Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/DDr_t_Pu5_5l6HnGwLZBs_j-a2A.roa
File:                     DDr_t_Pu5_5l6HnGwLZBs_j-a2A.roa (raw, json)
Hash identifier:          IGh12FQCIVZ7J9+bvE1dpS05jcxLujYbLQNZyEwvLc8=
Subject key identifier:   0C:3A:FF:B7:F3:EE:E7:FE:65:E8:79:C6:C0:B6:41:B3:F8:FE:6B:60
Certificate issuer:       /CN=ffff0fa51e6939d01dcaa2bb3d5dcaa6d0043da2
Certificate serial:       0192BE49484E9B5861D7222B4A1AC056AA77
Authority key identifier: FF:FF:0F:A5:1E:69:39:D0:1D:CA:A2:BB:3D:5D:CA:A6:D0:04:3D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__8PpR5pOdAdyqK7PV3KptAEPaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/DDr_t_Pu5_5l6HnGwLZBs_j-a2A.roa
Signing time:             Thu 24 Oct 2024 11:28:46 +0000
ROA not before:           Thu 24 Oct 2024 11:28:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199659
IP address blocks:        2a02:d540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/__8PpR5pOdAdyqK7PV3KptAEPaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/__8PpR5pOdAdyqK7PV3KptAEPaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/__8PpR5pOdAdyqK7PV3KptAEPaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:49:48:4e:9b:58:61:d7:22:2b:4a:1a:c0:56:aa:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffff0fa51e6939d01dcaa2bb3d5dcaa6d0043da2
        Validity
            Not Before: Oct 24 11:28:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c3affb7f3eee7fe65e879c6c0b641b3f8fe6b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:62:58:16:1b:19:b7:27:2b:07:c8:b9:42:f2:
                    6f:16:45:42:1f:5b:3f:a7:86:47:c2:c6:53:1c:11:
                    4f:c9:29:aa:0b:51:58:cf:7a:50:80:fd:3b:06:3c:
                    f4:83:2d:8d:e7:9d:3b:e6:2c:c2:a8:c6:fd:12:b5:
                    18:ee:c3:5b:dc:fd:c2:cc:ae:c3:c3:7b:7b:8e:12:
                    3a:01:34:6d:c0:78:ec:c1:f1:e7:85:67:a7:1b:1e:
                    d0:b8:63:a3:cf:ab:f7:d7:3e:84:93:b1:fb:5d:1a:
                    27:72:ac:bf:57:f8:55:50:c0:ec:08:31:55:a5:10:
                    7e:ed:68:7f:57:1a:67:74:58:6d:53:a6:0d:64:30:
                    1c:e4:08:92:e1:bd:8f:a5:d6:35:4e:e0:77:1d:59:
                    1c:2c:9b:29:43:c1:fc:ae:5d:5c:3b:db:fd:b7:c8:
                    02:b2:1a:c1:19:98:4f:e4:d3:5c:b6:04:90:e8:94:
                    43:ae:f9:32:49:68:a9:df:d7:e1:bf:52:ba:d9:f7:
                    2e:4f:c7:4d:5a:79:63:23:71:bf:61:25:d5:05:0b:
                    02:4e:e9:01:61:11:2b:eb:1f:d7:45:e8:c1:81:d9:
                    fd:34:a1:24:3a:16:b5:cc:c3:68:a1:1f:72:27:29:
                    2e:aa:6c:c8:a1:4b:5b:f5:4f:a7:35:49:45:4d:38:
                    12:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:3A:FF:B7:F3:EE:E7:FE:65:E8:79:C6:C0:B6:41:B3:F8:FE:6B:60
            X509v3 Authority Key Identifier:
                keyid:FF:FF:0F:A5:1E:69:39:D0:1D:CA:A2:BB:3D:5D:CA:A6:D0:04:3D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__8PpR5pOdAdyqK7PV3KptAEPaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/DDr_t_Pu5_5l6HnGwLZBs_j-a2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/9cb6b5-7a53-406f-af7a-17c38d9c3768/1/__8PpR5pOdAdyqK7PV3KptAEPaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d540::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:af:e9:51:f3:95:75:10:ca:9e:9f:6a:e9:94:a2:1d:b7:3f:
         55:a3:50:77:26:bd:00:95:e6:df:54:c9:18:85:20:a6:93:27:
         f1:1c:a3:63:e0:35:28:28:b0:a3:d7:d4:3b:19:1e:d2:ea:3c:
         c7:aa:9a:9b:f7:34:8f:80:24:c9:4e:2a:b1:81:3a:2c:8e:fe:
         a3:82:a6:be:03:aa:c0:42:46:64:95:8d:b1:4b:b0:55:f5:ac:
         e1:99:c3:fd:7e:7d:5d:27:7a:6f:18:8a:80:e9:92:78:0c:48:
         e9:eb:8a:dc:3d:75:2d:3a:7d:40:be:a9:23:9b:c3:d3:3b:10:
         dc:06:f2:a0:2f:4a:e1:84:48:0c:06:7b:53:69:84:50:a1:4b:
         96:d0:1b:1a:6f:32:ad:4b:b2:4b:38:57:d9:2d:8c:dc:cd:81:
         7b:8c:ef:c9:f1:94:0a:9a:db:85:69:6b:fa:4f:13:08:ec:fe:
         82:01:e5:58:4a:c4:91:ac:5e:66:fc:6f:8a:c1:96:08:8f:b4:
         27:37:97:56:7c:f7:a8:90:9c:62:50:02:33:fa:43:54:46:4b:
         61:7c:f2:48:94:fc:97:21:f5:46:ae:f7:63:7f:63:47:8a:dc:
         81:b7:2c:81:cd:04:72:25:fc:63:a4:82:04:b5:eb:a4:50:8e:
         9e:e8:84:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZK+SUhOm1hh1yIrShrAVqp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZmYwZmE1MWU2OTM5ZDAxZGNhYTJiYjNkNWRjYWE2ZDAw
NDNkYTIwHhcNMjQxMDI0MTEyODQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzNhZmZiN2YzZWVlN2ZlNjVlODc5YzZjMGI2NDFiM2Y4ZmU2YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWJYFhsZtycrB8i5QvJvFkVCH1s/
p4ZHwsZTHBFPySmqC1FYz3pQgP07Bjz0gy2N55075izCqMb9ErUY7sNb3P3CzK7D
w3t7jhI6ATRtwHjswfHnhWenGx7QuGOjz6v31z6Ek7H7XRoncqy/V/hVUMDsCDFV
pRB+7Wh/VxpndFhtU6YNZDAc5AiS4b2PpdY1TuB3HVkcLJspQ8H8rl1cO9v9t8gC
shrBGZhP5NNctgSQ6JRDrvkySWip39fhv1K62fcuT8dNWnljI3G/YSXVBQsCTukB
YREr6x/XRejBgdn9NKEkOha1zMNooR9yJykuqmzIoUtb9U+nNUlFTTgS1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAw6/7fz7uf+Zeh5xsC2QbP4/mtgMB8GA1UdIwQY
MBaAFP//D6UeaTnQHcqiuz1dyqbQBD2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX184UHBSNXBPZEFkeXFLN1BWM0twdEFFUGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS85Y2I2YjUtN2E1My00MDZmLWFmN2Et
MTdjMzhkOWMzNzY4LzEvRERyX3RfUHU1XzVsNkhuR3dMWkJzX2otYTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS85Y2I2YjUtN2E1My00MDZmLWFmN2EtMTdjMzhkOWMzNzY4
LzEvX184UHBSNXBPZEFkeXFLN1BWM0twdEFFUGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgLVQDAN
BgkqhkiG9w0BAQsFAAOCAQEAZa/pUfOVdRDKnp9q6ZSiHbc/VaNQdya9AJXm31TJ
GIUgppMn8RyjY+A1KCiwo9fUOxke0uo8x6qam/c0j4AkyU4qsYE6LI7+o4KmvgOq
wEJGZJWNsUuwVfWs4ZnD/X59XSd6bxiKgOmSeAxI6euK3D11LTp9QL6pI5vD0zsQ
3AbyoC9K4YRIDAZ7U2mEUKFLltAbGm8yrUuySzhX2S2M3M2Be4zvyfGUCprbhWlr
+k8TCOz+ggHlWErEkaxeZvxvisGWCI+0JzeXVnz3qJCcYlACM/pDVEZLYXzySJT8
lyH1Rq73Y39jR4rcgbcsgc0EciX8Y6SCBLXrpFCOnuiE5g==
-----END CERTIFICATE-----