25:11:ae:fa:77:ea:30:b7:cb:1b:25:24:
         29:33:84:87:39:94:0b:52:13:4b:b3:81:db:53:56:b4:d3:c3:
         b2:b8:d4:22:24:94:7e:a1:37:bf:26:7c:dd:7c:ee:a4:76:43:
         a9:3c:4b:de:a5:61:18:66:95:8a:ac:df:92:1c:25:af:1d:18:
         9c:bc:3a:5c:d8:90:32:77:4a:76:17:be:2b:31:c7:7b:df:8c:
         02:01:b8:78:16:8f:82:99:64:f6:e2:5b:b8:aa:55:44:0e:c1:
         d7:4b:96:1b:2a:f7:e4:10:f9:dc:b8:9c:30:de:63:7b:50:93:
         55:8f:75:95:d0:eb:b6:db:a9:60:b6:4e:c1:2b:a0:11:8e:75:
         29:af:80:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtrIls5SCBS23p88e+NjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQzNjliYTM2OTcxYzQ5NWFkMDQ1MmNhYzUxYTZkMWQxNzMyYzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDkKDYs2cuq+ZVkdOVgu2aPAn2M9
uDMquvgRd3cDI8UsCs47Cm5t26kVSMYKpwW0Boh8leF71FmlnzZV9ilEoTQ2Ui4l
niaE2aI4LzxNylyhzTg+qE9+4AZw4R+7JHXub4fQPPRAsLr3tHf+gXeFVCfutnVF
e9h9mplRbo1eOCpoRP2Cp2o6tAtKygZJEjU0S1olRR9da2CdiOtNNfa5qjBo0PHg
n9YcmFGyJYPBuf/dCNrjWVfmjJRBJaNw0CSGk34acm7QgQ+i8gLfLhF1yxSOvraF
9PkY3d7e0pk1e0t9RQYu6Uz8TRYZxR5EfRbLMlEJgpyM+KtUPunwi/uGXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK7Tabo2lxxJWtBFLKxRptHRcywuMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvcnROcHVqYVhIRWxhMEVVc3JGR20wZEZ6TEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ARIw
MA0GCSqGSIb3DQEBCwUAA4IBAQAIbU29QTrcPfKW7ukNV0Tpg27lPrfu7vlZvore
aNfYeCO04IDi3cwNDgyjzEhsFuJmhB0u9dYDumI39jyoYghNMAcTeRQm8JU5C29X
iY26S+Y9Pj86O+Fjtb/Vac8i6I0szWKElyGcmlZd/KAq2TCAx4glEa76d+owt8sb
JSQpM4SHOZQLUhNLs4HbU1a008OyuNQiJJR+oTe/JnzdfO6kdkOpPEvepWEYZpWK
rN+SHCWvHRicvDpc2JAyd0p2F74rMcd734wCAbh4Fo+CmWT24lu4qlVEDsHXS5Yb
KvfkEPncuJww3mN7UJNVj3WV0Ou226lgtk7BK6ARjnUpr4Dg
-----END CERTIFICATE-----