Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/kxN-dsp9L8mg2ZRO7haBAfdZ8V8.roa
File:                     kxN-dsp9L8mg2ZRO7haBAfdZ8V8.roa (raw, json)
Hash identifier:          +108xg/tmDLhNkvzuzgrY6K/ze5ViP86XuuA3vOrqnc=
Subject key identifier:   93:13:7E:76:CA:7D:2F:C9:A0:D9:94:4E:EE:16:81:01:F7:59:F1:5F
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC3489ABF5D68CB7748422348816028B0
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/kxN-dsp9L8mg2ZRO7haBAfdZ8V8.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213316
IP address blocks:        2a0c:e643:8000::/33 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9a:bf:5d:68:cb:77:48:42:23:48:81:60:28:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93137e76ca7d2fc9a0d9944eee168101f759f15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0f:bd:b7:48:6d:5c:0a:d2:60:6a:ab:ef:ba:
                    27:4a:75:f7:4f:20:6f:8f:5f:2d:76:ac:74:c9:3b:
                    c0:1a:bf:b2:ab:6c:e4:ed:de:df:a6:f7:4e:c3:3b:
                    81:4d:9d:e6:9b:94:c0:2c:0a:d2:a0:62:05:95:a5:
                    62:61:4d:8a:21:2d:3c:5d:3f:a9:fd:2d:d5:6a:70:
                    64:9b:dc:ed:22:c9:c3:08:7a:39:d4:6b:aa:a9:48:
                    b6:b5:40:a4:64:07:02:6c:68:be:99:26:09:a6:56:
                    f7:43:10:6a:b3:b6:de:f7:f7:cc:8b:e3:54:4f:79:
                    9d:40:42:41:00:a2:32:9e:b1:37:f9:86:27:07:9d:
                    22:8c:02:75:ab:5e:a8:c9:34:1c:a8:9d:d5:61:bc:
                    68:26:90:43:61:9a:fc:ef:9a:68:08:a9:f9:fd:dd:
                    57:01:4a:40:2f:7c:78:f5:04:1b:81:03:9e:29:3e:
                    a8:2b:22:e4:0c:29:01:1c:43:d9:20:3c:db:a0:ce:
                    97:a6:dc:92:56:b8:52:7f:01:53:57:50:d5:a4:4b:
                    a4:35:27:95:77:b3:92:4d:7d:f7:1c:f7:76:e1:b9:
                    5d:b5:15:75:08:8a:6a:a0:37:ea:4c:de:68:81:18:
                    ed:51:a2:b1:9c:07:43:ef:98:97:01:32:93:d7:9e:
                    5b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:13:7E:76:CA:7D:2F:C9:A0:D9:94:4E:EE:16:81:01:F7:59:F1:5F
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/kxN-dsp9L8mg2ZRO7haBAfdZ8V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:e643:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         c3:fb:9e:dd:d7:42:d6:33:6f:b2:bd:b9:ae:e1:3f:e5:32:50:
         09:21:d5:34:27:0e:05:72:8c:29:a8:ca:00:d9:0a:6d:cd:a1:
         2f:f5:62:bb:ee:4b:4e:d8:40:3e:c5:53:86:50:84:20:de:07:
         53:ab:34:e0:db:c4:ab:ae:d2:77:c3:20:69:de:98:b1:8d:6d:
         85:e4:47:45:19:8c:60:37:a8:9a:76:55:4e:64:d2:be:0d:46:
         0b:9f:b6:37:c7:a8:cd:bd:5b:04:1f:17:05:1b:64:44:17:49:
         31:05:c0:27:51:e4:25:58:b8:9d:1f:c2:17:00:5e:85:04:2b:
         89:44:e1:7e:53:4a:2d:c0:6d:5d:b2:f8:34:20:3d:00:0e:fc:
         34:8e:d4:d9:62:f6:cb:7f:51:20:bc:9d:a2:98:64:13:ab:5d:
         f4:b2:df:8a:df:85:e9:0e:15:d7:e9:40:c4:69:86:fb:b5:26:
         0b:d4:cd:65:ac:71:a9:9f:90:63:da:b0:3a:24:c1:f8:e2:89:
         4e:a3:3e:dc:99:50:fb:34:a2:43:95:14:87:b7:66:dd:c1:4e:
         6d:29:27:ba:8e:22:34:c8:a7:84:a7:b0:cd:b6:de:f4:5a:91:
         5c:d3:fc:be:d5:b0:06:7d:bc:32:df:d6:a9:e9:5d:ce:7f:2d:
         02:92:75:4a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSJq/XWjLd0hCI0iBYCiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzEzN2U3NmNhN2QyZmM5YTBkOTk0NGVlZTE2ODEwMWY3NTlmMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiA+9t0htXArSYGqr77onSnX3TyBv
j18tdqx0yTvAGr+yq2zk7d7fpvdOwzuBTZ3mm5TALArSoGIFlaViYU2KIS08XT+p
/S3VanBkm9ztIsnDCHo51GuqqUi2tUCkZAcCbGi+mSYJplb3QxBqs7be9/fMi+NU
T3mdQEJBAKIynrE3+YYnB50ijAJ1q16oyTQcqJ3VYbxoJpBDYZr875poCKn5/d1X
AUpAL3x49QQbgQOeKT6oKyLkDCkBHEPZIDzboM6XptySVrhSfwFTV1DVpEukNSeV
d7OSTX33HPd24bldtRV1CIpqoDfqTN5ogRjtUaKxnAdD75iXATKT155bzwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJMTfnbKfS/JoNmUTu4WgQH3WfFfMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEva3hOLWRzcDlMOG1nMlpSTzdoYUJBZmRaOFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgzmQ4Aw
DQYJKoZIhvcNAQELBQADggEBAMP7nt3XQtYzb7K9ua7hP+UyUAkh1TQnDgVyjCmo
ygDZCm3NoS/1YrvuS07YQD7FU4ZQhCDeB1OrNODbxKuu0nfDIGnemLGNbYXkR0UZ
jGA3qJp2VU5k0r4NRguftjfHqM29WwQfFwUbZEQXSTEFwCdR5CVYuJ0fwhcAXoUE
K4lE4X5TSi3AbV2y+DQgPQAO/DSO1Nli9st/USC8naKYZBOrXfSy34rfhekOFdfp
QMRphvu1JgvUzWWscamfkGPasDokwfjiiU6jPtyZUPs0okOVFIe3Zt3BTm0pJ7qO
IjTIp4SnsM223vRakVzT/L7VsAZ9vDLf1qnpXc5/LQKSdUo=
-----END CERTIFICATE-----