Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/tSLbbP-ksJeNISvS2zPN-4MZwJU.roa
File:                     tSLbbP-ksJeNISvS2zPN-4MZwJU.roa (raw, json)
Hash identifier:          z6+riQPNEy9IxITj8M6n55nEMfi9v914HUcGN3hZGiA=
Subject key identifier:   B5:22:DB:6C:FF:A4:B0:97:8D:21:2B:D2:DB:33:CD:FB:83:19:C0:95
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018DD65542385CC8C421ED26DE3D0A20522D
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/tSLbbP-ksJeNISvS2zPN-4MZwJU.roa
Signing time:             Fri 23 Feb 2024 14:18:48 +0000
ROA not before:           Fri 23 Feb 2024 14:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51248
IP address blocks:        2a10:9687::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d6:55:42:38:5c:c8:c4:21:ed:26:de:3d:0a:20:52:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Feb 23 14:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b522db6cffa4b0978d212bd2db33cdfb8319c095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ce:13:33:6c:53:66:45:20:5b:fa:92:0b:15:
                    a7:d5:ef:40:9a:6a:82:31:93:a1:55:8c:5e:8d:65:
                    c2:15:00:1b:dc:e5:7b:4f:f3:e9:6c:0a:8a:62:17:
                    6a:5d:0c:eb:fc:a0:db:f8:8b:a0:c8:67:c1:0e:4f:
                    0a:cc:0d:6b:e0:b0:0a:b7:cf:d4:d4:69:e8:ef:d9:
                    88:ab:e3:42:83:12:ea:a4:61:46:7d:4a:92:6e:46:
                    95:52:7c:99:df:a0:63:c6:19:18:0f:fc:d9:f9:db:
                    29:29:e6:73:8a:eb:19:0d:c8:e2:03:8d:46:1d:b9:
                    0f:66:7b:f1:5f:59:28:f0:de:20:15:63:a5:4b:4d:
                    ea:42:cb:a5:c4:d6:60:c1:7f:a2:c4:23:42:34:bb:
                    bd:88:c6:75:45:ab:9c:17:19:7a:3e:0f:d8:20:8f:
                    1c:ae:90:45:02:16:42:73:59:80:57:e4:eb:0f:fe:
                    07:77:ae:1f:67:2c:27:3a:59:b1:75:5c:7d:47:17:
                    ab:c4:ec:94:13:c2:b0:83:74:fe:1c:f4:9c:29:c5:
                    0b:66:ff:f7:46:d1:e2:5e:1d:bd:3d:e7:1b:ac:af:
                    c9:a8:10:1b:64:86:75:5e:a9:41:4b:df:30:4e:85:
                    01:d6:20:2c:b3:f2:15:96:97:9e:e1:8e:5a:e5:7d:
                    29:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:22:DB:6C:FF:A4:B0:97:8D:21:2B:D2:DB:33:CD:FB:83:19:C0:95
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/tSLbbP-ksJeNISvS2zPN-4MZwJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9687::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:b3:2e:c3:1e:f1:ae:59:b8:12:b5:d9:d2:e2:e5:7f:ad:c4:
         f9:07:6c:2e:a8:cf:e7:f3:3a:28:ea:ca:f7:c1:3f:aa:7d:fb:
         e3:05:30:ae:eb:a2:88:0c:0b:b6:d8:10:48:5c:90:5d:5e:f2:
         57:20:3d:06:b0:26:ae:35:c2:0e:bb:34:36:bb:41:cc:6b:dc:
         3f:ae:cc:c9:92:bb:db:cf:97:8f:66:30:9a:44:26:7e:c6:1f:
         12:7d:a1:5b:80:5f:bb:35:a1:a1:4a:20:33:45:0f:4e:aa:0d:
         0c:35:eb:81:71:76:88:80:11:08:7c:a7:99:b9:22:08:45:ce:
         66:c1:f7:a0:9e:dc:a9:53:10:3d:dd:1b:27:e5:24:1a:30:fd:
         de:f3:04:aa:ee:b3:41:aa:5f:5e:e5:bf:18:49:e1:b0:23:65:
         36:d9:0d:ca:4c:42:67:2f:82:b9:5d:d8:92:a5:d7:45:93:db:
         8b:a6:c2:f9:b3:4b:4a:af:a5:da:58:ed:fd:6c:76:fb:ac:5f:
         ae:07:ad:ca:53:dc:7b:ff:79:17:dd:3a:75:36:7b:97:d4:3b:
         24:f4:06:ab:27:94:60:1a:8b:3d:fa:96:a5:60:81:75:2d:13:
         98:bc:6a:58:be:ba:74:cc:06:73:5e:1f:38:d4:c8:02:b6:42:
         b2:c5:86:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3WVUI4XMjEIe0m3j0KIFItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMjIzMTQxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTIyZGI2Y2ZmYTRiMDk3OGQyMTJiZDJkYjMzY2RmYjgzMTljMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhs4TM2xTZkUgW/qSCxWn1e9AmmqC
MZOhVYxejWXCFQAb3OV7T/PpbAqKYhdqXQzr/KDb+IugyGfBDk8KzA1r4LAKt8/U
1Gno79mIq+NCgxLqpGFGfUqSbkaVUnyZ36BjxhkYD/zZ+dspKeZziusZDcjiA41G
HbkPZnvxX1ko8N4gFWOlS03qQsulxNZgwX+ixCNCNLu9iMZ1RaucFxl6Pg/YII8c
rpBFAhZCc1mAV+TrD/4Hd64fZywnOlmxdVx9RxerxOyUE8Kwg3T+HPScKcULZv/3
RtHiXh29PecbrK/JqBAbZIZ1XqlBS98wToUB1iAss/IVlpee4Y5a5X0pnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLUi22z/pLCXjSEr0tszzfuDGcCVMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvdFNMYmJQLWtzSmVOSVN2UzJ6UE4tNE1ad0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhCWhzAN
BgkqhkiG9w0BAQsFAAOCAQEACLMuwx7xrlm4ErXZ0uLlf63E+QdsLqjP5/M6KOrK
98E/qn374wUwruuiiAwLttgQSFyQXV7yVyA9BrAmrjXCDrs0NrtBzGvcP67MyZK7
28+Xj2YwmkQmfsYfEn2hW4BfuzWhoUogM0UPTqoNDDXrgXF2iIARCHynmbkiCEXO
ZsH3oJ7cqVMQPd0bJ+UkGjD93vMEqu6zQapfXuW/GEnhsCNlNtkNykxCZy+CuV3Y
kqXXRZPbi6bC+bNLSq+l2ljt/Wx2+6xfrgetylPce/95F906dTZ7l9Q7JPQGqyeU
YBqLPfqWpWCBdS0TmLxqWL66dMwGc14fONTIArZCssWGuA==
-----END CERTIFICATE-----