Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/6-2gaIuxFztVWGJc2MR5c_5HEJo.roa
File:                     6-2gaIuxFztVWGJc2MR5c_5HEJo.roa (raw, json)
Hash identifier:          DaK7DYl8HpK2AjLNKLk5VK0+Hkml0rn6J5C8+otVopA=
Subject key identifier:   EB:ED:A0:68:8B:B1:17:3B:55:58:62:5C:D8:C4:79:73:FE:47:10:9A
Certificate issuer:       /CN=107807c2518915138f555123605c0133dfdbb4fa
Certificate serial:       018CC5DC2946AF631AC2F2102BBB61F0EB89
Authority key identifier: 10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/6-2gaIuxFztVWGJc2MR5c_5HEJo.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     378
IP address blocks:        132.71.0.0/16 maxlen: 16
                          132.70.0.0/16 maxlen: 16
                          132.70.0.0/15 maxlen: 15

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:29:46:af:63:1a:c2:f2:10:2b:bb:61:f0:eb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107807c2518915138f555123605c0133dfdbb4fa
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebeda0688bb1173b5558625cd8c47973fe47109a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7b:d5:9b:3d:ac:80:f6:0a:05:f2:ed:c4:84:
                    b0:15:8a:89:4e:93:ae:f6:3b:68:ba:67:53:20:f0:
                    1d:b8:ec:b4:17:8c:ad:95:95:5c:72:0e:ac:e0:65:
                    57:7c:d1:9a:43:26:9f:f9:6b:91:05:d0:a7:6d:1a:
                    e0:a3:4e:d6:f3:b1:96:ad:9c:8e:a4:44:a4:b7:42:
                    cb:f5:f5:c3:43:5a:46:a9:04:9f:a3:77:8f:33:74:
                    12:02:39:8d:7c:70:cf:5e:a8:a0:23:ef:a0:35:e5:
                    15:08:62:06:ae:eb:16:8d:ec:f6:93:ee:80:0a:1c:
                    df:8a:e0:a9:30:66:ca:f6:b2:1d:aa:13:fc:d1:44:
                    e8:09:9a:39:56:60:e1:04:02:6d:9d:73:ff:f6:61:
                    a9:43:d3:30:c7:9c:67:3d:e6:01:fa:71:23:c8:fc:
                    ec:53:e5:a9:82:8e:02:15:dd:ca:d3:c1:b9:58:c8:
                    a7:05:c0:cd:bc:62:24:8b:83:91:2d:d2:45:40:a0:
                    37:e9:80:3d:12:95:eb:18:08:9b:88:98:f5:83:ba:
                    1e:8c:2c:d8:db:3e:e1:e9:52:cb:60:45:ef:9f:35:
                    92:97:51:3e:54:52:27:50:46:5d:86:fe:4b:59:ee:
                    8a:2f:a5:29:6b:36:5d:2f:48:28:db:d9:41:89:35:
                    cc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:ED:A0:68:8B:B1:17:3B:55:58:62:5C:D8:C4:79:73:FE:47:10:9A
            X509v3 Authority Key Identifier:
                keyid:10:78:07:C2:51:89:15:13:8F:55:51:23:60:5C:01:33:DF:DB:B4:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHgHwlGJFROPVVEjYFwBM9_btPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/6-2gaIuxFztVWGJc2MR5c_5HEJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2860a4-3b94-4274-a3a2-f9ac15e66386/1/EHgHwlGJFROPVVEjYFwBM9_btPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.70.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         53:68:7d:88:c3:1b:9a:05:1f:ec:ef:d8:f1:c0:03:7e:e4:36:
         4c:67:00:ff:22:62:e2:55:38:3e:6c:ff:69:85:36:cf:d5:17:
         d5:d8:68:f5:5a:24:46:b9:a3:e2:36:60:86:88:ed:40:c8:91:
         6d:b3:6e:c6:c5:bd:07:e9:a0:f9:07:59:5d:d0:b9:d1:f1:ec:
         6b:73:dd:bf:88:0b:00:d0:97:e7:ca:bf:ec:e6:6e:9d:1a:f7:
         04:1e:d3:5e:8b:b0:f3:17:91:c6:35:86:0c:c3:0c:14:ba:8f:
         62:f8:61:20:db:a1:4b:4e:47:60:3a:5d:ed:c0:02:cc:be:db:
         4d:05:5a:3f:b0:4c:43:01:7a:27:5a:0c:fa:96:1c:b6:a4:fe:
         4c:e0:38:67:c0:68:7d:c6:da:26:5c:4c:7b:d2:b7:aa:f1:93:
         68:bf:6b:15:a7:f9:a5:91:25:25:7c:b1:d4:76:af:6a:92:4b:
         00:b6:7e:e7:48:59:31:ca:db:dd:c1:3d:d5:2d:8e:b8:86:8a:
         c1:25:87:9f:b2:09:26:bc:6a:0c:6e:e2:0c:2d:9b:19:e2:f2:
         53:71:d0:7d:78:1a:5a:2c:d0:7f:69:b3:ff:d2:6b:63:f6:ac:
         fd:85:ee:d8:e5:b1:3c:d7:d0:0e:e7:86:6a:c4:d7:af:87:b2:
         84:f1:6a:18
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzF3ClGr2MawvIQK7th8OuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzgwN2MyNTE4OTE1MTM4ZjU1NTEyMzYwNWMwMTMzZGZk
YmI0ZmEwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmVkYTA2ODhiYjExNzNiNTU1ODYyNWNkOGM0Nzk3M2ZlNDcxMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3vVmz2sgPYKBfLtxISwFYqJTpOu
9jtoumdTIPAduOy0F4ytlZVccg6s4GVXfNGaQyaf+WuRBdCnbRrgo07W87GWrZyO
pESkt0LL9fXDQ1pGqQSfo3ePM3QSAjmNfHDPXqigI++gNeUVCGIGrusWjez2k+6A
ChzfiuCpMGbK9rIdqhP80UToCZo5VmDhBAJtnXP/9mGpQ9Mwx5xnPeYB+nEjyPzs
U+Wpgo4CFd3K08G5WMinBcDNvGIki4ORLdJFQKA36YA9EpXrGAibiJj1g7oejCzY
2z7h6VLLYEXvnzWSl1E+VFInUEZdhv5LWe6KL6UpazZdL0go29lBiTXMqwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFOvtoGiLsRc7VVhiXNjEeXP+RxCaMB8GA1UdIwQY
MBaAFBB4B8JRiRUTj1VRI2BcATPf27T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTIt
ZjlhYzE1ZTY2Mzg2LzEvNi0yZ2FJdXhGenRWV0dKYzJNUjVjXzVIRUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yODYwYTQtM2I5NC00Mjc0LWEzYTItZjlhYzE1ZTY2Mzg2
LzEvRUhnSHdsR0pGUk9QVlZFallGd0JNOV9idFBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEYwDQYJ
KoZIhvcNAQELBQADggEBAFNofYjDG5oFH+zv2PHAA37kNkxnAP8iYuJVOD5s/2mF
Ns/VF9XYaPVaJEa5o+I2YIaI7UDIkW2zbsbFvQfpoPkHWV3QudHx7Gtz3b+ICwDQ
l+fKv+zmbp0a9wQe016LsPMXkcY1hgzDDBS6j2L4YSDboUtOR2A6Xe3AAsy+200F
Wj+wTEMBeidaDPqWHLak/kzgOGfAaH3G2iZcTHvSt6rxk2i/axWn+aWRJSV8sdR2
r2qSSwC2fudIWTHK293BPdUtjriGisElh5+yCSa8agxu4gwtmxni8lNx0H14Glos
0H9ps//Sa2P2rP2F7tjlsTzX0A7nhmrE16+HsoTxahg=
-----END CERTIFICATE-----