Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/qjDbXmvLBFYZ4CUkSiDMhgqpR4k.roa
File:                     qjDbXmvLBFYZ4CUkSiDMhgqpR4k.roa (raw, json)
Hash identifier:          zfXo08ktQr9ARPqZb6ly+xTWNXpTNoCUR0fyjRtcWn8=
Subject key identifier:   AA:30:DB:5E:6B:CB:04:56:19:E0:25:24:4A:20:CC:86:0A:A9:47:89
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC79342498E396C79307CF22169475263
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/qjDbXmvLBFYZ4CUkSiDMhgqpR4k.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204646
IP address blocks:        2a0d:2080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:42:49:8e:39:6c:79:30:7c:f2:21:69:47:52:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa30db5e6bcb045619e025244a20cc860aa94789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:20:d2:d8:f7:04:ee:30:44:47:30:97:15:09:
                    84:7e:c7:fa:8f:03:68:ab:a0:6c:12:d0:d4:98:c0:
                    0a:91:df:c9:b8:11:ae:6f:15:c5:20:80:88:5b:77:
                    de:2b:78:bd:cf:42:8e:b3:f4:f2:62:92:b7:90:cc:
                    e5:7d:fc:8c:e5:14:68:d8:ad:c4:37:2d:e2:6f:f9:
                    d7:07:fd:fb:b3:14:e5:03:a5:2e:87:b7:db:6e:c8:
                    65:68:ad:e9:b1:a4:f3:6f:70:fc:10:c6:70:8f:dd:
                    08:33:3c:24:6b:e3:ad:2c:04:9f:e8:fe:99:b3:d2:
                    b4:ad:54:38:50:7b:ea:f8:15:d1:c2:68:7c:e7:e4:
                    aa:52:4a:e4:9b:07:c3:3b:41:02:5d:1c:28:18:b1:
                    47:68:aa:0d:9f:4a:76:31:ac:91:08:ef:5c:0f:ec:
                    dc:d1:71:f1:8d:c9:e0:c8:3c:13:34:60:2c:01:99:
                    21:6a:bf:83:fc:7d:64:0a:aa:4b:b9:48:3e:14:42:
                    09:47:bc:3b:18:a9:d4:8e:ae:44:92:87:1e:d5:74:
                    01:ff:4f:be:57:d1:d3:49:9a:a8:56:85:3e:21:66:
                    35:1c:12:9e:c4:6d:f3:04:7d:16:b4:a7:6b:f6:87:
                    11:85:1d:f5:65:78:ae:b5:1a:36:75:a2:e0:ae:71:
                    41:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:30:DB:5E:6B:CB:04:56:19:E0:25:24:4A:20:CC:86:0A:A9:47:89
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/qjDbXmvLBFYZ4CUkSiDMhgqpR4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2080::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:cf:62:4c:9a:3e:5e:d1:c1:8f:bc:b2:9b:5a:b1:04:38:57:
         fd:a0:08:9a:68:16:a7:d9:70:4d:2c:6d:93:48:cd:97:17:5c:
         c5:b8:dd:91:a6:74:24:97:6f:5b:58:67:56:8a:87:f0:3d:2a:
         b5:0d:50:bc:5f:8d:4e:dd:20:2c:21:0d:ec:80:f0:e7:fd:e0:
         86:39:54:0d:f0:a5:38:62:53:7b:0c:4a:41:bd:b6:2e:79:13:
         1f:d7:0c:79:ac:62:58:ed:26:16:ee:e5:cd:65:9b:9d:a7:e6:
         53:2d:78:a1:58:65:a8:ea:ee:e1:62:87:b2:83:e3:63:43:22:
         99:40:f0:5c:db:d2:a2:d8:84:31:bd:7e:5d:45:03:14:a6:09:
         57:27:1d:63:fe:4b:55:74:a2:28:e4:c9:55:c1:01:26:7b:de:
         ec:17:f3:f2:57:09:55:d3:f9:1d:41:f0:1d:e8:6b:77:2f:3f:
         68:18:87:90:d5:50:8a:52:5d:5b:6e:d1:17:ab:6e:12:40:4a:
         e6:16:ee:ac:86:90:20:12:00:21:31:b7:33:57:10:d0:c0:b1:
         cc:3f:3f:ad:ad:87:da:fa:6b:25:c5:74:e0:6e:06:37:4f:1b:
         37:48:1a:7b:73:da:21:b4:1d:29:f1:e2:ea:ff:38:80:7b:92:
         ad:07:07:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHk0JJjjlseTB88iFpR1JjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMwZGI1ZTZiY2IwNDU2MTllMDI1MjQ0YTIwY2M4NjBhYTk0Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSDS2PcE7jBERzCXFQmEfsf6jwNo
q6BsEtDUmMAKkd/JuBGubxXFIICIW3feK3i9z0KOs/TyYpK3kMzlffyM5RRo2K3E
Ny3ib/nXB/37sxTlA6Uuh7fbbshlaK3psaTzb3D8EMZwj90IMzwka+OtLASf6P6Z
s9K0rVQ4UHvq+BXRwmh85+SqUkrkmwfDO0ECXRwoGLFHaKoNn0p2MayRCO9cD+zc
0XHxjcngyDwTNGAsAZkhar+D/H1kCqpLuUg+FEIJR7w7GKnUjq5Ekoce1XQB/0++
V9HTSZqoVoU+IWY1HBKexG3zBH0WtKdr9ocRhR31ZXiutRo2daLgrnFBvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKow215rywRWGeAlJEogzIYKqUeJMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvcWpEYlhtdkxCRllaNENVa1NpRE1oZ3FwUjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg0ggDAN
BgkqhkiG9w0BAQsFAAOCAQEAW89iTJo+XtHBj7yym1qxBDhX/aAImmgWp9lwTSxt
k0jNlxdcxbjdkaZ0JJdvW1hnVoqH8D0qtQ1QvF+NTt0gLCEN7IDw5/3ghjlUDfCl
OGJTewxKQb22LnkTH9cMeaxiWO0mFu7lzWWbnafmUy14oVhlqOru4WKHsoPjY0Mi
mUDwXNvSotiEMb1+XUUDFKYJVycdY/5LVXSiKOTJVcEBJnve7Bfz8lcJVdP5HUHw
Hehrdy8/aBiHkNVQilJdW27RF6tuEkBK5hburIaQIBIAITG3M1cQ0MCxzD8/ra2H
2vprJcV04G4GN08bN0gae3PaIbQdKfHi6v84gHuSrQcHcg==
-----END CERTIFICATE-----