Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/E7cyvC7MyPrhtVTfQuNzyg7soUY.roa
File:                     E7cyvC7MyPrhtVTfQuNzyg7soUY.roa (raw, json)
Hash identifier:          Xo5l52D35lRcRasFrpoyvpW6W45Yan92qAF0UhKnmCk=
Subject key identifier:   13:B7:32:BC:2E:CC:C8:FA:E1:B5:54:DF:42:E3:73:CA:0E:EC:A1:46
Certificate issuer:       /CN=83991afcd455eb1b174fcf89f8e10eaf7f70b355
Certificate serial:       018CC8713E8A8527DB34DDE1AB96AD987EC3
Authority key identifier: 83:99:1A:FC:D4:55:EB:1B:17:4F:CF:89:F8:E1:0E:AF:7F:70:B3:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/E7cyvC7MyPrhtVTfQuNzyg7soUY.roa
Signing time:             Tue 02 Jan 2024 04:31:53 +0000
ROA not before:           Tue 02 Jan 2024 04:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47602
IP address blocks:        2a09:4200::/29 maxlen: 29
                          2a04:2b87::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/g5ka_NRV6xsXT8-J-OEOr39ws1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/g5ka_NRV6xsXT8-J-OEOr39ws1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3e:8a:85:27:db:34:dd:e1:ab:96:ad:98:7e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83991afcd455eb1b174fcf89f8e10eaf7f70b355
        Validity
            Not Before: Jan  2 04:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13b732bc2eccc8fae1b554df42e373ca0eeca146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cc:43:c2:8e:ae:ce:36:3d:fb:b7:c2:67:37:
                    9b:da:0e:bf:db:71:98:ef:56:f1:5c:35:9f:c3:69:
                    ec:a3:bc:50:d2:af:5d:17:1b:86:39:0c:b0:55:b1:
                    fb:22:95:de:c2:83:84:2e:a4:bd:c3:0c:e3:1c:85:
                    bb:30:0a:33:a0:5e:f4:96:6d:e0:75:88:93:36:b5:
                    8a:e8:33:f4:af:2f:d3:1c:40:74:ee:a3:cb:03:bd:
                    a5:a0:d6:70:73:39:f0:20:bc:7e:5f:52:10:1c:a0:
                    19:89:b9:71:2e:3d:9f:58:78:e9:e1:42:ed:bf:74:
                    ff:86:9b:18:2f:b6:d1:35:29:73:c6:3d:11:73:4f:
                    90:2a:20:18:47:fe:50:82:be:6d:7f:f1:4b:79:87:
                    80:1e:06:74:be:e7:31:98:52:4e:1c:f8:0b:e8:48:
                    64:c1:53:b3:26:65:6d:86:04:be:a3:be:72:f0:d6:
                    8f:e8:6f:18:04:c2:45:fa:ac:25:e2:7c:ea:55:33:
                    71:79:ae:01:56:6b:9f:26:3f:2c:65:02:76:19:16:
                    7e:37:f3:65:20:cf:24:c3:9a:e3:aa:29:d6:e8:a3:
                    9e:a9:c3:e9:40:f7:5f:78:88:02:b7:e3:53:6c:b2:
                    33:1f:ed:9a:0c:ed:63:bc:9e:ea:89:02:fa:f3:e5:
                    39:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B7:32:BC:2E:CC:C8:FA:E1:B5:54:DF:42:E3:73:CA:0E:EC:A1:46
            X509v3 Authority Key Identifier:
                keyid:83:99:1A:FC:D4:55:EB:1B:17:4F:CF:89:F8:E1:0E:AF:7F:70:B3:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5ka_NRV6xsXT8-J-OEOr39ws1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/E7cyvC7MyPrhtVTfQuNzyg7soUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/69ed29-af4e-4524-adfb-e15437380099/1/g5ka_NRV6xsXT8-J-OEOr39ws1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b87::/32
                  2a09:4200::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:e9:89:6b:5f:97:3f:ef:2c:d4:80:77:42:7d:49:d7:f7:be:
         2b:40:3d:26:88:18:92:a5:6c:1d:ae:f1:04:02:f9:79:61:10:
         d0:2e:fb:e8:88:5a:1d:fa:b2:46:5a:62:12:17:7d:03:ee:fa:
         89:84:b7:9a:64:b4:5d:79:65:19:85:0f:a9:99:ae:f9:9d:b5:
         ec:52:a0:bb:d0:df:9c:a5:6a:8d:a9:cf:5c:e5:10:54:a2:13:
         92:f6:25:95:5b:ad:60:57:6c:0f:44:4f:0d:0d:22:f5:c4:09:
         5a:94:6c:be:87:0a:99:b0:d9:0a:9f:12:7f:e4:46:b9:73:b6:
         fa:1f:a8:7e:9a:d5:2b:e6:57:f9:4e:c6:24:ce:4b:5a:ae:7e:
         5e:99:18:9e:b7:2a:24:f5:64:6e:e5:c5:a0:f0:c0:43:e7:ee:
         fd:19:dc:9d:a0:b2:76:58:95:b6:6b:8c:fb:bd:b1:9e:14:e9:
         55:60:bb:98:30:cd:de:3f:7e:e8:84:57:82:91:c6:bf:f6:96:
         ef:99:0c:f3:ef:4c:c5:d9:86:87:fb:57:1e:fd:93:1b:f7:fe:
         a6:40:18:a9:5f:80:06:d5:8d:45:d0:d2:46:49:16:dc:4b:8d:
         33:7b:93:f2:a4:70:85:78:92:20:8b:e4:37:a5:9c:15:9c:1f:
         f4:b0:39:b7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIcT6KhSfbNN3hq5atmH7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOTkxYWZjZDQ1NWViMWIxNzRmY2Y4OWY4ZTEwZWFmN2Y3
MGIzNTUwHhcNMjQwMTAyMDQzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2I3MzJiYzJlY2NjOGZhZTFiNTU0ZGY0MmUzNzNjYTBlZWNhMTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MxDwo6uzjY9+7fCZzeb2g6/23GY
71bxXDWfw2nso7xQ0q9dFxuGOQywVbH7IpXewoOELqS9wwzjHIW7MAozoF70lm3g
dYiTNrWK6DP0ry/THEB07qPLA72loNZwcznwILx+X1IQHKAZiblxLj2fWHjp4ULt
v3T/hpsYL7bRNSlzxj0Rc0+QKiAYR/5Qgr5tf/FLeYeAHgZ0vucxmFJOHPgL6Ehk
wVOzJmVthgS+o75y8NaP6G8YBMJF+qwl4nzqVTNxea4BVmufJj8sZQJ2GRZ+N/Nl
IM8kw5rjqinW6KOeqcPpQPdfeIgCt+NTbLIzH+2aDO1jvJ7qiQL68+U5ywIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBO3MrwuzMj64bVU30Ljc8oO7KFGMB8GA1UdIwQY
MBaAFIOZGvzUVesbF0/PifjhDq9/cLNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzVrYV9OUlY2eHNYVDgtSi1PRU9yMzl3czFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS82OWVkMjktYWY0ZS00NTI0LWFkZmIt
ZTE1NDM3MzgwMDk5LzEvRTdjeXZDN015UHJodFZUZlF1Tnp5Zzdzb1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS82OWVkMjktYWY0ZS00NTI0LWFkZmItZTE1NDM3MzgwMDk5
LzEvZzVrYV9OUlY2eHNYVDgtSi1PRU9yMzl3czFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgQrhwMF
AyoJQgAwDQYJKoZIhvcNAQELBQADggEBACLpiWtflz/vLNSAd0J9Sdf3vitAPSaI
GJKlbB2u8QQC+XlhENAu++iIWh36skZaYhIXfQPu+omEt5pktF15ZRmFD6mZrvmd
texSoLvQ35ylao2pz1zlEFSiE5L2JZVbrWBXbA9ETw0NIvXECVqUbL6HCpmw2Qqf
En/kRrlztvofqH6a1SvmV/lOxiTOS1qufl6ZGJ63KiT1ZG7lxaDwwEPn7v0Z3J2g
snZYlbZrjPu9sZ4U6VVgu5gwzd4/fuiEV4KRxr/2lu+ZDPPvTMXZhof7Vx79kxv3
/qZAGKlfgAbVjUXQ0kZJFtxLjTN7k/KkcIV4kiCL5DelnBWcH/SwObc=
-----END CERTIFICATE-----