Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/Atjtu9edW-tNgYvtUirviZrDuHg.roa
File:                     Atjtu9edW-tNgYvtUirviZrDuHg.roa (raw, json)
Hash identifier:          DJ8l4EdNB193l2F0YlFiXQui1TcGlQgj/VT9FssvQ0E=
Subject key identifier:   02:D8:ED:BB:D7:9D:5B:EB:4D:81:8B:ED:52:2A:EF:89:9A:C3:B8:78
Certificate issuer:       /CN=2874e46bf636ea63e5d12362f551b80b27714780
Certificate serial:       018CC7953B93644EEACA3B99660DF0571FD8
Authority key identifier: 28:74:E4:6B:F6:36:EA:63:E5:D1:23:62:F5:51:B8:0B:27:71:47:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/Atjtu9edW-tNgYvtUirviZrDuHg.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203871
IP address blocks:        2a00:4cc6::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3b:93:64:4e:ea:ca:3b:99:66:0d:f0:57:1f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2874e46bf636ea63e5d12362f551b80b27714780
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02d8edbbd79d5beb4d818bed522aef899ac3b878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:99:8e:d1:d0:2d:0f:f2:5d:74:0b:05:97:0c:
                    62:2b:f2:78:04:0c:58:d8:0a:24:ed:27:16:67:fa:
                    24:b4:6e:d3:29:44:c5:57:1c:f8:eb:fd:8c:65:93:
                    c4:ac:57:38:26:ae:24:f3:16:e5:f3:02:a2:84:6e:
                    da:da:64:0e:78:bd:29:09:be:35:6b:c1:fb:31:c1:
                    be:4c:66:1e:c6:1c:b9:c9:da:13:08:6e:29:ab:ba:
                    f8:98:04:de:2f:0d:f2:61:41:2c:98:b7:5f:b6:f8:
                    f6:4b:f1:e0:a6:d2:34:02:71:6b:77:12:5f:00:78:
                    44:8d:92:47:54:fb:ef:11:a8:04:d4:8d:8d:40:a3:
                    71:c8:cc:bd:56:3f:34:4a:85:c9:92:1d:54:22:3d:
                    35:91:9a:ce:c1:d2:0d:80:d8:b4:78:e7:d9:7e:d0:
                    a8:a8:bc:e8:22:18:01:fd:10:7a:6f:f4:91:10:6f:
                    00:70:d4:72:5f:a5:ee:af:a7:c6:81:8d:2c:8f:9a:
                    dd:92:56:c6:9f:11:ca:01:b5:f0:e2:3f:c6:37:03:
                    60:4b:d6:98:b8:6e:8f:ba:27:5a:9c:00:a6:03:7c:
                    be:5c:78:00:ea:26:0a:58:81:6b:8a:8c:4c:78:95:
                    a8:14:9e:55:b7:f9:29:c7:fe:c2:65:6c:6c:7a:46:
                    8b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D8:ED:BB:D7:9D:5B:EB:4D:81:8B:ED:52:2A:EF:89:9A:C3:B8:78
            X509v3 Authority Key Identifier:
                keyid:28:74:E4:6B:F6:36:EA:63:E5:D1:23:62:F5:51:B8:0B:27:71:47:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/Atjtu9edW-tNgYvtUirviZrDuHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:4cc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:74:d6:2e:cd:58:84:3e:c9:c0:b0:5b:bd:a3:d3:24:41:ff:
         c8:2f:69:f5:21:a5:8e:36:fc:1b:5a:39:14:2e:51:22:63:41:
         4a:ae:cd:41:d9:00:73:40:ec:a7:3b:d7:d1:fe:15:2e:8b:aa:
         c2:ef:84:aa:4e:46:ba:09:ef:90:66:d4:9e:dd:da:ad:bd:e6:
         20:20:85:0b:e9:6a:41:bb:cb:2e:8e:6b:dc:f6:b6:11:ae:f4:
         d3:30:30:0c:bd:40:90:a3:33:58:24:5d:12:cd:4a:04:23:5f:
         c7:bc:45:40:f6:53:da:43:99:02:ef:81:f0:6b:d5:0c:83:db:
         07:b0:dc:b4:a9:42:6b:d7:31:91:29:d8:e7:13:47:f7:49:f1:
         44:7e:54:d0:1e:04:41:d4:5b:66:65:94:73:63:90:f0:a7:61:
         02:bf:aa:b8:f0:a0:1e:3e:29:e7:b7:19:a0:94:b8:e3:74:c4:
         7f:54:80:ef:70:34:d8:6f:9c:8d:db:83:df:45:33:8f:e2:64:
         5a:7a:9b:78:a0:58:8c:c1:d6:6c:af:d4:d4:1f:6e:f1:18:51:
         cc:77:27:65:f2:ec:38:bf:d5:6a:2d:2f:2f:de:22:0c:0a:fd:
         76:a7:62:ed:4b:9b:cb:6b:fc:e9:57:04:9c:df:36:eb:ff:e9:
         5e:da:c1:56
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlTuTZE7qyjuZZg3wVx/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NzRlNDZiZjYzNmVhNjNlNWQxMjM2MmY1NTFiODBiMjc3
MTQ3ODAwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQ4ZWRiYmQ3OWQ1YmViNGQ4MThiZWQ1MjJhZWY4OTlhYzNiODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZmO0dAtD/JddAsFlwxiK/J4BAxY
2Aok7ScWZ/oktG7TKUTFVxz46/2MZZPErFc4Jq4k8xbl8wKihG7a2mQOeL0pCb41
a8H7McG+TGYexhy5ydoTCG4pq7r4mATeLw3yYUEsmLdftvj2S/HgptI0AnFrdxJf
AHhEjZJHVPvvEagE1I2NQKNxyMy9Vj80SoXJkh1UIj01kZrOwdINgNi0eOfZftCo
qLzoIhgB/RB6b/SREG8AcNRyX6Xur6fGgY0sj5rdklbGnxHKAbXw4j/GNwNgS9aY
uG6PuidanACmA3y+XHgA6iYKWIFrioxMeJWoFJ5Vt/kpx/7CZWxsekaL9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFALY7bvXnVvrTYGL7VIq74maw7h4MB8GA1UdIwQY
MBaAFCh05Gv2Nupj5dEjYvVRuAsncUeAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0hUa2FfWTI2bVBsMFNOaTlWRzRDeWR4UjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lZGRjMDUtNDAyZC00ZGE3LTk3ZWYt
YzEwZGE2YWFjMWIxLzEvQXRqdHU5ZWRXLXROZ1l2dFVpcnZpWnJEdUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lZGRjMDUtNDAyZC00ZGE3LTk3ZWYtYzEwZGE2YWFjMWIx
LzEvS0hUa2FfWTI2bVBsMFNOaTlWRzRDeWR4UjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgBMxjAN
BgkqhkiG9w0BAQsFAAOCAQEAQXTWLs1YhD7JwLBbvaPTJEH/yC9p9SGljjb8G1o5
FC5RImNBSq7NQdkAc0DspzvX0f4VLouqwu+Eqk5GugnvkGbUnt3arb3mICCFC+lq
QbvLLo5r3Pa2Ea700zAwDL1AkKMzWCRdEs1KBCNfx7xFQPZT2kOZAu+B8GvVDIPb
B7DctKlCa9cxkSnY5xNH90nxRH5U0B4EQdRbZmWUc2OQ8KdhAr+quPCgHj4p57cZ
oJS443TEf1SA73A02G+cjduD30Uzj+JkWnqbeKBYjMHWbK/U1B9u8RhRzHcnZfLs
OL/Vai0vL94iDAr9dqdi7Uuby2v86VcEnN826//pXtrBVg==
-----END CERTIFICATE-----