Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/K5Aaceetx_IB3W4HNPwDyd86Cio.roa
File:                     K5Aaceetx_IB3W4HNPwDyd86Cio.roa (raw, json)
Hash identifier:          FTuTVsHpdFdzI+unUH2NhMQGatunRvOYnThCjkf9TnA=
Subject key identifier:   2B:90:1A:71:E7:AD:C7:F2:01:DD:6E:07:34:FC:03:C9:DF:3A:0A:2A
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018CF5502AA0919EDA3C80D786FF5BF13161
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/K5Aaceetx_IB3W4HNPwDyd86Cio.roa
Signing time:             Wed 10 Jan 2024 21:38:40 +0000
ROA not before:           Wed 10 Jan 2024 21:38:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64486
IP address blocks:        2a09:d2c1:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:50:2a:a0:91:9e:da:3c:80:d7:86:ff:5b:f1:31:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan 10 21:38:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b901a71e7adc7f201dd6e0734fc03c9df3a0a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:40:40:26:2d:49:8d:83:fe:b8:3a:23:a4:e6:
                    ed:fd:b9:68:91:db:0b:2d:33:7e:6e:9c:e4:00:68:
                    5e:7c:52:b6:15:f6:11:e7:28:e0:c6:ff:dc:35:18:
                    3d:c6:c5:9f:9a:70:de:53:dd:dc:60:1a:df:0c:2e:
                    10:27:5e:90:6b:53:2b:cc:51:b9:3b:73:f6:f0:d3:
                    ac:61:22:87:87:6f:6d:53:d6:db:c3:52:e3:28:54:
                    48:78:05:7f:03:e3:db:45:f1:78:ef:77:30:14:19:
                    37:83:59:fe:45:58:6d:c8:65:92:0e:f4:ca:37:ed:
                    2b:d1:27:1a:03:15:0d:ea:a1:e7:fb:ba:10:4c:56:
                    75:b2:a4:88:1d:37:36:99:cb:54:a7:33:a6:2f:23:
                    89:57:56:3f:ae:ec:ed:a9:4b:21:b9:62:00:fd:b1:
                    51:f8:21:5e:7a:b2:9f:b3:19:3a:8e:96:41:9c:f0:
                    ad:92:7a:cf:c3:14:d8:89:6e:b8:f0:9c:81:a4:ce:
                    36:15:e3:38:4e:29:84:f4:20:f6:60:60:2c:3c:f5:
                    09:a3:4e:6c:22:96:69:9b:98:9a:51:77:69:c8:99:
                    3d:5c:a0:d5:3e:2d:14:7a:c2:f6:bd:fd:fd:20:f5:
                    e1:74:b8:e7:de:15:02:ec:55:52:f0:f5:e9:0a:f9:
                    3b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:90:1A:71:E7:AD:C7:F2:01:DD:6E:07:34:FC:03:C9:DF:3A:0A:2A
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/K5Aaceetx_IB3W4HNPwDyd86Cio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c1:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:64:0f:cc:68:2c:74:c8:60:cf:07:7b:60:1d:0e:92:e5:ab:
         7c:b3:ae:08:ce:1d:bc:9e:7c:a3:e5:a8:94:c1:cd:d2:f6:40:
         a3:df:53:e1:af:c6:0e:d4:2e:44:ff:06:43:3b:c1:b2:ee:71:
         59:29:9a:9c:f0:9c:5a:b7:fd:7d:56:93:93:a9:8f:c9:48:9c:
         a7:a5:51:58:1a:82:e0:0f:74:24:25:18:62:e6:1b:67:1a:7c:
         73:98:43:51:c4:85:81:1f:19:74:70:b2:3b:3d:eb:75:be:b5:
         da:84:b4:e3:b5:80:eb:34:ff:b9:85:f2:94:eb:37:10:d8:d0:
         cd:51:42:d0:d1:01:c5:83:01:c3:51:c7:21:c3:6b:24:83:4d:
         1f:90:db:bd:20:cb:cf:d1:5e:40:94:ef:74:2f:1a:6c:35:e8:
         33:16:fc:59:71:84:b0:00:a9:9b:36:2f:24:f0:bf:28:e0:0a:
         0f:60:e4:e6:40:2f:e9:7d:58:87:78:68:19:d0:1b:1d:45:38:
         ef:1f:77:3b:be:4e:0d:54:75:49:e8:58:98:2d:df:00:8d:71:
         a2:ac:52:0c:f7:29:60:29:e1:71:32:8f:ea:33:1f:58:d5:72:
         fc:dc:49:ff:c6:06:8e:82:6c:98:4d:62:bc:54:1f:6c:eb:7e:
         a5:a4:5a:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYz1UCqgkZ7aPIDXhv9b8TFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMTEwMjEzODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjkwMWE3MWU3YWRjN2YyMDFkZDZlMDczNGZjMDNjOWRmM2EwYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEBAJi1JjYP+uDojpObt/blokdsL
LTN+bpzkAGhefFK2FfYR5yjgxv/cNRg9xsWfmnDeU93cYBrfDC4QJ16Qa1MrzFG5
O3P28NOsYSKHh29tU9bbw1LjKFRIeAV/A+PbRfF473cwFBk3g1n+RVhtyGWSDvTK
N+0r0ScaAxUN6qHn+7oQTFZ1sqSIHTc2mctUpzOmLyOJV1Y/ruztqUshuWIA/bFR
+CFeerKfsxk6jpZBnPCtknrPwxTYiW648JyBpM42FeM4TimE9CD2YGAsPPUJo05s
IpZpm5iaUXdpyJk9XKDVPi0UesL2vf39IPXhdLjn3hUC7FVS8PXpCvk7KQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCuQGnHnrcfyAd1uBzT8A8nfOgoqMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvSzVBYWNlZXR4X0lCM1c0SE5Qd0R5ZDg2Q2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwQEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAgZA/MaCx0yGDPB3tgHQ6S5at8s64Izh28nnyj
5aiUwc3S9kCj31Phr8YO1C5E/wZDO8Gy7nFZKZqc8Jxat/19VpOTqY/JSJynpVFY
GoLgD3QkJRhi5htnGnxzmENRxIWBHxl0cLI7Pet1vrXahLTjtYDrNP+5hfKU6zcQ
2NDNUULQ0QHFgwHDUcchw2skg00fkNu9IMvP0V5AlO90LxpsNegzFvxZcYSwAKmb
Ni8k8L8o4AoPYOTmQC/pfViHeGgZ0BsdRTjvH3c7vk4NVHVJ6FiYLd8AjXGirFIM
9ylgKeFxMo/qMx9Y1XL83En/xgaOgmyYTWK8VB9s636lpFqA
-----END CERTIFICATE-----