Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/e670a7-ad78-457e-ad80-007978bdb052/1/sW2ZQzaznOYUTgaN0NWZRkv3mI4.roa
File:                     sW2ZQzaznOYUTgaN0NWZRkv3mI4.roa (raw, json)
Hash identifier:          l7Sq4LFbp7xgsLc7oQb5wU3gI9qjxq781R1Na+W+9lg=
Subject key identifier:   B1:6D:99:43:36:B3:9C:E6:14:4E:06:8D:D0:D5:99:46:4B:F7:98:8E
Certificate issuer:       /CN=aa53cd2c584a3dc16208ba93b0db74773b3f23be
Certificate serial:       018CC56E45ED991CB104665B1FE812E56C59
Authority key identifier: AA:53:CD:2C:58:4A:3D:C1:62:08:BA:93:B0:DB:74:77:3B:3F:23:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlPNLFhKPcFiCLqTsNt0dzs_I74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/e670a7-ad78-457e-ad80-007978bdb052/1/sW2ZQzaznOYUTgaN0NWZRkv3mI4.roa
Signing time:             Mon 01 Jan 2024 14:29:47 +0000
ROA not before:           Mon 01 Jan 2024 14:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20625
IP address blocks:        2a02:ae8::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/e670a7-ad78-457e-ad80-007978bdb052/1/qlPNLFhKPcFiCLqTsNt0dzs_I74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/e670a7-ad78-457e-ad80-007978bdb052/1/qlPNLFhKPcFiCLqTsNt0dzs_I74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlPNLFhKPcFiCLqTsNt0dzs_I74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:45:ed:99:1c:b1:04:66:5b:1f:e8:12:e5:6c:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa53cd2c584a3dc16208ba93b0db74773b3f23be
        Validity
            Not Before: Jan  1 14:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b16d994336b39ce6144e068dd0d599464bf7988e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0a:c0:19:75:3c:85:c7:2b:c3:d2:8c:5a:8c:
                    75:3b:47:c9:f8:b2:f2:2a:c5:58:44:0c:e4:e5:a9:
                    d7:cf:09:3a:f7:b8:b4:12:9b:98:6b:a2:e8:ce:f6:
                    9c:b8:ca:c4:d2:5c:22:41:8f:bc:cf:f7:c3:96:09:
                    a9:28:d5:be:35:e5:38:1f:25:63:ef:e5:f6:05:a8:
                    b7:45:47:33:4a:d6:21:5a:b0:25:d0:58:d1:2d:6a:
                    2c:8d:86:df:3f:b2:9c:0b:2a:c5:d9:76:15:9b:02:
                    50:8d:cf:08:90:b4:07:1f:5d:29:b6:52:18:85:90:
                    8b:48:94:4a:98:0a:84:cf:aa:6f:8c:7c:78:e8:4f:
                    df:60:2d:28:f2:f2:47:71:70:64:5c:eb:44:12:7a:
                    99:ef:d5:52:f8:4b:80:b6:27:1a:b4:8b:10:79:27:
                    c8:22:3d:78:b6:77:7b:8d:29:ba:d3:a1:a1:2f:b6:
                    97:18:49:e0:b3:5e:bf:50:45:85:27:0e:be:7f:8f:
                    c6:c7:44:a2:bd:40:a4:53:24:c2:f7:a5:05:b4:59:
                    ed:f6:a9:62:fd:98:51:d2:54:59:64:d4:f0:12:cd:
                    5e:12:8c:3c:cd:8a:e0:6b:a2:85:55:9e:be:d0:79:
                    6f:4e:86:3f:ad:d1:70:0b:38:0b:43:fe:9a:b6:30:
                    14:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:6D:99:43:36:B3:9C:E6:14:4E:06:8D:D0:D5:99:46:4B:F7:98:8E
            X509v3 Authority Key Identifier:
                keyid:AA:53:CD:2C:58:4A:3D:C1:62:08:BA:93:B0:DB:74:77:3B:3F:23:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlPNLFhKPcFiCLqTsNt0dzs_I74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e670a7-ad78-457e-ad80-007978bdb052/1/sW2ZQzaznOYUTgaN0NWZRkv3mI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e670a7-ad78-457e-ad80-007978bdb052/1/qlPNLFhKPcFiCLqTsNt0dzs_I74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ae8::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:6d:3c:a7:9f:b9:4d:a6:45:98:57:90:4e:49:32:27:68:c1:
         70:ff:39:b4:08:b2:d6:50:9d:55:44:19:50:b0:51:76:9f:b5:
         7d:a5:40:19:2d:ed:ee:83:e6:75:ff:09:a0:a2:59:fb:e3:f4:
         82:62:69:69:2f:d9:3a:36:6b:cc:12:48:3a:a0:4c:f2:cc:45:
         10:53:cf:3c:61:c5:d4:ce:4a:76:32:e2:3d:71:16:88:d8:65:
         a3:fc:57:f7:70:71:fc:5e:8d:85:8b:40:1b:9f:ba:20:3f:63:
         f9:23:4f:42:2f:2c:da:3f:d8:c5:1e:75:66:f7:e9:af:c3:f3:
         c7:9a:fc:16:52:d8:8b:e5:76:da:b6:ad:f4:06:f8:fc:b9:3c:
         51:89:f4:98:c6:f0:e2:ea:ab:5d:cf:14:e6:02:92:a5:8c:6d:
         48:16:26:6f:e5:c6:00:e5:4f:a5:9f:0d:e6:0e:09:06:25:96:
         48:25:c3:25:d0:a7:53:fe:40:f7:6a:8c:e8:61:31:5e:4b:00:
         dc:29:eb:4b:f9:3f:7a:e3:19:4f:88:5a:3a:92:ad:a8:46:7c:
         f7:33:d2:25:6d:30:25:45:f7:2a:8e:26:a8:57:cf:a5:66:23:
         36:43:48:54:60:aa:d1:0e:7d:c3:08:b1:ce:87:61:99:3e:77:
         98:92:48:33
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbkXtmRyxBGZbH+gS5WxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTNjZDJjNTg0YTNkYzE2MjA4YmE5M2IwZGI3NDc3M2Iz
ZjIzYmUwHhcNMjQwMTAxMTQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTZkOTk0MzM2YjM5Y2U2MTQ0ZTA2OGRkMGQ1OTk0NjRiZjc5ODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwrAGXU8hccrw9KMWox1O0fJ+LLy
KsVYRAzk5anXzwk697i0EpuYa6LozvacuMrE0lwiQY+8z/fDlgmpKNW+NeU4HyVj
7+X2Bai3RUczStYhWrAl0FjRLWosjYbfP7KcCyrF2XYVmwJQjc8IkLQHH10ptlIY
hZCLSJRKmAqEz6pvjHx46E/fYC0o8vJHcXBkXOtEEnqZ79VS+EuAticatIsQeSfI
Ij14tnd7jSm606GhL7aXGEngs16/UEWFJw6+f4/Gx0SivUCkUyTC96UFtFnt9qli
/ZhR0lRZZNTwEs1eEow8zYrga6KFVZ6+0HlvToY/rdFwCzgLQ/6atjAUcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLFtmUM2s5zmFE4GjdDVmUZL95iOMB8GA1UdIwQY
MBaAFKpTzSxYSj3BYgi6k7DbdHc7PyO+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxQTkxGaEtQY0ZpQ0xxVHNOdDBkenNfSTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9lNjcwYTctYWQ3OC00NTdlLWFkODAt
MDA3OTc4YmRiMDUyLzEvc1cyWlF6YXpuT1lVVGdhTjBOV1pSa3YzbUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9lNjcwYTctYWQ3OC00NTdlLWFkODAtMDA3OTc4YmRiMDUy
LzEvcWxQTkxGaEtQY0ZpQ0xxVHNOdDBkenNfSTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgIK6DAN
BgkqhkiG9w0BAQsFAAOCAQEAWW08p5+5TaZFmFeQTkkyJ2jBcP85tAiy1lCdVUQZ
ULBRdp+1faVAGS3t7oPmdf8JoKJZ++P0gmJpaS/ZOjZrzBJIOqBM8sxFEFPPPGHF
1M5KdjLiPXEWiNhlo/xX93Bx/F6NhYtAG5+6ID9j+SNPQi8s2j/YxR51Zvfpr8Pz
x5r8FlLYi+V22rat9Ab4/Lk8UYn0mMbw4uqrXc8U5gKSpYxtSBYmb+XGAOVPpZ8N
5g4JBiWWSCXDJdCnU/5A92qM6GExXksA3CnrS/k/euMZT4haOpKtqEZ89zPSJW0w
JUX3Ko4mqFfPpWYjNkNIVGCq0Q59wwixzodhmT53mJJIMw==
-----END CERTIFICATE-----