Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/mB5iqxBgHRnQBdnHRGu4QGwK90I.roa
File:                     mB5iqxBgHRnQBdnHRGu4QGwK90I.roa (raw, json)
Hash identifier:          NRn6GXBZM7a6/kO26Uo+7sXI0fZQD9PO4aNSnimUWtQ=
Subject key identifier:   98:1E:62:AB:10:60:1D:19:D0:05:D9:C7:44:6B:B8:40:6C:0A:F7:42
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       018CC86F96F90B5EF7A10343B5F325831E3B
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/mB5iqxBgHRnQBdnHRGu4QGwK90I.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202418
IP address blocks:        2a0d:2406:d00::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:96:f9:0b:5e:f7:a1:03:43:b5:f3:25:83:1e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=981e62ab10601d19d005d9c7446bb8406c0af742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3a:f2:94:e1:64:eb:a1:2c:01:8e:a7:55:b3:
                    6b:fb:ee:78:e8:6e:d5:0c:af:11:5b:80:1d:b3:1e:
                    19:9e:81:26:a0:e6:89:15:1e:d9:9f:cb:fb:ba:26:
                    01:e7:1e:c4:63:cb:5e:9b:7b:68:a6:f6:98:4b:75:
                    fa:a3:2e:a4:33:be:14:bb:04:b3:8d:91:e8:ce:2b:
                    ae:42:cf:70:97:d4:7a:ae:3e:61:13:ca:1e:70:a4:
                    57:31:c1:ae:5f:56:b6:9f:47:a5:40:09:96:bd:af:
                    b0:1f:28:84:32:ce:04:89:bd:69:f2:7a:40:ca:4c:
                    4f:5a:c4:51:83:e5:42:2c:18:63:ce:be:9d:64:f0:
                    1c:e7:c7:18:7f:e6:5d:2a:a2:05:ab:18:b4:63:fd:
                    48:ed:28:49:68:47:dc:c4:e0:71:2d:a7:c5:9d:da:
                    ce:24:95:21:39:d5:96:fa:aa:ee:d7:4a:f3:8f:a1:
                    56:96:6a:93:82:a0:4f:33:ec:f5:1b:d3:12:52:87:
                    19:c8:7f:be:f3:6f:38:8e:0d:10:26:73:4c:67:5e:
                    f9:f3:39:61:36:29:e8:90:32:84:1b:62:a8:6e:1d:
                    c6:fa:42:78:e5:a7:00:05:eb:48:bf:54:aa:40:20:
                    41:88:ba:3b:30:89:af:fa:05:c0:09:72:3b:8f:bd:
                    c7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:1E:62:AB:10:60:1D:19:D0:05:D9:C7:44:6B:B8:40:6C:0A:F7:42
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/mB5iqxBgHRnQBdnHRGu4QGwK90I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2406:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:47:41:2b:4b:e7:a7:1d:ee:e5:e4:c4:c8:70:87:2a:3b:35:
         69:25:eb:f8:ae:39:31:10:f2:7a:09:d0:8a:d2:ec:f4:41:5c:
         f1:be:88:3e:7f:51:4a:39:03:fa:6a:5b:e1:33:ae:db:4c:5c:
         57:04:fb:45:3b:1b:cf:87:89:89:c1:cf:e4:75:a2:f7:c5:42:
         ab:88:87:82:be:02:42:ab:70:28:06:e4:b3:b9:99:eb:05:ef:
         8d:fe:3f:b4:b5:5f:13:0e:6a:b8:06:ad:95:7c:75:a0:00:bb:
         fd:e1:a3:b2:0a:67:28:76:45:7b:5b:91:98:0d:5e:e7:25:f3:
         81:27:10:6f:12:40:c6:63:c6:03:07:4d:6b:14:5e:6d:0e:e3:
         63:d2:f1:f0:be:98:af:ca:27:ec:a6:04:f2:08:a5:2c:e0:23:
         2c:27:a3:b3:cc:1b:85:f3:a7:2a:f1:c9:93:4b:f8:a0:d0:56:
         a1:e6:3c:25:35:a5:c5:5a:ae:a6:12:bd:86:07:24:0b:4b:28:
         3d:1c:0c:e3:a2:ec:e5:c2:90:9a:5e:1e:c5:73:d0:6e:cf:95:
         79:07:a3:5f:8d:dc:03:6e:20:74:b9:c5:64:50:1d:74:0f:d4:
         de:52:14:6b:01:46:10:57:bc:27:bb:ae:8d:af:58:26:74:4d:
         67:51:dd:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb5b5C173oQNDtfMlgx47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODFlNjJhYjEwNjAxZDE5ZDAwNWQ5Yzc0NDZiYjg0MDZjMGFmNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDrylOFk66EsAY6nVbNr++546G7V
DK8RW4Adsx4ZnoEmoOaJFR7Zn8v7uiYB5x7EY8tem3topvaYS3X6oy6kM74UuwSz
jZHoziuuQs9wl9R6rj5hE8oecKRXMcGuX1a2n0elQAmWva+wHyiEMs4Eib1p8npA
ykxPWsRRg+VCLBhjzr6dZPAc58cYf+ZdKqIFqxi0Y/1I7ShJaEfcxOBxLafFndrO
JJUhOdWW+qru10rzj6FWlmqTgqBPM+z1G9MSUocZyH++8284jg0QJnNMZ1758zlh
NinokDKEG2Kobh3G+kJ45acABetIv1SqQCBBiLo7MImv+gXACXI7j73HLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJgeYqsQYB0Z0AXZx0RruEBsCvdCMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvbUI1aXF4QmdIUm5RQmRuSFJHdTRRR3dLOTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0kBg0A
MA0GCSqGSIb3DQEBCwUAA4IBAQBzR0ErS+enHe7l5MTIcIcqOzVpJev4rjkxEPJ6
CdCK0uz0QVzxvog+f1FKOQP6alvhM67bTFxXBPtFOxvPh4mJwc/kdaL3xUKriIeC
vgJCq3AoBuSzuZnrBe+N/j+0tV8TDmq4Bq2VfHWgALv94aOyCmcodkV7W5GYDV7n
JfOBJxBvEkDGY8YDB01rFF5tDuNj0vHwvpivyifspgTyCKUs4CMsJ6OzzBuF86cq
8cmTS/ig0Fah5jwlNaXFWq6mEr2GByQLSyg9HAzjouzlwpCaXh7Fc9Buz5V5B6Nf
jdwDbiB0ucVkUB10D9TeUhRrAUYQV7wnu66Nr1gmdE1nUd2H
-----END CERTIFICATE-----