Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/2xXb0X30FmTqzPlMSSzTVItpXqA.roa
File:                     2xXb0X30FmTqzPlMSSzTVItpXqA.roa (raw, json)
Hash identifier:          88HOtdk4AYz7w+XHYwy/61WGJJeEtBgOH5+c5yKDkFM=
Subject key identifier:   DB:15:DB:D1:7D:F4:16:64:EA:CC:F9:4C:49:2C:D3:54:8B:69:5E:A0
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC3489080B9C5A5A682FF54ECD430A5C2
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/2xXb0X30FmTqzPlMSSzTVItpXqA.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136918
IP address blocks:        2a05:1082:5::/48 maxlen: 48
                          2a05:1082:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:80:b9:c5:a5:a6:82:ff:54:ec:d4:30:a5:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db15dbd17df41664eaccf94c492cd3548b695ea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:55:33:88:d2:c9:88:e6:bf:21:74:a2:cd:9a:
                    73:d1:5c:9d:04:b7:7f:0f:19:a3:f7:81:67:7c:3b:
                    8e:52:e7:01:83:37:0e:17:71:a7:a2:68:36:63:f4:
                    a9:b0:9b:45:f1:af:29:2a:7b:1a:9c:da:39:58:cd:
                    fe:f1:ce:ed:ae:f6:ec:e9:d5:75:79:ba:7a:81:57:
                    b9:73:a4:86:4a:39:ea:46:55:ea:ec:2f:cb:3d:d4:
                    70:4f:01:7c:1d:3b:10:a1:91:8c:91:4b:a6:5d:aa:
                    a0:7a:2d:d9:0e:04:a7:a7:f4:f0:87:7b:c4:e0:1b:
                    eb:b0:ea:f1:47:b3:c2:31:7e:3e:3a:e3:df:27:b3:
                    00:41:da:f5:c2:f9:64:22:08:f0:20:f0:dc:08:0a:
                    38:8c:36:20:fd:9f:a9:7d:fc:31:27:e5:16:af:4c:
                    fc:31:67:e1:bb:16:e0:95:55:74:49:c6:4e:d9:ba:
                    23:f2:e4:04:75:78:da:1a:76:e4:dc:c0:fa:47:10:
                    f4:3e:bc:2c:a7:9b:d0:2a:76:ee:52:d3:69:1c:1f:
                    6c:0d:38:91:b4:bb:90:cf:19:18:d1:5c:51:7e:42:
                    c9:93:c3:30:4a:13:ef:13:8f:2e:cb:22:55:f3:c9:
                    3c:8b:e6:52:e5:7d:40:28:c4:26:f7:77:5e:00:93:
                    45:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:15:DB:D1:7D:F4:16:64:EA:CC:F9:4C:49:2C:D3:54:8B:69:5E:A0
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/2xXb0X30FmTqzPlMSSzTVItpXqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1082:1::/48
                  2a05:1082:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:a1:88:1c:97:d6:59:46:ba:ac:c2:06:f5:7b:8d:84:5d:bb:
         7b:cd:0c:72:4a:25:e2:85:17:72:f7:e0:7e:2b:1c:76:ac:ca:
         81:ea:c9:9a:b7:f0:02:3e:84:35:0d:f1:59:4d:f5:c6:37:a0:
         fe:fa:47:9d:e3:6c:3d:40:f6:9a:c2:0e:f6:15:0f:45:f8:cb:
         db:95:84:d9:f4:3e:81:28:6e:71:17:04:ab:4e:da:d1:a5:39:
         4d:95:d6:cc:75:41:e8:e7:06:91:bd:c8:97:d2:7b:ed:35:37:
         60:90:7a:e3:76:57:5e:9b:60:bf:ef:3f:28:62:a0:3b:f2:82:
         ac:55:2d:49:2e:e6:54:76:9c:9b:6c:00:fc:d7:b6:d3:41:27:
         b3:a2:7d:f3:ef:87:31:8b:17:91:a8:d8:fc:e8:69:db:98:9b:
         9d:9a:9c:14:59:1c:cb:a8:86:30:20:9c:da:80:1e:b2:8b:ab:
         26:33:fe:73:59:2b:75:e3:b9:2b:c6:58:40:00:de:8e:99:94:
         86:ee:6b:1d:64:af:a0:c7:61:6b:b9:31:a2:a1:4a:7a:1c:ff:
         f7:67:43:29:23:9b:58:11:4b:28:93:b9:d0:56:cc:1c:a5:fe:
         70:ac:43:a1:54:28:70:b2:e6:92:a2:ec:c9:e1:a3:0e:8f:9d:
         fe:a6:d5:5f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSJCAucWlpoL/VOzUMKXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjE1ZGJkMTdkZjQxNjY0ZWFjY2Y5NGM0OTJjZDM1NDhiNjk1ZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFUziNLJiOa/IXSizZpz0VydBLd/
Dxmj94FnfDuOUucBgzcOF3Gnomg2Y/SpsJtF8a8pKnsanNo5WM3+8c7trvbs6dV1
ebp6gVe5c6SGSjnqRlXq7C/LPdRwTwF8HTsQoZGMkUumXaqgei3ZDgSnp/Twh3vE
4BvrsOrxR7PCMX4+OuPfJ7MAQdr1wvlkIgjwIPDcCAo4jDYg/Z+pffwxJ+UWr0z8
MWfhuxbglVV0ScZO2boj8uQEdXjaGnbk3MD6RxD0Prwsp5vQKnbuUtNpHB9sDTiR
tLuQzxkY0VxRfkLJk8MwShPvE48uyyJV88k8i+ZS5X1AKMQm93deAJNF+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNsV29F99BZk6sz5TEks01SLaV6gMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvMnhYYjBYMzBGbVRxelBsTVNTelRWSXRwWHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgUQggAB
AwcAKgUQggAFMA0GCSqGSIb3DQEBCwUAA4IBAQCAoYgcl9ZZRrqswgb1e42EXbt7
zQxySiXihRdy9+B+Kxx2rMqB6smat/ACPoQ1DfFZTfXGN6D++ked42w9QPaawg72
FQ9F+MvblYTZ9D6BKG5xFwSrTtrRpTlNldbMdUHo5waRvciX0nvtNTdgkHrjdlde
m2C/7z8oYqA78oKsVS1JLuZUdpybbAD817bTQSezon3z74cxixeRqNj86GnbmJud
mpwUWRzLqIYwIJzagB6yi6smM/5zWSt147krxlhAAN6OmZSG7msdZK+gx2FruTGi
oUp6HP/3Z0MpI5tYEUsok7nQVswcpf5wrEOhVChwsuaSouzJ4aMOj53+ptVf
-----END CERTIFICATE-----