Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/cr_1DRKVT-LLYaA6GelGxbLuCTg.roa
File:                     cr_1DRKVT-LLYaA6GelGxbLuCTg.roa (raw, json)
Hash identifier:          MiGxhxRR1TCmVQ+iN8kWCERB4ybg9ZzuxMx4qxHXctI=
Subject key identifier:   72:BF:F5:0D:12:95:4F:E2:CB:61:A0:3A:19:E9:46:C5:B2:EE:09:38
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CF52AA06AB2C19E939DFCC007C2EEF27C
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/cr_1DRKVT-LLYaA6GelGxbLuCTg.roa
Signing time:             Wed 10 Jan 2024 20:57:40 +0000
ROA not before:           Wed 10 Jan 2024 20:57:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0d:afc2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:2a:a0:6a:b2:c1:9e:93:9d:fc:c0:07:c2:ee:f2:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan 10 20:57:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72bff50d12954fe2cb61a03a19e946c5b2ee0938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7b:74:d6:01:73:2f:a5:dc:24:2f:f9:95:15:
                    cd:8a:2e:3b:fa:29:18:8a:3d:f3:b2:36:b8:66:c5:
                    5c:67:1a:81:9d:66:0a:02:51:60:d7:fa:a6:18:85:
                    52:b8:f9:c8:7d:49:76:d6:b0:c3:82:2a:89:51:c0:
                    22:90:d9:5b:40:da:05:6f:4f:2a:c4:6b:b8:58:5f:
                    1f:3a:ab:c3:b8:b4:03:ca:37:1f:9a:85:e4:95:c3:
                    08:3b:fa:87:2d:48:b6:35:b7:60:64:56:15:79:15:
                    9a:82:fb:c1:a9:75:4a:7f:ca:09:b3:f9:cf:ed:d0:
                    3f:a3:01:23:66:6d:f7:8b:51:0c:7d:d7:8a:c5:a4:
                    a4:90:0b:34:e5:20:03:41:d9:b6:48:7a:27:5e:89:
                    45:f8:17:20:42:53:c4:09:45:6a:a2:65:19:db:cc:
                    91:86:a7:7d:9c:a4:d0:3b:2b:d9:0f:6d:c6:d1:82:
                    ba:92:2d:1d:bb:33:52:fc:d3:06:4c:51:04:7b:d6:
                    12:6b:66:65:2d:ad:ea:3e:97:26:11:6a:a9:2d:65:
                    d7:e2:15:6e:a6:60:a4:1e:6d:ae:82:50:37:21:7a:
                    6b:6e:d6:d8:fe:6f:d7:51:02:be:79:bb:0e:15:4c:
                    b9:f9:63:aa:29:33:de:14:81:71:83:96:1c:2e:dd:
                    71:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:BF:F5:0D:12:95:4F:E2:CB:61:A0:3A:19:E9:46:C5:B2:EE:09:38
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/cr_1DRKVT-LLYaA6GelGxbLuCTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:afc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:ab:8e:a7:df:92:00:64:18:08:bd:81:a7:94:ef:0f:fa:17:
         58:6a:d3:dc:8f:16:65:d3:b6:45:1c:c5:69:0d:c5:d5:3b:2c:
         34:84:13:7e:22:e4:fc:29:8c:f5:a7:92:a4:32:a8:27:7e:c9:
         f1:8f:69:4a:f3:63:a3:f7:ac:b6:fd:30:15:8b:7d:b4:72:a3:
         93:2d:19:ed:ad:36:40:ef:3f:09:03:ed:4e:02:58:f3:8f:4c:
         4b:12:b7:f8:84:39:2b:53:98:66:e3:c0:1a:f7:16:d4:20:ff:
         07:47:45:d0:c5:1b:86:5a:c7:87:80:1e:3d:81:f9:12:b4:39:
         c8:0f:49:03:6c:e7:d4:90:5d:6b:4c:4a:6a:43:11:b3:af:17:
         f4:a0:df:b6:6d:16:9d:cb:63:93:46:01:23:6d:ef:7e:69:87:
         c4:d5:0e:b8:a8:bf:8e:3f:8b:9f:7c:e7:d4:d7:0a:15:f1:9d:
         8f:21:b8:44:cf:3c:3d:e3:a2:2b:43:99:b9:9a:06:c4:88:de:
         3b:7a:93:fe:fc:2b:52:97:3c:a8:e6:7f:c0:f6:e6:6f:58:da:
         eb:e5:a4:91:e4:5d:fb:1a:70:db:b3:99:19:86:33:f8:8f:28:
         f1:ff:f6:d0:30:41:c4:e4:6f:42:1f:5c:9b:59:f0:0f:3a:55:
         d5:28:b7:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYz1KqBqssGek538wAfC7vJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTEwMjA1NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmJmZjUwZDEyOTU0ZmUyY2I2MWEwM2ExOWU5NDZjNWIyZWUwOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXt01gFzL6XcJC/5lRXNii47+ikY
ij3zsja4ZsVcZxqBnWYKAlFg1/qmGIVSuPnIfUl21rDDgiqJUcAikNlbQNoFb08q
xGu4WF8fOqvDuLQDyjcfmoXklcMIO/qHLUi2NbdgZFYVeRWagvvBqXVKf8oJs/nP
7dA/owEjZm33i1EMfdeKxaSkkAs05SADQdm2SHonXolF+BcgQlPECUVqomUZ28yR
hqd9nKTQOyvZD23G0YK6ki0duzNS/NMGTFEEe9YSa2ZlLa3qPpcmEWqpLWXX4hVu
pmCkHm2uglA3IXprbtbY/m/XUQK+ebsOFUy5+WOqKTPeFIFxg5YcLt1xOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHK/9Q0SlU/iy2GgOhnpRsWy7gk4MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvY3JfMURSS1ZULUxMWWFBNkdlbEd4Ykx1Q1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2vwjAN
BgkqhkiG9w0BAQsFAAOCAQEAGquOp9+SAGQYCL2Bp5TvD/oXWGrT3I8WZdO2RRzF
aQ3F1TssNIQTfiLk/CmM9aeSpDKoJ37J8Y9pSvNjo/estv0wFYt9tHKjky0Z7a02
QO8/CQPtTgJY849MSxK3+IQ5K1OYZuPAGvcW1CD/B0dF0MUbhlrHh4AePYH5ErQ5
yA9JA2zn1JBda0xKakMRs68X9KDftm0Wnctjk0YBI23vfmmHxNUOuKi/jj+Ln3zn
1NcKFfGdjyG4RM88PeOiK0OZuZoGxIjeO3qT/vwrUpc8qOZ/wPbmb1ja6+WkkeRd
+xpw27OZGYYz+I8o8f/20DBBxORvQh9cm1nwDzpV1Si3mA==
-----END CERTIFICATE-----