Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/K5MPNM_REsrL1Gzd6Ea-dQtNmpk.roa
File:                     K5MPNM_REsrL1Gzd6Ea-dQtNmpk.roa (raw, json)
Hash identifier:          d8UKSCVvhO3P3PhNxkyDjTr1suZiirslIHJKZEMNrgk=
Subject key identifier:   2B:93:0F:34:CF:D1:12:CA:CB:D4:6C:DD:E8:46:BE:75:0B:4D:9A:99
Certificate issuer:       /CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
Certificate serial:       018CCA2A759CFE6BF33BB718650F90A42782
Authority key identifier: 38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/K5MPNM_REsrL1Gzd6Ea-dQtNmpk.roa
Signing time:             Tue 02 Jan 2024 12:33:49 +0000
ROA not before:           Tue 02 Jan 2024 12:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32519
IP address blocks:        2a07:aec0::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:75:9c:fe:6b:f3:3b:b7:18:65:0f:90:a4:27:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
        Validity
            Not Before: Jan  2 12:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b930f34cfd112cacbd46cdde846be750b4d9a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:51:c3:f9:5a:51:6d:9e:8c:4e:6c:f7:49:
                    c2:7d:ac:e0:be:bb:ac:7e:81:64:7e:9b:11:85:8f:
                    bf:79:df:fa:4e:4d:63:8c:5e:00:7e:3c:82:0d:68:
                    d1:9e:b0:3e:9c:48:76:49:58:d2:9a:ad:3b:40:16:
                    0a:a5:a1:d4:96:ec:ab:50:fd:47:49:b4:d0:53:5a:
                    ba:84:4d:50:67:c1:b1:8c:c6:33:c7:e4:14:9a:7b:
                    8c:ab:e1:42:72:3d:26:91:d3:69:fa:a5:f7:53:0b:
                    00:7a:31:2e:49:82:da:ae:f5:70:0a:e8:c0:83:bd:
                    4e:8e:3d:1c:5b:5d:ff:99:29:19:83:4f:ef:a5:9e:
                    a1:1d:94:f3:4a:09:e7:e4:a4:18:5f:d4:7b:98:1a:
                    61:b9:fc:aa:86:2e:c0:50:25:a3:70:93:e0:ae:35:
                    b7:32:3e:bb:d0:31:25:e5:35:70:c3:c4:82:cd:94:
                    38:0c:2e:20:b2:da:9c:fd:78:92:b4:49:e5:4c:cf:
                    43:5a:eb:bc:83:9a:4a:3f:06:05:68:47:b2:1f:d0:
                    20:83:48:fe:0b:9d:8e:56:44:96:66:11:77:10:cb:
                    13:69:7a:1c:00:ab:ee:52:91:a4:90:97:6a:21:20:
                    70:84:a2:61:67:ef:17:7f:66:7f:d9:bf:8f:a9:47:
                    38:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:93:0F:34:CF:D1:12:CA:CB:D4:6C:DD:E8:46:BE:75:0B:4D:9A:99
            X509v3 Authority Key Identifier:
                keyid:38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/K5MPNM_REsrL1Gzd6Ea-dQtNmpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:aec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:16:23:c1:a9:0a:6c:fa:52:bb:44:a9:7b:ad:2a:f3:52:20:
         1f:38:c6:2b:a5:85:d3:b2:c8:a8:92:25:95:cf:57:48:40:34:
         56:04:73:35:7b:a2:b8:ad:a7:60:28:65:bb:c5:73:ec:52:90:
         16:8c:39:bf:3b:df:a5:26:af:ab:a7:77:18:c0:a9:2a:5a:de:
         80:3e:00:26:96:08:45:95:18:26:c7:ea:0c:e5:60:bb:81:95:
         7b:8c:08:31:58:87:db:e0:e4:01:a5:6b:9f:a0:61:27:e6:b8:
         93:02:6e:cb:34:87:66:e5:0b:2a:85:76:d8:9d:a8:56:87:2f:
         4d:7f:dc:8d:a8:94:77:aa:76:10:bb:e3:a3:38:92:6b:db:f4:
         80:56:ea:a2:64:bd:87:2c:76:2c:b4:76:6b:05:5d:a7:d2:f7:
         e5:be:05:26:66:c8:2f:da:7d:8e:41:9c:b3:0c:c3:6c:b0:fe:
         c0:1e:fb:60:7f:f1:ee:96:0e:aa:4b:f1:e8:17:50:68:ea:7e:
         b2:bf:31:38:a8:af:51:f7:c6:48:fc:9d:af:44:62:a2:d6:95:
         1a:79:e9:11:6e:14:51:9f:f7:d0:16:ba:02:bb:83:e4:d0:e7:
         e3:a7:75:24:82:35:c1:6c:1c:a7:6b:a8:75:98:d7:f8:15:b9:
         fc:6d:95:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKnWc/mvzO7cYZQ+QpCeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmQ2ZDhlYmI4MjQwNGQ1NzA5MzUxYmMyMzI5YTBlZTQz
YTlhNDMwHhcNMjQwMTAyMTIzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjkzMGYzNGNmZDExMmNhY2JkNDZjZGRlODQ2YmU3NTBiNGQ5YTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8lRw/laUW2ejE5s90nCfazgvrus
foFkfpsRhY+/ed/6Tk1jjF4AfjyCDWjRnrA+nEh2SVjSmq07QBYKpaHUluyrUP1H
SbTQU1q6hE1QZ8GxjMYzx+QUmnuMq+FCcj0mkdNp+qX3UwsAejEuSYLarvVwCujA
g71Ojj0cW13/mSkZg0/vpZ6hHZTzSgnn5KQYX9R7mBphufyqhi7AUCWjcJPgrjW3
Mj670DEl5TVww8SCzZQ4DC4gstqc/XiStEnlTM9DWuu8g5pKPwYFaEeyH9Agg0j+
C52OVkSWZhF3EMsTaXocAKvuUpGkkJdqISBwhKJhZ+8Xf2Z/2b+PqUc4eQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCuTDzTP0RLKy9Rs3ehGvnULTZqZMB8GA1UdIwQY
MBaAFDi9bY67gkBNVwk1G8Iymg7kOppDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUt
OGM5NTM5ZjQ0NGM2LzEvSzVNUE5NX1JFc3JMMUd6ZDZFYS1kUXRObXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUtOGM5NTM5ZjQ0NGM2
LzEvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgeuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAihYjwakKbPpSu0Spe60q81IgHzjGK6WF07LIqJIl
lc9XSEA0VgRzNXuiuK2nYChlu8Vz7FKQFow5vzvfpSavq6d3GMCpKlregD4AJpYI
RZUYJsfqDOVgu4GVe4wIMViH2+DkAaVrn6BhJ+a4kwJuyzSHZuULKoV22J2oVocv
TX/cjaiUd6p2ELvjoziSa9v0gFbqomS9hyx2LLR2awVdp9L35b4FJmbIL9p9jkGc
swzDbLD+wB77YH/x7pYOqkvx6BdQaOp+sr8xOKivUffGSPydr0RiotaVGnnpEW4U
UZ/30Ba6AruD5NDn46d1JII1wWwcp2uodZjX+BW5/G2V3Q==
-----END CERTIFICATE-----