Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/afVv__E6AYVaPS2wUKl-Cc5ZmqY.roa
File:                     afVv__E6AYVaPS2wUKl-Cc5ZmqY.roa (raw, json)
Hash identifier:          AJ6zRK8raYwLyffFSItWwNxsOWs5qKBLoT5GdL3ZHBE=
Subject key identifier:   69:F5:6F:FF:F1:3A:01:85:5A:3D:2D:B0:50:A9:7E:09:CE:59:9A:A6
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC3488DBE408ED09274E9D09374A5DD9E
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/afVv__E6AYVaPS2wUKl-Cc5ZmqY.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44437
IP address blocks:        2a05:1080::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8d:be:40:8e:d0:92:74:e9:d0:93:74:a5:dd:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69f56ffff13a01855a3d2db050a97e09ce599aa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:75:18:0a:44:d9:dc:9a:d2:50:7b:49:52:1b:
                    df:97:4a:3b:f2:2a:b5:57:13:72:8c:cd:d7:e3:e2:
                    71:24:45:42:7c:fa:8e:a5:a3:f9:0a:fa:6b:83:ae:
                    9a:01:ed:8c:9e:8e:85:17:c2:61:d1:9f:68:6e:6f:
                    28:60:6c:a1:0f:2a:21:0b:3b:a1:bb:ae:aa:6d:48:
                    b9:4a:0d:30:46:32:2e:92:3b:e6:93:f4:27:8e:22:
                    55:c1:dc:7a:00:d5:b7:c4:0d:28:39:a0:d6:fb:d3:
                    21:3e:e1:1e:69:ed:e7:a6:47:72:80:ec:de:97:ce:
                    44:92:0b:9f:9c:66:f1:10:10:5a:6f:9e:64:78:70:
                    1b:11:ff:11:ac:6f:79:a7:49:f1:d6:01:e3:ae:68:
                    2b:bc:27:b2:8e:60:5c:15:c6:23:da:38:da:db:e2:
                    8b:99:44:96:f4:d3:5d:6c:ad:cf:b4:26:71:82:8a:
                    9d:9f:ba:f8:b7:34:9a:8e:8c:5b:98:04:cc:1f:60:
                    6e:20:32:87:2d:1d:34:84:d7:5f:1e:1e:1e:f2:5d:
                    b1:95:33:5e:36:f5:3d:5b:2f:4f:22:c3:cd:59:2b:
                    56:16:00:34:7c:79:3e:43:5b:e8:48:f8:59:5d:b8:
                    ee:23:f6:aa:9b:97:41:8c:29:5e:4d:b2:b7:8c:9e:
                    5e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F5:6F:FF:F1:3A:01:85:5A:3D:2D:B0:50:A9:7E:09:CE:59:9A:A6
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/afVv__E6AYVaPS2wUKl-Cc5ZmqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1080::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:c8:1c:05:23:b1:c7:bc:fc:a9:d6:05:b9:89:e7:ee:0d:96:
         76:17:be:2f:a6:d6:41:c4:a0:f4:f9:ad:fc:98:12:29:b2:6c:
         84:15:41:06:13:38:fc:79:e0:3b:17:15:e1:a8:7d:70:09:f1:
         c0:2a:44:ba:67:de:f6:4f:d8:8a:ee:d9:08:c3:e7:8d:f5:9b:
         f0:01:1b:5f:0a:8c:27:2a:af:d0:4d:88:4b:43:18:ac:26:92:
         0b:17:e8:02:f2:ce:88:04:52:71:c9:44:03:5b:a9:b1:7c:aa:
         73:98:87:f0:14:72:65:de:0c:6c:71:6e:23:f5:9e:ec:37:64:
         60:16:5b:7b:78:83:42:4c:29:8b:92:25:2b:63:59:74:ec:b2:
         89:39:8e:92:25:7b:ac:24:6a:c6:63:7e:7e:1c:22:61:f3:19:
         4a:ec:84:c0:60:86:1f:d7:5a:49:44:89:d9:d5:9e:2f:43:4e:
         0f:9d:48:0e:4e:74:12:06:2e:0f:72:2d:51:3c:53:77:62:d7:
         d5:75:65:11:2d:19:fd:67:81:37:e8:f4:35:5a:2c:24:c7:61:
         57:ff:1f:d6:4a:18:42:96:4b:01:4c:a7:6a:30:89:cf:1e:65:
         ef:b6:bc:36:93:45:48:29:ab:2e:51:8b:a8:6e:29:ea:fa:82:
         33:f1:a8:76
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSI2+QI7QknTp0JN0pd2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWY1NmZmZmYxM2EwMTg1NWEzZDJkYjA1MGE5N2UwOWNlNTk5YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3UYCkTZ3JrSUHtJUhvfl0o78iq1
VxNyjM3X4+JxJEVCfPqOpaP5Cvprg66aAe2Mno6FF8Jh0Z9obm8oYGyhDyohCzuh
u66qbUi5Sg0wRjIukjvmk/QnjiJVwdx6ANW3xA0oOaDW+9MhPuEeae3npkdygOze
l85EkgufnGbxEBBab55keHAbEf8RrG95p0nx1gHjrmgrvCeyjmBcFcYj2jja2+KL
mUSW9NNdbK3PtCZxgoqdn7r4tzSajoxbmATMH2BuIDKHLR00hNdfHh4e8l2xlTNe
NvU9Wy9PIsPNWStWFgA0fHk+Q1voSPhZXbjuI/aqm5dBjCleTbK3jJ5erwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGn1b//xOgGFWj0tsFCpfgnOWZqmMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvYWZWdl9fRTZBWVZhUFMyd1VLbC1DYzVabXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQgDAN
BgkqhkiG9w0BAQsFAAOCAQEAd8gcBSOxx7z8qdYFuYnn7g2Wdhe+L6bWQcSg9Pmt
/JgSKbJshBVBBhM4/HngOxcV4ah9cAnxwCpEumfe9k/Yiu7ZCMPnjfWb8AEbXwqM
Jyqv0E2IS0MYrCaSCxfoAvLOiARScclEA1upsXyqc5iH8BRyZd4MbHFuI/We7Ddk
YBZbe3iDQkwpi5IlK2NZdOyyiTmOkiV7rCRqxmN+fhwiYfMZSuyEwGCGH9daSUSJ
2dWeL0NOD51IDk50EgYuD3ItUTxTd2LX1XVlES0Z/WeBN+j0NVosJMdhV/8f1koY
QpZLAUynajCJzx5l77a8NpNFSCmrLlGLqG4p6vqCM/Godg==
-----END CERTIFICATE-----