Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/6GjqnuCuDVv_J-V6e1fcSAZNM8Y.roa
File:                     6GjqnuCuDVv_J-V6e1fcSAZNM8Y.roa (raw, json)
Hash identifier:          +2ZrqdKMGq4za9nf9hc6i6aIsUE79Pri6Ng9W87kHR4=
Subject key identifier:   E8:68:EA:9E:E0:AE:0D:5B:FF:27:E5:7A:7B:57:DC:48:06:4D:33:C6
Certificate issuer:       /CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
Certificate serial:       018CC870B3C32EC7C7095C740C7DFB3C9D81
Authority key identifier: CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/6GjqnuCuDVv_J-V6e1fcSAZNM8Y.roa
Signing time:             Tue 02 Jan 2024 04:31:18 +0000
ROA not before:           Tue 02 Jan 2024 04:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202044
IP address blocks:        2a0d:db00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:b3:c3:2e:c7:c7:09:5c:74:0c:7d:fb:3c:9d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccc478dd9ccd6162f82488ac6fc50c21d369f2a0
        Validity
            Not Before: Jan  2 04:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e868ea9ee0ae0d5bff27e57a7b57dc48064d33c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:12:dc:98:fa:1d:61:b7:f7:1c:07:38:df:df:
                    a3:27:02:66:0a:88:b3:9b:05:5b:20:ea:4b:15:78:
                    14:65:2b:07:6e:80:36:42:ff:1d:7f:05:8d:04:6b:
                    50:17:b9:99:6f:3e:ae:35:ea:21:62:ac:74:4d:c4:
                    46:79:03:ab:a9:dd:6f:11:ae:b5:4c:01:06:1e:ff:
                    13:ac:22:1b:cb:b3:bf:2a:d3:ad:67:89:17:f3:76:
                    db:51:17:9d:17:5e:a1:5f:cd:5e:c7:d2:5e:2e:7e:
                    73:31:03:7b:a1:74:e1:11:ca:c1:da:7f:03:2d:ce:
                    2f:a2:e7:a0:2b:6d:eb:54:3e:93:4a:3e:fb:42:86:
                    72:b4:4e:46:87:03:aa:b2:8a:1a:59:3a:8f:59:03:
                    6f:94:de:0d:3f:83:dd:f8:e7:34:eb:e0:86:f1:a9:
                    b4:37:fe:15:de:69:dc:af:0e:54:a8:f1:c1:98:21:
                    c4:c5:02:b6:36:61:27:26:62:7b:aa:7f:92:3d:73:
                    0e:56:f7:c9:c6:e5:4e:61:f2:85:fb:36:fb:88:5d:
                    1a:e1:59:1b:74:c4:18:8a:7e:7e:c0:86:13:36:0e:
                    97:a9:75:e0:e0:08:b4:8b:14:24:d6:bc:97:fe:51:
                    25:a2:23:76:54:da:19:aa:b2:11:26:2f:ea:c7:dc:
                    10:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:68:EA:9E:E0:AE:0D:5B:FF:27:E5:7A:7B:57:DC:48:06:4D:33:C6
            X509v3 Authority Key Identifier:
                keyid:CC:C4:78:DD:9C:CD:61:62:F8:24:88:AC:6F:C5:0C:21:D3:69:F2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zMR43ZzNYWL4JIisb8UMIdNp8qA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/6GjqnuCuDVv_J-V6e1fcSAZNM8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/ee3e3f-3a45-43eb-a5de-4285998392d3/1/zMR43ZzNYWL4JIisb8UMIdNp8qA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:db00::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:41:07:71:8b:92:eb:eb:2b:45:ed:6e:ba:5f:93:24:f6:4a:
         dc:21:37:84:87:a4:73:ad:c5:91:59:d6:75:30:a3:ee:e0:4f:
         d5:23:9a:41:88:bd:b2:f3:df:0b:5e:66:da:96:5a:54:0e:00:
         ef:1c:32:97:27:0d:0b:c4:2a:a7:64:43:56:f2:1d:97:05:98:
         e0:b6:9e:21:5b:df:cc:e0:0a:4e:65:5f:a3:83:fa:bc:03:ed:
         0d:d2:8e:2e:f9:08:ff:46:60:b9:84:d4:ba:8c:3c:cd:3c:6f:
         13:a3:4d:1a:ac:16:ac:95:4c:2b:7f:b5:37:15:7e:4d:21:43:
         3b:54:2c:d7:7f:69:4f:b4:d6:38:b4:d6:e9:45:3c:66:00:51:
         63:cb:42:51:0b:15:fa:4a:8e:c2:73:38:92:c0:8e:7b:a7:01:
         08:39:78:75:02:a2:5d:c8:19:a1:9c:fc:c7:6e:85:8d:ad:19:
         bd:b1:53:f9:65:95:ac:47:12:e9:95:bd:43:a7:83:a4:d6:af:
         ff:bd:6c:bd:59:1f:16:2a:50:d2:04:5b:12:22:76:3a:07:51:
         87:55:94:70:1e:33:58:ca:9d:7c:30:84:ec:71:7f:2d:6e:a6:
         f8:6e:76:7b:2a:4c:44:74:c4:ac:95:bc:bd:d7:2d:e9:80:ca:
         d7:32:f8:84
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIcLPDLsfHCVx0DH37PJ2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYzQ3OGRkOWNjZDYxNjJmODI0ODhhYzZmYzUwYzIxZDM2
OWYyYTAwHhcNMjQwMTAyMDQzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODY4ZWE5ZWUwYWUwZDViZmYyN2U1N2E3YjU3ZGM0ODA2NGQzM2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxLcmPodYbf3HAc439+jJwJmCoiz
mwVbIOpLFXgUZSsHboA2Qv8dfwWNBGtQF7mZbz6uNeohYqx0TcRGeQOrqd1vEa61
TAEGHv8TrCIby7O/KtOtZ4kX83bbURedF16hX81ex9JeLn5zMQN7oXThEcrB2n8D
Lc4vouegK23rVD6TSj77QoZytE5GhwOqsooaWTqPWQNvlN4NP4Pd+Oc06+CG8am0
N/4V3mncrw5UqPHBmCHExQK2NmEnJmJ7qn+SPXMOVvfJxuVOYfKF+zb7iF0a4Vkb
dMQYin5+wIYTNg6XqXXg4Ai0ixQk1ryX/lEloiN2VNoZqrIRJi/qx9wQmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOho6p7grg1b/yflentX3EgGTTPGMB8GA1UdIwQY
MBaAFMzEeN2czWFi+CSIrG/FDCHTafKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUt
NDI4NTk5ODM5MmQzLzEvNkdqcW51Q3VEVnZfSi1WNmUxZmNTQVpOTThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lZTNlM2YtM2E0NS00M2ViLWE1ZGUtNDI4NTk5ODM5MmQz
LzEvek1SNDNaek5ZV0w0Sklpc2I4VU1JZE5wOHFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg3bADAN
BgkqhkiG9w0BAQsFAAOCAQEAWUEHcYuS6+srRe1uul+TJPZK3CE3hIekc63FkVnW
dTCj7uBP1SOaQYi9svPfC15m2pZaVA4A7xwylycNC8Qqp2RDVvIdlwWY4LaeIVvf
zOAKTmVfo4P6vAPtDdKOLvkI/0ZguYTUuow8zTxvE6NNGqwWrJVMK3+1NxV+TSFD
O1Qs139pT7TWOLTW6UU8ZgBRY8tCUQsV+kqOwnM4ksCOe6cBCDl4dQKiXcgZoZz8
x26Fja0ZvbFT+WWVrEcS6ZW9Q6eDpNav/71svVkfFipQ0gRbEiJ2OgdRh1WUcB4z
WMqdfDCE7HF/LW6m+G52eypMRHTErJW8vdct6YDK1zL4hA==
-----END CERTIFICATE-----