Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/XzZ_eDvQudMjfrVt71MhBN20qFo.roa
File:                     XzZ_eDvQudMjfrVt71MhBN20qFo.roa (raw, json)
Hash identifier:          vWJnS4bVH9zSypK0qkycP1U2oX/uSpILb8Pat5uosaI=
Subject key identifier:   5F:36:7F:78:3B:D0:B9:D3:23:7E:B5:6D:EF:53:21:04:DD:B4:A8:5A
Certificate issuer:       /CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
Certificate serial:       018CC7270B0FE02546EC463A1EAA23FAC9DA
Authority key identifier: 2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/XzZ_eDvQudMjfrVt71MhBN20qFo.roa
Signing time:             Mon 01 Jan 2024 22:31:13 +0000
ROA not before:           Mon 01 Jan 2024 22:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209907
IP address blocks:        2a0f:ca00:8002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0b:0f:e0:25:46:ec:46:3a:1e:aa:23:fa:c9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
        Validity
            Not Before: Jan  1 22:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f367f783bd0b9d3237eb56def532104ddb4a85a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:98:15:fc:dc:f6:3e:98:d9:ad:ae:d2:4f:49:
                    d8:4d:cb:1d:8b:cb:bc:4d:eb:3c:f8:e7:26:09:86:
                    10:62:f7:f0:b5:6b:c0:44:aa:6c:a4:3a:e1:7c:86:
                    b9:8c:a8:fb:40:a6:9d:96:13:84:3d:71:70:50:2b:
                    51:ab:30:96:d4:6d:ae:3c:79:db:9d:9a:71:e8:7d:
                    11:09:68:c3:2b:c8:ce:d2:91:7c:ba:73:6e:b3:19:
                    68:92:a1:50:e7:2e:5c:d7:30:11:01:77:66:71:84:
                    c7:69:b7:13:c3:ca:54:54:9d:88:de:ec:8c:ea:02:
                    2e:fa:b4:a1:42:f4:60:17:fd:c6:37:b1:f8:50:20:
                    d6:06:00:55:45:4f:24:df:45:ae:b5:63:df:27:7c:
                    8f:6f:3f:fa:b8:38:15:09:2a:17:fb:fc:5a:4c:b5:
                    d2:4d:7b:ab:eb:fb:29:9f:5a:75:75:3e:2c:3d:f0:
                    cf:f6:b0:23:05:82:cf:95:12:30:d8:0d:73:bc:6d:
                    51:cd:3a:9f:a7:fe:bc:39:b8:d4:8c:6b:1a:17:94:
                    cc:70:99:6a:cf:4a:6f:34:1e:51:33:35:0f:40:20:
                    40:b6:d0:cd:e2:3e:3a:2c:58:fb:0e:9d:30:37:f3:
                    1f:80:2f:c5:14:6f:42:54:4d:66:4e:d5:f2:2f:86:
                    01:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:36:7F:78:3B:D0:B9:D3:23:7E:B5:6D:EF:53:21:04:DD:B4:A8:5A
            X509v3 Authority Key Identifier:
                keyid:2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/XzZ_eDvQudMjfrVt71MhBN20qFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca00:8002::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:d5:8f:7a:b8:f9:cf:9d:b3:fa:4b:24:25:ba:fe:c0:d5:55:
         63:f4:92:16:3d:1e:6a:26:c0:33:a0:93:ff:2f:2a:7c:fb:b5:
         66:30:06:eb:07:fa:f2:6b:7f:3b:80:8f:4f:ec:ea:ef:6d:9d:
         df:98:46:eb:16:0f:70:de:b0:f5:8b:08:6a:f9:86:d1:19:d1:
         40:04:1f:fe:d4:6d:49:36:77:72:c0:ed:e3:7e:68:84:e1:d2:
         8d:78:6b:a9:22:40:1e:5a:fa:d3:39:e1:13:57:ec:c5:31:6b:
         d2:5d:d9:62:07:3e:87:8f:52:fa:07:10:49:69:0c:9a:40:89:
         b0:08:0e:36:ed:7d:52:62:50:c9:09:00:56:d8:64:81:6c:87:
         ac:8d:e7:87:81:20:22:33:21:55:c2:be:56:c7:94:68:f5:93:
         2e:13:bb:b0:d4:f3:42:af:af:42:23:cc:41:ab:42:f5:80:a5:
         5e:27:0a:83:54:d1:3d:0f:4e:2a:d9:77:24:c6:37:d3:6b:27:
         8b:04:59:70:2a:9a:97:de:75:3a:73:65:fd:35:3c:ee:09:af:
         d0:f3:48:67:a1:05:b4:72:f0:67:62:9a:2d:18:6c:50:d3:c2:
         3c:6b:9c:0d:4f:a8:52:44:18:38:7a:dd:70:33:ee:f7:ad:3e:
         fe:59:55:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJwsP4CVG7EY6Hqoj+snaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZGQ0MzhhN2NlM2NiMzc5ZjI4Y2ZhMDUxY2Y2M2Q1YWQ4
ZmUzY2EwHhcNMjQwMTAxMjIzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjM2N2Y3ODNiZDBiOWQzMjM3ZWI1NmRlZjUzMjEwNGRkYjRhODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5gV/Nz2PpjZra7ST0nYTcsdi8u8
Tes8+OcmCYYQYvfwtWvARKpspDrhfIa5jKj7QKadlhOEPXFwUCtRqzCW1G2uPHnb
nZpx6H0RCWjDK8jO0pF8unNusxlokqFQ5y5c1zARAXdmcYTHabcTw8pUVJ2I3uyM
6gIu+rShQvRgF/3GN7H4UCDWBgBVRU8k30WutWPfJ3yPbz/6uDgVCSoX+/xaTLXS
TXur6/spn1p1dT4sPfDP9rAjBYLPlRIw2A1zvG1RzTqfp/68ObjUjGsaF5TMcJlq
z0pvNB5RMzUPQCBAttDN4j46LFj7Dp0wN/MfgC/FFG9CVE1mTtXyL4YBjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF82f3g70LnTI361be9TIQTdtKhaMB8GA1UdIwQY
MBaAFCrdQ4p848s3nyjPoFHPY9Wtj+PKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUt
MjBhMGQxMzBjNDU2LzEvWHpaX2VEdlF1ZE1qZnJWdDcxTWhCTjIwcUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUtMjBhMGQxMzBjNDU2
LzEvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/KAIAC
MA0GCSqGSIb3DQEBCwUAA4IBAQB21Y96uPnPnbP6SyQluv7A1VVj9JIWPR5qJsAz
oJP/Lyp8+7VmMAbrB/rya387gI9P7OrvbZ3fmEbrFg9w3rD1iwhq+YbRGdFABB/+
1G1JNndywO3jfmiE4dKNeGupIkAeWvrTOeETV+zFMWvSXdliBz6Hj1L6BxBJaQya
QImwCA427X1SYlDJCQBW2GSBbIesjeeHgSAiMyFVwr5Wx5Ro9ZMuE7uw1PNCr69C
I8xBq0L1gKVeJwqDVNE9D04q2XckxjfTayeLBFlwKpqX3nU6c2X9NTzuCa/Q80hn
oQW0cvBnYpotGGxQ08I8a5wNT6hSRBg4et1wM+73rT7+WVX5
-----END CERTIFICATE-----