Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xyhkTVNVbstgauKAZlIupUZI23U.roa
File:                     xyhkTVNVbstgauKAZlIupUZI23U.roa (raw, json)
Hash identifier:          b9SbanV9cufLA26Lilk3mE+rJuLKnDnbxreOGaBjb/c=
Subject key identifier:   C7:28:64:4D:53:55:6E:CB:60:6A:E2:80:66:52:2E:A5:46:48:DB:75
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC829872A41B6966D9122D4D5C115
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xyhkTVNVbstgauKAZlIupUZI23U.roa
Signing time:             Mon 01 Jan 2024 02:29:27 +0000
ROA not before:           Mon 01 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199290
IP address blocks:        2a0a:3000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c8:29:87:2a:41:b6:96:6d:91:22:d4:d5:c1:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c728644d53556ecb606ae28066522ea54648db75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b8:66:50:df:c9:d0:3e:7e:93:28:1b:1a:a6:
                    51:7c:0e:6f:83:0a:8e:e0:f5:aa:11:02:a2:cc:c1:
                    32:1e:b8:a5:8b:de:e3:d9:57:87:c2:e8:a3:d4:05:
                    24:c3:81:91:41:ce:8f:02:17:a7:bd:8e:a9:25:81:
                    50:59:5e:07:3a:9c:ab:f4:53:17:21:d9:8a:44:12:
                    ad:15:d3:76:91:fc:57:78:60:3e:d3:89:14:19:14:
                    1e:db:3b:9f:ab:ce:fe:bd:c8:5c:36:13:ee:20:20:
                    8f:2b:93:c2:41:49:7d:f0:ae:6f:77:17:5e:cc:18:
                    66:93:b5:a5:5b:75:1e:0d:c8:b6:c6:4a:25:32:eb:
                    25:c5:54:2a:db:58:ce:06:7e:35:c0:b7:6f:3f:3c:
                    e4:f4:a5:a0:26:bc:e2:2b:d7:bb:5e:44:78:33:b4:
                    40:88:b3:50:15:d5:d9:c9:21:92:b3:0b:71:70:e5:
                    de:e3:e9:a4:21:fd:e2:2b:ef:e1:5a:3d:5d:e6:59:
                    c1:1c:e8:31:06:7f:8f:df:ee:9f:7c:bc:82:10:b9:
                    3d:25:50:16:4e:b9:f6:50:bf:48:da:ce:4f:e4:24:
                    f2:7c:eb:66:da:2b:9e:7c:41:2d:8f:95:b0:21:62:
                    ab:0c:d2:d8:32:95:16:84:c3:bf:0c:2f:86:61:ce:
                    d9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:28:64:4D:53:55:6E:CB:60:6A:E2:80:66:52:2E:A5:46:48:DB:75
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/xyhkTVNVbstgauKAZlIupUZI23U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:3000::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:46:7c:bb:ce:f6:c0:02:3f:a6:06:7e:f7:94:a5:26:68:ab:
         e6:b6:d6:8a:13:ef:e6:70:45:07:b9:98:7c:81:4b:18:0e:79:
         d9:e4:05:ae:b3:a1:19:52:0f:99:7f:da:bf:c7:24:33:ba:e0:
         27:6b:14:38:21:32:f8:22:77:51:a0:b6:6c:63:e0:0f:6b:9e:
         79:84:23:53:ce:cd:89:c2:ac:52:5b:50:ae:82:d4:b9:20:ed:
         52:f2:57:f9:c9:1b:5a:c6:f9:5e:6f:15:2f:6d:fa:90:ad:e5:
         39:e7:fa:a8:32:09:c4:f3:e5:59:d9:c6:55:be:34:0a:34:03:
         20:ce:bb:eb:87:5a:1c:c1:bd:cc:54:fa:3f:5c:62:09:95:9c:
         ef:12:da:e2:6c:19:3a:74:6c:5d:cd:76:44:6f:0e:54:8d:6c:
         74:63:dc:e1:6c:5e:2a:ca:d4:11:51:19:8a:20:5a:4f:26:bd:
         69:fe:9c:b1:89:99:a7:d8:55:8d:85:ea:dd:fe:ee:be:61:c1:
         1d:62:4c:4e:13:52:47:d8:a0:ee:2c:7a:03:85:c6:16:d2:db:
         03:40:ef:3b:6b:87:d3:31:06:5d:40:da:78:9f:2c:48:1e:76:
         8e:a4:d0:66:ad:e3:13:7e:01:1b:3a:f2:db:42:87:83:f2:1f:
         da:f9:5c:7d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2sgphypBtpZtkSLU1cEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI4NjQ0ZDUzNTU2ZWNiNjA2YWUyODA2NjUyMmVhNTQ2NDhkYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bhmUN/J0D5+kygbGqZRfA5vgwqO
4PWqEQKizMEyHrili97j2VeHwuij1AUkw4GRQc6PAhenvY6pJYFQWV4HOpyr9FMX
IdmKRBKtFdN2kfxXeGA+04kUGRQe2zufq87+vchcNhPuICCPK5PCQUl98K5vdxde
zBhmk7WlW3UeDci2xkolMuslxVQq21jOBn41wLdvPzzk9KWgJrziK9e7XkR4M7RA
iLNQFdXZySGSswtxcOXe4+mkIf3iK+/hWj1d5lnBHOgxBn+P3+6ffLyCELk9JVAW
Trn2UL9I2s5P5CTyfOtm2iuefEEtj5WwIWKrDNLYMpUWhMO/DC+GYc7ZWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMcoZE1TVW7LYGrigGZSLqVGSNt1MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEveHloa1RWTlZic3RnYXVLQVpsSXVwVVpJMjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgowADAN
BgkqhkiG9w0BAQsFAAOCAQEARUZ8u872wAI/pgZ+95SlJmir5rbWihPv5nBFB7mY
fIFLGA552eQFrrOhGVIPmX/av8ckM7rgJ2sUOCEy+CJ3UaC2bGPgD2ueeYQjU87N
icKsUltQroLUuSDtUvJX+ckbWsb5Xm8VL236kK3lOef6qDIJxPPlWdnGVb40CjQD
IM6764daHMG9zFT6P1xiCZWc7xLa4mwZOnRsXc12RG8OVI1sdGPc4WxeKsrUEVEZ
iiBaTya9af6csYmZp9hVjYXq3f7uvmHBHWJMThNSR9ig7ix6A4XGFtLbA0DvO2uH
0zEGXUDaeJ8sSB52jqTQZq3jE34BGzry20KHg/If2vlcfQ==
-----END CERTIFICATE-----