Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f6f5c3-6146-48ca-affa-3d8584cf53fe/1/_3AISjur6UD7-w0g1apcDLS1qKE.roa
File:                     _3AISjur6UD7-w0g1apcDLS1qKE.roa (raw, json)
Hash identifier:          uX9i9dA9htZZ9c95EJrXL0LlREewucyd38iCWLJzUF8=
Subject key identifier:   FF:70:08:4A:3B:AB:E9:40:FB:FB:0D:20:D5:AA:5C:0C:B4:B5:A8:A1
Certificate issuer:       /CN=429c54be1da7e738e3c96ffb41f1ea3900a67be8
Certificate serial:       018CC8011B0394B7729ED36037AF95CA7D3E
Authority key identifier: 42:9C:54:BE:1D:A7:E7:38:E3:C9:6F:FB:41:F1:EA:39:00:A6:7B:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpxUvh2n5zjjyW_7QfHqOQCme-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f6f5c3-6146-48ca-affa-3d8584cf53fe/1/_3AISjur6UD7-w0g1apcDLS1qKE.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209432
IP address blocks:        2a0e:cc0::/48 maxlen: 48
                          2a0e:cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f6f5c3-6146-48ca-affa-3d8584cf53fe/1/QpxUvh2n5zjjyW_7QfHqOQCme-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f6f5c3-6146-48ca-affa-3d8584cf53fe/1/QpxUvh2n5zjjyW_7QfHqOQCme-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpxUvh2n5zjjyW_7QfHqOQCme-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1b:03:94:b7:72:9e:d3:60:37:af:95:ca:7d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429c54be1da7e738e3c96ffb41f1ea3900a67be8
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff70084a3babe940fbfb0d20d5aa5c0cb4b5a8a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d8:b5:b0:af:17:80:07:4d:f6:ff:1a:a7:87:
                    60:07:9f:0e:b8:a3:ea:f7:d4:04:27:a6:27:0b:0b:
                    5f:33:70:94:5e:c9:e4:29:fe:91:66:b9:3e:ca:b7:
                    23:98:11:ac:03:55:50:24:e7:f4:7e:4a:00:b0:9a:
                    16:b3:54:fd:f0:bb:e8:97:1e:87:3c:17:df:04:64:
                    ae:1d:c1:5f:3f:50:c0:3d:52:ca:34:16:96:55:55:
                    c1:62:57:98:1f:53:fb:19:6c:e8:53:2e:c0:30:01:
                    75:db:61:24:c8:7d:f8:f6:45:99:8a:ad:8b:32:8c:
                    c7:72:48:c5:b0:f7:e2:40:91:48:de:38:78:75:79:
                    cd:fa:4e:3b:dd:67:f5:a8:f1:6b:de:7e:1c:47:7b:
                    0f:f2:cc:14:8c:aa:4b:7a:25:02:c6:f6:30:d1:8f:
                    e9:7c:26:64:4b:e8:4d:80:a1:00:32:6e:d6:b7:d5:
                    19:f3:71:70:89:d9:83:a3:6b:2b:b9:d7:7d:5c:c0:
                    3e:2d:99:fa:95:6f:94:ad:3b:3b:7f:8e:45:91:1d:
                    d1:d4:b6:94:39:d9:58:a6:09:d0:08:0c:ef:21:6e:
                    8d:33:7e:11:cc:1b:72:f3:1f:8d:ff:45:d4:5d:41:
                    dd:a3:ec:b3:4e:4b:10:ec:88:47:18:1c:9a:6c:a7:
                    86:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:70:08:4A:3B:AB:E9:40:FB:FB:0D:20:D5:AA:5C:0C:B4:B5:A8:A1
            X509v3 Authority Key Identifier:
                keyid:42:9C:54:BE:1D:A7:E7:38:E3:C9:6F:FB:41:F1:EA:39:00:A6:7B:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpxUvh2n5zjjyW_7QfHqOQCme-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f6f5c3-6146-48ca-affa-3d8584cf53fe/1/_3AISjur6UD7-w0g1apcDLS1qKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f6f5c3-6146-48ca-affa-3d8584cf53fe/1/QpxUvh2n5zjjyW_7QfHqOQCme-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:d4:e2:3d:1e:d9:23:63:c7:e4:be:21:c6:80:49:14:b9:b1:
         36:0a:a5:a1:b0:ee:45:94:a2:fe:09:4f:44:52:cb:48:a4:8c:
         73:f3:de:4d:42:94:f3:61:56:13:cf:a1:d5:c3:cb:b1:60:b1:
         87:a5:92:2e:a6:09:38:49:75:10:0f:61:d8:3a:b7:b2:98:fe:
         65:aa:7b:65:61:03:19:33:b5:42:14:01:f4:b5:d4:a9:a8:46:
         e9:e8:e2:46:0a:75:7c:b5:7f:e3:6f:0c:d9:06:a0:df:51:86:
         d1:b7:11:3a:72:08:41:d3:c6:91:76:d8:e5:79:ea:91:20:e5:
         a3:5f:8c:3c:79:f8:c9:14:d5:ea:be:07:bd:11:62:6b:70:dd:
         23:c8:6e:a0:a6:e6:6c:46:c7:3c:32:5c:f1:3c:b3:8d:c9:c0:
         15:ee:72:b9:ef:86:2f:5a:60:cc:ec:a5:a2:41:fd:d2:73:aa:
         eb:43:cf:f7:c2:02:da:33:43:48:29:58:7c:36:11:dc:c6:9d:
         14:84:d2:be:56:cb:63:10:4e:36:f4:d8:b6:3a:5f:d2:54:54:
         13:a6:e9:0e:22:08:3f:d1:63:2f:83:55:39:f1:16:1b:02:76:
         19:96:1f:69:29:07:0f:3d:41:22:71:e4:ac:3b:d9:a7:68:59:
         30:49:d8:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIARsDlLdyntNgN6+Vyn0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOWM1NGJlMWRhN2U3MzhlM2M5NmZmYjQxZjFlYTM5MDBh
NjdiZTgwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjcwMDg0YTNiYWJlOTQwZmJmYjBkMjBkNWFhNWMwY2I0YjVhOGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNi1sK8XgAdN9v8ap4dgB58OuKPq
99QEJ6YnCwtfM3CUXsnkKf6RZrk+yrcjmBGsA1VQJOf0fkoAsJoWs1T98Lvolx6H
PBffBGSuHcFfP1DAPVLKNBaWVVXBYleYH1P7GWzoUy7AMAF122EkyH349kWZiq2L
MozHckjFsPfiQJFI3jh4dXnN+k473Wf1qPFr3n4cR3sP8swUjKpLeiUCxvYw0Y/p
fCZkS+hNgKEAMm7Wt9UZ83FwidmDo2srudd9XMA+LZn6lW+UrTs7f45FkR3R1LaU
OdlYpgnQCAzvIW6NM34RzBty8x+N/0XUXUHdo+yzTksQ7IhHGByabKeGKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP9wCEo7q+lA+/sNINWqXAy0taihMB8GA1UdIwQY
MBaAFEKcVL4dp+c448lv+0Hx6jkApnvoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXB4VXZoMm41empqeVdfN1FmSHFPUUNtZS1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mNmY1YzMtNjE0Ni00OGNhLWFmZmEt
M2Q4NTg0Y2Y1M2ZlLzEvXzNBSVNqdXI2VUQ3LXcwZzFhcGNETFMxcUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mNmY1YzMtNjE0Ni00OGNhLWFmZmEtM2Q4NTg0Y2Y1M2Zl
LzEvUXB4VXZoMm41empqeVdfN1FmSHFPUUNtZS1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg4MwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQ9TiPR7ZI2PH5L4hxoBJFLmxNgqlobDuRZSi/glP
RFLLSKSMc/PeTUKU82FWE8+h1cPLsWCxh6WSLqYJOEl1EA9h2Dq3spj+Zap7ZWED
GTO1QhQB9LXUqahG6ejiRgp1fLV/428M2Qag31GG0bcROnIIQdPGkXbY5XnqkSDl
o1+MPHn4yRTV6r4HvRFia3DdI8huoKbmbEbHPDJc8TyzjcnAFe5yue+GL1pgzOyl
okH90nOq60PP98IC2jNDSClYfDYR3MadFITSvlbLYxBONvTYtjpf0lRUE6bpDiII
P9FjL4NVOfEWGwJ2GZYfaSkHDz1BInHkrDvZp2hZMEnYcw==
-----END CERTIFICATE-----