Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/ebf3f7-e3ab-4f8c-86e8-7087e3fe2a5d/1/bbqHAPhsKZdJXuunVKehq1ETPaA.roa
File:                     bbqHAPhsKZdJXuunVKehq1ETPaA.roa (raw, json)
Hash identifier:          WkxOjwMO7Y3nIU+8/mbSBbBEbIkmHR8wvAEwiAccMsU=
Subject key identifier:   6D:BA:87:00:F8:6C:29:97:49:5E:EB:A7:54:A7:A1:AB:51:13:3D:A0
Certificate issuer:       /CN=59dda75f8110743d250c3068a356ce6acf1c4fe2
Certificate serial:       018CE463168A144705E7AF94F667E9DE57C2
Authority key identifier: 59:DD:A7:5F:81:10:74:3D:25:0C:30:68:A3:56:CE:6A:CF:1C:4F:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd2nX4EQdD0lDDBoo1bOas8cT-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/ebf3f7-e3ab-4f8c-86e8-7087e3fe2a5d/1/bbqHAPhsKZdJXuunVKehq1ETPaA.roa
Signing time:             Sun 07 Jan 2024 14:45:48 +0000
ROA not before:           Sun 07 Jan 2024 14:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202685
IP address blocks:        2a03:df00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/ebf3f7-e3ab-4f8c-86e8-7087e3fe2a5d/1/Wd2nX4EQdD0lDDBoo1bOas8cT-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/ebf3f7-e3ab-4f8c-86e8-7087e3fe2a5d/1/Wd2nX4EQdD0lDDBoo1bOas8cT-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd2nX4EQdD0lDDBoo1bOas8cT-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e4:63:16:8a:14:47:05:e7:af:94:f6:67:e9:de:57:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dda75f8110743d250c3068a356ce6acf1c4fe2
        Validity
            Not Before: Jan  7 14:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dba8700f86c2997495eeba754a7a1ab51133da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0d:89:1c:aa:50:2a:28:95:ed:54:0e:f1:43:
                    60:ff:50:b9:5f:6f:3e:52:53:21:ff:a1:05:eb:2b:
                    25:e5:ef:3f:80:94:b6:0c:04:ec:ed:98:44:24:9b:
                    5b:2f:67:9f:1c:37:0b:44:ef:64:cf:ea:cd:d9:f4:
                    c0:6a:96:ac:4e:6c:a9:8e:bc:08:ad:b6:07:f7:b3:
                    e6:94:d1:43:c5:ea:da:80:2d:db:97:3d:a1:ff:d9:
                    24:23:10:cc:b3:4a:4a:8a:23:98:95:58:ff:2e:10:
                    01:d9:c8:b6:0c:44:e2:43:14:44:e3:8f:f0:f1:57:
                    36:69:e6:d1:e2:6f:15:29:96:a4:c1:38:89:e6:0f:
                    9e:84:c2:19:d4:e3:db:64:a3:cd:4a:90:22:aa:cf:
                    e2:22:ee:7f:8e:9f:3b:4c:26:a8:6e:34:a2:64:15:
                    eb:00:6a:6f:af:09:1f:bc:7e:93:23:55:79:9d:eb:
                    b5:69:89:85:f4:1c:b2:ae:8c:ea:e3:31:ba:c8:dc:
                    36:d9:3e:cb:86:22:32:7a:08:37:b7:81:d6:a4:15:
                    87:1e:49:7a:57:e1:b0:07:dc:07:c9:05:25:2e:62:
                    b4:f4:0c:77:65:8d:30:17:3d:fd:bb:e4:5d:4c:41:
                    89:80:62:fa:46:43:1b:b6:4f:f9:07:7e:f2:1f:95:
                    84:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:BA:87:00:F8:6C:29:97:49:5E:EB:A7:54:A7:A1:AB:51:13:3D:A0
            X509v3 Authority Key Identifier:
                keyid:59:DD:A7:5F:81:10:74:3D:25:0C:30:68:A3:56:CE:6A:CF:1C:4F:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd2nX4EQdD0lDDBoo1bOas8cT-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ebf3f7-e3ab-4f8c-86e8-7087e3fe2a5d/1/bbqHAPhsKZdJXuunVKehq1ETPaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ebf3f7-e3ab-4f8c-86e8-7087e3fe2a5d/1/Wd2nX4EQdD0lDDBoo1bOas8cT-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:df00::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:91:38:8c:f9:51:da:80:de:e0:98:7a:e7:7e:18:ec:e6:2b:
         91:28:ca:a4:d3:1b:7d:1b:c6:bb:14:bb:fe:52:e7:b1:3e:65:
         e2:d6:ff:44:e5:33:56:12:6a:ad:59:9b:a0:98:a1:82:f4:08:
         f1:43:58:94:61:f1:00:b1:df:0b:4a:0c:4a:7b:56:b2:0f:73:
         ca:22:2b:0d:6e:00:23:36:78:32:14:ea:cc:46:03:2a:3e:6d:
         b3:40:cc:48:0b:eb:bc:4b:77:33:c2:1b:02:ef:85:dd:3d:2e:
         14:bc:f1:de:d7:90:42:9e:7f:e9:1a:2c:ee:14:89:fd:d7:51:
         8e:70:de:dd:5d:8e:1c:3e:2d:8f:27:08:c6:15:3c:f6:d3:f5:
         dd:be:de:27:42:cf:32:5c:c4:6d:eb:36:b3:37:67:e6:d8:83:
         ff:d8:b0:e1:c6:37:31:ac:02:09:3a:e1:a6:49:4c:ea:2d:25:
         5c:f6:6a:73:92:cd:88:2a:41:4b:80:63:26:79:ce:6f:09:80:
         3a:bb:2a:f7:ed:d1:00:a0:40:7b:cb:58:c6:a1:8a:c3:a2:58:
         11:20:98:28:91:54:a9:d1:c7:76:b0:18:df:48:fc:b7:e1:27:
         b3:5e:a1:4c:82:9b:9b:17:1a:de:16:ee:be:d0:37:24:d8:93:
         5b:72:92:b3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzkYxaKFEcF56+U9mfp3lfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGRhNzVmODExMDc0M2QyNTBjMzA2OGEzNTZjZTZhY2Yx
YzRmZTIwHhcNMjQwMTA3MTQ0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJhODcwMGY4NmMyOTk3NDk1ZWViYTc1NGE3YTFhYjUxMTMzZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQ2JHKpQKiiV7VQO8UNg/1C5X28+
UlMh/6EF6ysl5e8/gJS2DATs7ZhEJJtbL2efHDcLRO9kz+rN2fTAapasTmypjrwI
rbYH97PmlNFDxeragC3blz2h/9kkIxDMs0pKiiOYlVj/LhAB2ci2DETiQxRE44/w
8Vc2aebR4m8VKZakwTiJ5g+ehMIZ1OPbZKPNSpAiqs/iIu5/jp87TCaobjSiZBXr
AGpvrwkfvH6TI1V5neu1aYmF9Byyrozq4zG6yNw22T7LhiIyegg3t4HWpBWHHkl6
V+GwB9wHyQUlLmK09Ax3ZY0wFz39u+RdTEGJgGL6RkMbtk/5B37yH5WESwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG26hwD4bCmXSV7rp1SnoatREz2gMB8GA1UdIwQY
MBaAFFndp1+BEHQ9JQwwaKNWzmrPHE/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2Qyblg0RVFkRDBsRERCb28xYk9hczhjVC1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9lYmYzZjctZTNhYi00ZjhjLTg2ZTgt
NzA4N2UzZmUyYTVkLzEvYmJxSEFQaHNLWmRKWHV1blZLZWhxMUVUUGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9lYmYzZjctZTNhYi00ZjhjLTg2ZTgtNzA4N2UzZmUyYTVk
LzEvV2Qyblg0RVFkRDBsRERCb28xYk9hczhjVC1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgPfADAN
BgkqhkiG9w0BAQsFAAOCAQEAJ5E4jPlR2oDe4Jh6534Y7OYrkSjKpNMbfRvGuxS7
/lLnsT5l4tb/ROUzVhJqrVmboJihgvQI8UNYlGHxALHfC0oMSntWsg9zyiIrDW4A
IzZ4MhTqzEYDKj5ts0DMSAvrvEt3M8IbAu+F3T0uFLzx3teQQp5/6Ros7hSJ/ddR
jnDe3V2OHD4tjycIxhU89tP13b7eJ0LPMlzEbes2szdn5tiD/9iw4cY3MawCCTrh
pklM6i0lXPZqc5LNiCpBS4BjJnnObwmAOrsq9+3RAKBAe8tYxqGKw6JYESCYKJFU
qdHHdrAY30j8t+Ens16hTIKbmxca3hbuvtA3JNiTW3KSsw==
-----END CERTIFICATE-----