Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/2gUjlPsHqb_ncJcZ78sLRgGxgm0.roa
File:                     2gUjlPsHqb_ncJcZ78sLRgGxgm0.roa (raw, json)
Hash identifier:          6pPasbljOid/unjMtz4muULDrAeLY88ZGgh5fs7tFUA=
Subject key identifier:   DA:05:23:94:FB:07:A9:BF:E7:70:97:19:EF:CB:0B:46:01:B1:82:6D
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF879FD50735272CAAB5BE9B40E65
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/2gUjlPsHqb_ncJcZ78sLRgGxgm0.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209557
IP address blocks:        2a0f:607:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f8:79:fd:50:73:52:72:ca:ab:5b:e9:b4:0e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da052394fb07a9bfe7709719efcb0b4601b1826d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:57:a3:47:a0:e8:08:bd:1d:51:85:f8:ec:52:
                    8a:99:2c:8a:db:48:41:0e:d9:c1:3a:67:f4:c3:bf:
                    14:e0:9c:2b:48:10:1d:03:5a:06:f6:f9:c5:9e:e6:
                    d4:18:15:48:fd:0a:9c:d3:e7:c6:dc:6d:d4:cc:63:
                    d1:e9:78:cf:a6:13:ed:41:f4:6a:1d:69:f2:f0:b1:
                    b0:da:36:16:7f:ae:9a:e8:b5:02:83:45:ee:54:1d:
                    14:0d:18:cb:ab:a7:47:e8:d8:27:17:7b:5b:a5:d8:
                    cd:7e:8b:1e:cf:0e:fd:20:ab:fd:1e:af:af:41:e3:
                    31:13:fb:b5:ef:8b:cc:97:bb:3a:a7:b9:1a:bf:4f:
                    cd:24:5c:07:1b:37:c5:80:af:ed:09:f9:fd:26:45:
                    f2:81:91:79:49:6b:41:49:3c:7b:12:90:2a:f9:b0:
                    28:bc:b4:f9:30:c2:e8:e2:1d:87:88:1b:4b:f5:e5:
                    dc:1a:4c:03:e2:a4:bb:1d:f2:c0:84:9a:fe:5d:61:
                    61:8d:58:ca:03:2c:d3:a3:03:0a:63:dc:71:c2:8f:
                    2c:a8:26:a0:4a:ca:0c:1a:b1:65:bb:07:7b:a0:bf:
                    24:31:a4:fc:5d:c1:bb:9d:27:56:87:e3:97:cd:60:
                    6c:0e:5b:37:25:6c:dd:16:38:1c:ee:71:3b:21:28:
                    d5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:05:23:94:FB:07:A9:BF:E7:70:97:19:EF:CB:0B:46:01:B1:82:6D
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/2gUjlPsHqb_ncJcZ78sLRgGxgm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         6c:cb:c3:c6:5b:f0:18:df:7e:81:34:21:f3:a4:ff:bd:84:39:
         0d:bc:07:c0:ae:ad:84:fd:36:50:9c:97:f2:c1:a3:5f:8f:42:
         8c:76:8b:9b:ed:5d:34:b7:d7:d2:88:59:8a:ca:94:f6:16:91:
         58:b2:cf:56:c3:7f:0c:39:ab:9c:0a:5c:f9:44:92:70:84:f9:
         a2:37:49:f6:e4:75:1f:76:1b:a8:7a:37:fe:1f:4f:b2:9d:ce:
         6a:df:b0:99:d1:73:84:ec:ad:e5:47:9c:8a:67:52:7e:15:66:
         17:b4:b0:13:48:5c:c3:b8:c7:11:f9:b3:43:01:79:3d:df:42:
         7f:18:ec:f0:aa:dc:36:23:93:2c:5e:b3:79:97:83:47:b7:14:
         7e:a4:98:7f:d0:1c:b7:74:11:ec:37:a5:fd:de:16:d8:4f:90:
         de:c2:bf:4d:06:41:86:eb:eb:f9:fe:0b:59:67:30:df:f2:aa:
         03:6d:d5:23:8f:e6:32:6c:8e:1d:ef:fc:c0:90:80:36:91:6f:
         c2:da:30:de:7b:e3:68:a1:84:07:9a:6a:78:e4:fe:65:36:36:
         21:41:6e:17:1e:b7:5d:a2:16:ec:24:e2:a6:9a:c3:b1:ca:12:
         74:9f:a6:b5:7b:1a:81:98:4c:04:60:48:4d:0e:96:09:3f:37:
         23:55:7a:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3Ph5/VBzUnLKq1vptA5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTA1MjM5NGZiMDdhOWJmZTc3MDk3MTllZmNiMGI0NjAxYjE4MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVejR6DoCL0dUYX47FKKmSyK20hB
DtnBOmf0w78U4JwrSBAdA1oG9vnFnubUGBVI/Qqc0+fG3G3UzGPR6XjPphPtQfRq
HWny8LGw2jYWf66a6LUCg0XuVB0UDRjLq6dH6NgnF3tbpdjNfosezw79IKv9Hq+v
QeMxE/u174vMl7s6p7kav0/NJFwHGzfFgK/tCfn9JkXygZF5SWtBSTx7EpAq+bAo
vLT5MMLo4h2HiBtL9eXcGkwD4qS7HfLAhJr+XWFhjVjKAyzTowMKY9xxwo8sqCag
SsoMGrFluwd7oL8kMaT8XcG7nSdWh+OXzWBsDls3JWzdFjgc7nE7ISjV9wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNoFI5T7B6m/53CXGe/LC0YBsYJtMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvMmdVamxQc0hxYl9uY0pjWjc4c0xSZ0d4Z20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg8GBxAw
DQYJKoZIhvcNAQELBQADggEBAGzLw8Zb8BjffoE0IfOk/72EOQ28B8CurYT9NlCc
l/LBo1+PQox2i5vtXTS319KIWYrKlPYWkViyz1bDfww5q5wKXPlEknCE+aI3Sfbk
dR92G6h6N/4fT7KdzmrfsJnRc4TsreVHnIpnUn4VZhe0sBNIXMO4xxH5s0MBeT3f
Qn8Y7PCq3DYjkyxes3mXg0e3FH6kmH/QHLd0Eew3pf3eFthPkN7Cv00GQYbr6/n+
C1lnMN/yqgNt1SOP5jJsjh3v/MCQgDaRb8LaMN5742ihhAeaanjk/mU2NiFBbhce
t12iFuwk4qaaw7HKEnSfprV7GoGYTARgSE0Olgk/NyNVeqc=
-----END CERTIFICATE-----