Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/rNvFjsakbdYO_4qiQ8d-6Wu8ItY.roa
File:                     rNvFjsakbdYO_4qiQ8d-6Wu8ItY.roa (raw, json)
Hash identifier:          YC7PWz3Mp/Mmu1u8j9XvIsiLkat61Ev5ijQTxDgv90o=
Subject key identifier:   AC:DB:C5:8E:C6:A4:6D:D6:0E:FF:8A:A2:43:C7:7E:E9:6B:BC:22:D6
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C59FA25588EEBEB91985B95C05CB
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/rNvFjsakbdYO_4qiQ8d-6Wu8ItY.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57755
IP address blocks:        2a0a:4e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:9f:a2:55:88:ee:be:b9:19:85:b9:5c:05:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acdbc58ec6a46dd60eff8aa243c77ee96bbc22d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d0:49:4c:80:ad:e0:d1:92:b4:72:07:85:61:
                    f7:8a:60:a3:08:c4:46:55:b7:15:bf:73:5b:e7:5b:
                    ab:18:49:24:c6:a9:35:0a:62:ae:c0:04:cb:b3:86:
                    9b:10:4f:c6:b4:5b:b8:a7:4d:bf:43:a5:6d:ba:43:
                    82:c1:4e:45:e6:08:f8:a1:a5:bc:26:f5:77:d7:58:
                    c7:07:7c:26:41:b4:91:fc:8d:a3:a2:2b:9c:be:c4:
                    d8:7a:4d:77:2f:2d:9c:10:39:87:57:04:9c:ba:3b:
                    79:28:ab:5a:9e:0f:6f:a5:af:26:43:95:e6:86:e6:
                    cf:09:94:24:ce:3d:5f:d4:cd:49:97:1f:58:1d:29:
                    7e:6d:76:14:60:2c:97:c1:03:52:13:bf:ab:61:98:
                    83:56:9b:6c:55:c5:99:74:c2:1c:71:61:14:db:39:
                    c9:76:84:18:a3:1c:d1:6e:3b:4d:e7:19:88:01:ef:
                    ac:0c:18:79:9d:75:5e:e2:e6:9d:7f:c3:96:a3:1f:
                    da:90:9f:6a:c4:94:cb:68:06:97:86:2c:e6:1d:69:
                    b7:f1:3f:7a:dd:27:a3:4e:f0:39:75:45:b2:0e:46:
                    c7:89:36:cc:90:e1:a0:b3:4f:e8:97:d3:28:a3:4d:
                    63:51:19:06:71:e6:03:7a:dc:0f:90:a5:7e:34:43:
                    1b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DB:C5:8E:C6:A4:6D:D6:0E:FF:8A:A2:43:C7:7E:E9:6B:BC:22:D6
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/rNvFjsakbdYO_4qiQ8d-6Wu8ItY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:27:71:9f:69:cf:ba:3c:82:c7:cd:b5:4e:51:e8:25:8c:4b:
         d5:55:2d:86:3e:94:fd:60:69:a9:c9:e8:ed:66:e1:71:22:80:
         7f:b0:59:42:82:a1:ae:a9:bc:af:99:50:f5:ae:fd:8d:21:b9:
         d6:01:d9:6a:c4:8c:d0:1a:6f:b2:6a:19:ec:88:24:63:3e:70:
         ad:b8:bb:82:84:50:67:ea:28:6a:d3:5e:63:ca:95:cb:b7:0a:
         9a:11:d0:ea:a7:12:14:1b:eb:13:c1:21:82:7f:0d:7c:11:7f:
         f4:2a:f0:1e:22:ab:82:bd:f2:34:42:e3:b6:d4:c9:69:ec:eb:
         0b:96:f4:82:c8:d5:0c:fb:43:ff:be:ec:8c:db:7c:64:18:a5:
         ed:65:8a:4a:46:23:0b:75:05:ac:72:29:b5:5c:c1:77:09:d8:
         cd:db:21:d4:92:49:0a:7a:9d:2f:fe:c1:b6:6b:57:a4:54:a0:
         e3:bb:79:f7:c8:66:d6:1d:da:c1:9f:ec:3a:e3:f5:2d:ae:ed:
         d3:b1:0e:5e:24:2e:d8:ba:65:41:c0:e0:2c:d0:c9:37:c3:9a:
         f0:58:d8:36:13:cc:ac:20:25:51:83:ee:2f:d3:61:4d:45:10:
         78:73:fe:48:81:48:5b:8c:d3:b6:d7:f0:24:b5:36:08:52:9e:
         0e:89:fa:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSMWfolWI7r65GYW5XAXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RiYzU4ZWM2YTQ2ZGQ2MGVmZjhhYTI0M2M3N2VlOTZiYmMyMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutBJTICt4NGStHIHhWH3imCjCMRG
VbcVv3Nb51urGEkkxqk1CmKuwATLs4abEE/GtFu4p02/Q6VtukOCwU5F5gj4oaW8
JvV311jHB3wmQbSR/I2joiucvsTYek13Ly2cEDmHVwScujt5KKtang9vpa8mQ5Xm
hubPCZQkzj1f1M1Jlx9YHSl+bXYUYCyXwQNSE7+rYZiDVptsVcWZdMIccWEU2znJ
doQYoxzRbjtN5xmIAe+sDBh5nXVe4uadf8OWox/akJ9qxJTLaAaXhizmHWm38T96
3SejTvA5dUWyDkbHiTbMkOGgs0/ol9Moo01jURkGceYDetwPkKV+NEMbtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKzbxY7GpG3WDv+KokPHfulrvCLWMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvck52RmpzYWtiZFlPXzRxaVE4ZC02V3U4SXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgpOADAN
BgkqhkiG9w0BAQsFAAOCAQEAlydxn2nPujyCx821TlHoJYxL1VUthj6U/WBpqcno
7WbhcSKAf7BZQoKhrqm8r5lQ9a79jSG51gHZasSM0BpvsmoZ7IgkYz5wrbi7goRQ
Z+ooatNeY8qVy7cKmhHQ6qcSFBvrE8Ehgn8NfBF/9CrwHiKrgr3yNELjttTJaezr
C5b0gsjVDPtD/77sjNt8ZBil7WWKSkYjC3UFrHIptVzBdwnYzdsh1JJJCnqdL/7B
tmtXpFSg47t598hm1h3awZ/sOuP1La7t07EOXiQu2LplQcDgLNDJN8Oa8FjYNhPM
rCAlUYPuL9NhTUUQeHP+SIFIW4zTttfwJLU2CFKeDon67g==
-----END CERTIFICATE-----