Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/z2bOzUS6EhIz-F1lyfgX3-R7rqo.roa
File:                     z2bOzUS6EhIz-F1lyfgX3-R7rqo.roa (raw, json)
Hash identifier:          BCesQKsy4mGnSOy9PO/gsy6/b7djGAZq8T38MKJuKhk=
Subject key identifier:   CF:66:CE:CD:44:BA:12:12:33:F8:5D:65:C9:F8:17:DF:E4:7B:AE:AA
Certificate issuer:       /CN=b51e3f6bebcd05291dc5265e08b1cd6c401b9cfd
Certificate serial:       018CC64A4730707A0C5C449BA08744E49EFB
Authority key identifier: B5:1E:3F:6B:EB:CD:05:29:1D:C5:26:5E:08:B1:CD:6C:40:1B:9C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tR4_a-vNBSkdxSZeCLHNbEAbnP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/z2bOzUS6EhIz-F1lyfgX3-R7rqo.roa
Signing time:             Mon 01 Jan 2024 18:30:05 +0000
ROA not before:           Mon 01 Jan 2024 18:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35659
IP address blocks:        2a01:130:42::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/tR4_a-vNBSkdxSZeCLHNbEAbnP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/tR4_a-vNBSkdxSZeCLHNbEAbnP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tR4_a-vNBSkdxSZeCLHNbEAbnP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:47:30:70:7a:0c:5c:44:9b:a0:87:44:e4:9e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b51e3f6bebcd05291dc5265e08b1cd6c401b9cfd
        Validity
            Not Before: Jan  1 18:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf66cecd44ba121233f85d65c9f817dfe47baeaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:57:c9:e5:41:d7:b1:99:e0:ac:81:95:a2:d1:
                    aa:49:53:39:15:0a:23:d6:28:9d:89:62:8a:cb:2e:
                    bf:e4:f9:82:b7:6e:be:a1:04:aa:41:8e:e7:37:dd:
                    dd:71:ef:21:e0:9f:a2:c7:5b:dd:e3:bf:9f:34:f7:
                    cf:38:06:cb:e3:57:ec:14:df:60:ba:cd:18:de:1b:
                    5c:2e:50:e9:ff:3e:ae:6d:b5:87:0a:08:0f:c8:e8:
                    d2:8d:1e:9f:e6:f3:7d:24:20:66:c3:25:2a:5e:49:
                    e4:47:9f:ec:a4:9a:5a:89:49:3a:a3:db:4f:2c:95:
                    71:63:14:fc:78:a1:2a:0c:6c:b6:3f:45:57:10:38:
                    7a:b4:bc:f8:5f:28:dc:56:98:d9:f5:4c:6d:6e:c8:
                    0f:25:ab:14:e6:ea:45:31:25:7e:34:b1:84:7a:2d:
                    f1:37:7a:23:78:64:42:04:cb:a5:47:df:da:ef:33:
                    8e:e4:c9:57:19:81:a2:df:82:de:a3:a9:38:a6:da:
                    66:cc:11:66:70:f0:22:53:ff:6e:3a:01:1b:61:2d:
                    83:e9:3b:fb:49:6f:40:69:ea:d4:81:5d:31:28:85:
                    74:67:e6:89:86:9f:6b:3e:52:c6:f5:ab:4f:43:c3:
                    0a:97:92:ea:67:70:3b:8a:24:f4:19:f1:ab:b9:96:
                    31:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:66:CE:CD:44:BA:12:12:33:F8:5D:65:C9:F8:17:DF:E4:7B:AE:AA
            X509v3 Authority Key Identifier:
                keyid:B5:1E:3F:6B:EB:CD:05:29:1D:C5:26:5E:08:B1:CD:6C:40:1B:9C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tR4_a-vNBSkdxSZeCLHNbEAbnP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/z2bOzUS6EhIz-F1lyfgX3-R7rqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/tR4_a-vNBSkdxSZeCLHNbEAbnP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:130:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:2b:2c:bb:a4:df:02:f7:e4:e4:9d:9a:25:51:8e:41:87:72:
         ce:0d:a2:78:48:3e:c2:65:a0:8b:a3:81:8a:67:d5:56:e7:af:
         f1:09:d4:59:c4:bc:dd:e7:7c:e4:fd:04:21:f4:57:80:b7:93:
         22:da:95:98:d7:fe:a7:8f:c9:03:f5:6c:7a:14:53:9a:b3:36:
         e1:df:b4:b6:0b:34:22:a8:e4:7a:57:f7:b7:ed:50:9f:b7:0b:
         58:d1:28:5f:49:3f:e4:6a:71:08:a3:7c:b3:c6:56:c2:95:88:
         fd:96:5f:8a:b8:b4:96:58:de:31:3d:1c:ca:2f:28:d7:c7:f7:
         49:a1:d3:9a:3d:38:e2:48:a8:e0:7a:7c:39:e3:a5:97:ff:1e:
         e9:c4:23:b2:33:fe:39:75:9d:7e:77:0c:22:c1:94:d8:44:19:
         a4:d7:ed:26:ea:3f:fc:24:68:1b:db:20:eb:cd:d7:78:1b:77:
         28:4e:d3:b2:c5:dd:90:10:a7:97:2c:52:4b:2e:4a:15:f5:6a:
         12:9d:bb:b0:a4:97:8e:22:83:e9:e6:8c:49:db:a6:8d:e4:04:
         cd:9d:a8:1d:12:4f:3a:19:50:9b:2d:ea:8d:30:5d:50:da:4c:
         a4:de:17:e0:ff:ba:97:79:f8:71:26:67:ab:db:ec:79:d7:f5:
         db:2d:fe:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSkcwcHoMXESboIdE5J77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MWUzZjZiZWJjZDA1MjkxZGM1MjY1ZTA4YjFjZDZjNDAx
YjljZmQwHhcNMjQwMTAxMTgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjY2Y2VjZDQ0YmExMjEyMzNmODVkNjVjOWY4MTdkZmU0N2JhZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVfJ5UHXsZngrIGVotGqSVM5FQoj
1iidiWKKyy6/5PmCt26+oQSqQY7nN93dce8h4J+ix1vd47+fNPfPOAbL41fsFN9g
us0Y3htcLlDp/z6ubbWHCggPyOjSjR6f5vN9JCBmwyUqXknkR5/spJpaiUk6o9tP
LJVxYxT8eKEqDGy2P0VXEDh6tLz4XyjcVpjZ9UxtbsgPJasU5upFMSV+NLGEei3x
N3ojeGRCBMulR9/a7zOO5MlXGYGi34Leo6k4ptpmzBFmcPAiU/9uOgEbYS2D6Tv7
SW9AaerUgV0xKIV0Z+aJhp9rPlLG9atPQ8MKl5LqZ3A7iiT0GfGruZYxJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM9mzs1EuhISM/hdZcn4F9/ke66qMB8GA1UdIwQY
MBaAFLUeP2vrzQUpHcUmXgixzWxAG5z9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFI0X2Etdk5CU2tkeFNaZUNMSE5iRUFiblAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wMmZkZmQtN2FjOC00MzIxLWI5MzAt
OGZhNTUxZTZhZTc1LzEvejJiT3pVUzZFaEl6LUYxbHlmZ1gzLVI3cnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wMmZkZmQtN2FjOC00MzIxLWI5MzAtOGZhNTUxZTZhZTc1
LzEvdFI0X2Etdk5CU2tkeFNaZUNMSE5iRUFiblAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEBMABC
MA0GCSqGSIb3DQEBCwUAA4IBAQBsKyy7pN8C9+TknZolUY5Bh3LODaJ4SD7CZaCL
o4GKZ9VW56/xCdRZxLzd53zk/QQh9FeAt5Mi2pWY1/6nj8kD9Wx6FFOaszbh37S2
CzQiqOR6V/e37VCftwtY0ShfST/kanEIo3yzxlbClYj9ll+KuLSWWN4xPRzKLyjX
x/dJodOaPTjiSKjgenw546WX/x7pxCOyM/45dZ1+dwwiwZTYRBmk1+0m6j/8JGgb
2yDrzdd4G3coTtOyxd2QEKeXLFJLLkoV9WoSnbuwpJeOIoPp5oxJ26aN5ATNnagd
Ek86GVCbLeqNMF1Q2kyk3hfg/7qXefhxJmer2+x51/XbLf4O
-----END CERTIFICATE-----