Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/_649tF1DicHgDaMoOP9giaZQx-c.roa
File:                     _649tF1DicHgDaMoOP9giaZQx-c.roa (raw, json)
Hash identifier:          D3ciARMEX+Oep1cDOouU4MUVWuqfBBkOn2OeObtcX/A=
Subject key identifier:   FF:AE:3D:B4:5D:43:89:C1:E0:0D:A3:28:38:FF:60:89:A6:50:C7:E7
Certificate issuer:       /CN=91a071508338260551a55f01fd0708fdf5e08287
Certificate serial:       018CC348B122F89854B2582078B5C83DF012
Authority key identifier: 91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/_649tF1DicHgDaMoOP9giaZQx-c.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8466
IP address blocks:        2a05:9ec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b1:22:f8:98:54:b2:58:20:78:b5:c8:3d:f0:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91a071508338260551a55f01fd0708fdf5e08287
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffae3db45d4389c1e00da32838ff6089a650c7e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ea:1d:a4:cb:e6:58:59:37:30:a2:69:ca:8b:
                    c8:e2:d1:0a:d9:24:0b:79:87:6e:b4:f0:b3:53:43:
                    54:db:f0:5f:a8:44:c9:df:d3:8a:ec:9e:78:48:4b:
                    8d:6f:f3:cb:b3:06:95:3b:a1:dc:55:25:5e:40:84:
                    db:3c:01:10:36:61:c7:88:6c:54:b1:77:22:b3:4a:
                    a7:91:95:8e:58:5f:1f:71:4e:4e:e0:55:f0:79:f7:
                    d4:7b:5e:82:1e:9d:a7:f8:bf:70:62:70:0a:06:57:
                    39:77:89:57:29:ea:f7:00:47:ef:9f:53:58:e1:17:
                    49:36:4b:47:5b:57:ac:89:d4:86:64:64:09:d1:a6:
                    27:67:ba:6f:e3:93:ea:3c:b4:c9:d6:44:06:f9:9d:
                    47:1a:48:3f:4f:44:7c:00:0b:01:83:cf:96:5a:7b:
                    bc:ad:f7:57:85:a6:24:52:a8:41:f2:17:fb:02:d8:
                    d1:51:00:af:77:d7:a2:37:bb:f6:b8:95:27:b7:c8:
                    dd:19:eb:81:8c:9a:c2:e2:c6:78:f4:8f:86:62:86:
                    f7:4e:83:7f:69:7c:03:48:fe:f1:35:53:45:71:eb:
                    57:61:4b:45:89:6d:c4:6f:8d:a8:3e:b2:73:72:b3:
                    6e:db:47:9a:f0:14:62:f3:41:06:ac:c4:44:5f:b1:
                    81:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:AE:3D:B4:5D:43:89:C1:E0:0D:A3:28:38:FF:60:89:A6:50:C7:E7
            X509v3 Authority Key Identifier:
                keyid:91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/_649tF1DicHgDaMoOP9giaZQx-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:75:fd:7a:2a:02:9f:ad:97:1c:2b:b1:0b:9e:61:26:b5:57:
         ba:88:4e:cd:8b:aa:85:61:c9:82:57:bc:ce:2d:c6:3b:74:e2:
         5c:3c:46:be:04:fb:da:79:c8:86:25:ba:43:54:20:06:2b:e5:
         c4:3b:7c:43:dd:a1:45:b3:80:06:be:b3:f1:c8:82:19:f0:b8:
         7e:ee:2a:be:43:6e:f4:e0:32:d2:0a:75:53:d0:2a:53:c3:e6:
         34:3a:db:a9:03:77:d1:2c:0a:37:40:7f:ce:1f:33:5c:c4:8b:
         8d:6f:34:85:d0:5b:91:95:80:0c:f6:1f:94:1a:7a:c1:46:c6:
         59:ae:9b:eb:37:02:49:f2:12:00:41:cb:bd:f5:ed:42:78:c2:
         48:ca:40:f9:a8:18:e3:83:1d:a7:98:de:6b:25:51:86:eb:1f:
         56:6c:23:f7:b9:f7:7a:0e:ee:19:1b:54:5b:59:b3:95:a8:85:
         4e:6a:48:69:d7:c5:76:aa:0a:3c:f2:89:73:82:b2:d5:49:10:
         bf:22:cd:b8:33:d6:b6:e3:cf:b5:60:7a:c3:4f:b6:bd:94:8d:
         5f:99:f0:64:97:6f:22:0b:61:49:2c:3e:21:aa:37:44:6e:75:
         31:48:97:99:34:78:a9:92:ba:b5:d1:eb:86:db:21:34:36:10:
         a1:88:31:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSLEi+JhUslggeLXIPfASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYTA3MTUwODMzODI2MDU1MWE1NWYwMWZkMDcwOGZkZjVl
MDgyODcwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmFlM2RiNDVkNDM4OWMxZTAwZGEzMjgzOGZmNjA4OWE2NTBjN2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+odpMvmWFk3MKJpyovI4tEK2SQL
eYdutPCzU0NU2/BfqETJ39OK7J54SEuNb/PLswaVO6HcVSVeQITbPAEQNmHHiGxU
sXcis0qnkZWOWF8fcU5O4FXweffUe16CHp2n+L9wYnAKBlc5d4lXKer3AEfvn1NY
4RdJNktHW1esidSGZGQJ0aYnZ7pv45PqPLTJ1kQG+Z1HGkg/T0R8AAsBg8+WWnu8
rfdXhaYkUqhB8hf7AtjRUQCvd9eiN7v2uJUnt8jdGeuBjJrC4sZ49I+GYob3ToN/
aXwDSP7xNVNFcetXYUtFiW3Eb42oPrJzcrNu20ea8BRi80EGrMREX7GB6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP+uPbRdQ4nB4A2jKDj/YImmUMfnMB8GA1UdIwQY
MBaAFJGgcVCDOCYFUaVfAf0HCP314IKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWIt
ZWU1NTU5YjM2NThiLzEvXzY0OXRGMURpY0hnRGFNb09QOWdpYVpReC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWItZWU1NTU5YjM2NThi
LzEva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgWewDAN
BgkqhkiG9w0BAQsFAAOCAQEAinX9eioCn62XHCuxC55hJrVXuohOzYuqhWHJgle8
zi3GO3TiXDxGvgT72nnIhiW6Q1QgBivlxDt8Q92hRbOABr6z8ciCGfC4fu4qvkNu
9OAy0gp1U9AqU8PmNDrbqQN30SwKN0B/zh8zXMSLjW80hdBbkZWADPYflBp6wUbG
Wa6b6zcCSfISAEHLvfXtQnjCSMpA+agY44Mdp5jeayVRhusfVmwj97n3eg7uGRtU
W1mzlaiFTmpIadfFdqoKPPKJc4Ky1UkQvyLNuDPWtuPPtWB6w0+2vZSNX5nwZJdv
IgthSSw+Iao3RG51MUiXmTR4qZK6tdHrhtshNDYQoYgxkQ==
-----END CERTIFICATE-----