Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/K9GLawJ6wrJ-JVTYma1CO6jT5A4.roa
File:                     K9GLawJ6wrJ-JVTYma1CO6jT5A4.roa (raw, json)
Hash identifier:          HezDQr3uGhpAqGUS+YrHOk7esLrYD4BQyOGEXJmvsbY=
Subject key identifier:   2B:D1:8B:6B:02:7A:C2:B2:7E:25:54:D8:99:AD:42:3B:A8:D3:E4:0E
Certificate issuer:       /CN=4b20d5c78c107bcf9c715453d21444f696e44b11
Certificate serial:       018CC424521A43CBDDEF8C3626FD2B94CC58
Authority key identifier: 4B:20:D5:C7:8C:10:7B:CF:9C:71:54:53:D2:14:44:F6:96:E4:4B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/K9GLawJ6wrJ-JVTYma1CO6jT5A4.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61095
IP address blocks:        2a04:1040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:52:1a:43:cb:dd:ef:8c:36:26:fd:2b:94:cc:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b20d5c78c107bcf9c715453d21444f696e44b11
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bd18b6b027ac2b27e2554d899ad423ba8d3e40e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a8:4d:3c:59:3d:0e:45:99:31:9a:5a:d5:60:
                    13:74:78:22:71:95:3f:d1:96:e0:47:39:b5:ca:4f:
                    be:de:7a:65:d2:ae:d3:fc:31:b4:7b:28:c6:4a:0c:
                    3c:3f:c9:03:cd:ae:4e:1f:0f:fd:ed:87:eb:34:44:
                    5e:82:6b:fb:50:d5:5b:a0:70:48:a7:e2:4e:cc:8e:
                    ec:5c:6a:8a:92:ff:0b:04:82:f0:a9:f3:c0:70:26:
                    9f:63:36:ec:9b:0f:4a:5b:86:23:64:1b:89:9f:b4:
                    f3:76:d0:fd:4a:8e:d0:0f:fd:0d:48:d8:2b:0d:2e:
                    1c:47:51:c0:a1:ae:5b:9c:36:a7:e4:5a:e7:bb:35:
                    65:24:6d:35:73:bb:7b:58:4a:43:c8:7e:68:be:02:
                    1f:09:a6:49:e7:8c:1d:77:2b:81:8a:57:3d:90:27:
                    43:d9:24:c1:cd:3c:18:e0:39:06:ee:9f:cb:e0:09:
                    60:2f:bc:8b:82:3c:1a:bd:cd:bf:15:d6:d6:87:d9:
                    0e:e7:a0:cd:65:77:60:b0:3b:e1:ee:63:c3:a0:83:
                    9c:e3:da:7f:3d:54:18:26:5c:00:84:35:6d:18:e2:
                    1c:87:9e:a0:41:48:d4:68:95:6a:ad:6e:4a:c0:c8:
                    12:7f:3e:12:9c:b2:09:3c:fd:1b:6b:8c:5b:a6:bb:
                    41:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D1:8B:6B:02:7A:C2:B2:7E:25:54:D8:99:AD:42:3B:A8:D3:E4:0E
            X509v3 Authority Key Identifier:
                keyid:4B:20:D5:C7:8C:10:7B:CF:9C:71:54:53:D2:14:44:F6:96:E4:4B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/K9GLawJ6wrJ-JVTYma1CO6jT5A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1040::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:67:0f:60:9a:54:4d:8c:81:32:6a:d5:0a:5d:37:4c:7c:29:
         76:69:8c:22:ad:6a:24:d3:f5:29:bf:db:26:e0:e2:f3:81:9c:
         de:7c:fd:19:76:c8:cb:c3:12:e1:e4:de:b7:28:66:32:db:2d:
         1e:a7:c0:e9:2f:d0:e9:68:f4:2b:fb:9b:41:4e:5b:e3:27:9d:
         f2:08:e3:71:06:a3:d8:50:4a:c8:c1:62:0d:f2:7d:b5:1d:c0:
         95:35:c6:d0:95:ce:ae:33:3c:0d:8f:77:0f:fc:96:07:8f:df:
         ec:62:b2:71:02:85:46:6a:7e:d5:44:d5:96:3b:5c:a6:fa:40:
         e1:69:51:3b:7d:21:0f:d7:92:6c:20:23:48:83:f1:f1:65:e5:
         ff:fd:54:b0:ec:7d:b8:18:2b:10:3a:e8:9c:91:55:f4:ce:c3:
         9d:73:78:ec:79:bb:97:ee:93:a1:76:da:87:18:44:95:02:ec:
         ee:da:5b:c8:06:78:62:64:77:be:03:45:e9:58:e8:29:c7:e9:
         4f:20:f7:59:06:cd:69:6d:81:6e:e2:3c:ce:bc:72:2f:73:a8:
         ae:92:af:1c:1a:b3:88:d1:1a:5f:d2:da:04:25:f8:9b:94:87:
         57:b8:bd:0b:69:39:ad:d8:05:2d:af:36:bc:64:e3:31:5e:60:
         fb:4f:9f:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJFIaQ8vd74w2Jv0rlMxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMjBkNWM3OGMxMDdiY2Y5YzcxNTQ1M2QyMTQ0NGY2OTZl
NDRiMTEwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQxOGI2YjAyN2FjMmIyN2UyNTU0ZDg5OWFkNDIzYmE4ZDNlNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6hNPFk9DkWZMZpa1WATdHgicZU/
0ZbgRzm1yk++3npl0q7T/DG0eyjGSgw8P8kDza5OHw/97YfrNERegmv7UNVboHBI
p+JOzI7sXGqKkv8LBILwqfPAcCafYzbsmw9KW4YjZBuJn7TzdtD9So7QD/0NSNgr
DS4cR1HAoa5bnDan5FrnuzVlJG01c7t7WEpDyH5ovgIfCaZJ54wddyuBilc9kCdD
2STBzTwY4DkG7p/L4AlgL7yLgjwavc2/FdbWh9kO56DNZXdgsDvh7mPDoIOc49p/
PVQYJlwAhDVtGOIch56gQUjUaJVqrW5KwMgSfz4SnLIJPP0ba4xbprtBFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCvRi2sCesKyfiVU2JmtQjuo0+QOMB8GA1UdIwQY
MBaAFEsg1ceMEHvPnHFUU9IURPaW5EsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3lEVng0d1FlOC1jY1ZSVDBoUkU5cGJrU3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xZTQ4YjYtN2ZiMC00YTEyLWIzZTct
NGI5YTYwNThiNDIzLzEvSzlHTGF3SjZ3ckotSlZUWW1hMUNPNmpUNUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xZTQ4YjYtN2ZiMC00YTEyLWIzZTctNGI5YTYwNThiNDIz
LzEvU3lEVng0d1FlOC1jY1ZSVDBoUkU5cGJrU3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgQQQDAN
BgkqhkiG9w0BAQsFAAOCAQEAH2cPYJpUTYyBMmrVCl03THwpdmmMIq1qJNP1Kb/b
JuDi84Gc3nz9GXbIy8MS4eTetyhmMtstHqfA6S/Q6Wj0K/ubQU5b4yed8gjjcQaj
2FBKyMFiDfJ9tR3AlTXG0JXOrjM8DY93D/yWB4/f7GKycQKFRmp+1UTVljtcpvpA
4WlRO30hD9eSbCAjSIPx8WXl//1UsOx9uBgrEDronJFV9M7DnXN47Hm7l+6ToXba
hxhElQLs7tpbyAZ4YmR3vgNF6VjoKcfpTyD3WQbNaW2BbuI8zrxyL3OorpKvHBqz
iNEaX9LaBCX4m5SHV7i9C2k5rdgFLa82vGTjMV5g+0+flA==
-----END CERTIFICATE-----