Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/5VwmCTLnzqsp_F21aezH9ecYLvQ.roa
File:                     5VwmCTLnzqsp_F21aezH9ecYLvQ.roa (raw, json)
Hash identifier:          E2dLHprk1pZxfKJ/tKlXONfVYcvDivDcPRh8OQHdwGI=
Subject key identifier:   E5:5C:26:09:32:E7:CE:AB:29:FC:5D:B5:69:EC:C7:F5:E7:18:2E:F4
Certificate issuer:       /CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Certificate serial:       018E0A8B3D192FFE464A9282E173186EAB59
Authority key identifier: 96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/5VwmCTLnzqsp_F21aezH9ecYLvQ.roa
Signing time:             Mon 04 Mar 2024 17:38:01 +0000
ROA not before:           Mon 04 Mar 2024 17:38:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31554
IP address blocks:        2a03:6fe0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/lirjRjk4sm-Dt28MTfgd-rsVpOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/lirjRjk4sm-Dt28MTfgd-rsVpOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:8b:3d:19:2f:fe:46:4a:92:82:e1:73:18:6e:ab:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
        Validity
            Not Before: Mar  4 17:38:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e55c260932e7ceab29fc5db569ecc7f5e7182ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6a:bb:37:76:b5:df:c3:00:1b:a6:10:50:17:
                    61:f3:c2:0c:2b:90:99:7d:cb:6c:84:ad:41:fa:35:
                    7a:76:56:45:07:7c:ee:6b:b0:be:b7:ca:15:8a:03:
                    50:db:20:b2:1d:b6:74:59:e4:41:98:70:6e:4e:09:
                    4e:54:b9:23:5e:91:ef:3d:f6:b8:54:a5:9a:b2:76:
                    1c:49:cf:35:39:10:f4:f6:c6:b2:55:51:09:c5:87:
                    64:ca:ec:d3:7e:82:57:64:df:7e:b6:6a:7b:e8:8b:
                    1a:1f:f7:39:dd:c5:52:9f:96:72:8a:b8:1d:05:71:
                    b2:5c:01:f1:d3:e6:df:68:45:0d:79:e5:5e:15:b5:
                    46:2d:c4:4c:9d:d5:47:85:01:6c:11:67:08:df:9c:
                    7a:1d:e1:49:3c:ce:5b:77:a3:a3:f9:1f:c7:b5:15:
                    9b:99:56:1c:b5:9d:a4:ca:62:e1:cc:57:dc:f1:45:
                    84:9b:ca:5c:ce:4c:84:44:8a:7e:97:61:4c:28:7a:
                    f3:2e:71:33:6b:6c:11:74:91:68:64:9c:03:fe:d4:
                    43:4f:2a:f9:2f:02:16:a2:09:bf:f0:79:9a:40:f6:
                    f1:fd:b0:ea:66:24:85:f1:23:41:4e:d2:3f:30:2e:
                    0e:d6:22:4a:97:e4:f9:fd:52:f6:63:c1:8f:87:f1:
                    fa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:5C:26:09:32:E7:CE:AB:29:FC:5D:B5:69:EC:C7:F5:E7:18:2E:F4
            X509v3 Authority Key Identifier:
                keyid:96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/5VwmCTLnzqsp_F21aezH9ecYLvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/lirjRjk4sm-Dt28MTfgd-rsVpOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6fe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:ab:fd:f7:3a:93:e7:a2:6a:25:78:96:e8:10:ab:3e:69:4c:
         d9:e9:61:03:0b:ce:64:2f:cd:f5:2d:0c:45:45:57:d7:86:d0:
         84:30:7c:62:7f:32:ae:30:09:6c:6d:ae:99:81:99:10:52:9c:
         30:ed:be:33:46:c5:25:67:af:f9:d0:52:a4:29:4e:99:d9:08:
         f4:13:a6:f8:0c:b2:8b:bd:16:f0:d4:75:8e:7b:4c:d1:42:38:
         37:7d:7e:4a:02:e2:5a:d4:95:85:5e:54:b8:14:e7:e8:11:f1:
         96:f0:0f:31:5a:ae:c9:ac:b5:06:fe:8b:c0:2f:ab:12:2f:41:
         5c:62:09:9b:4c:e8:89:33:bf:87:5b:50:39:85:af:08:99:80:
         d2:9f:27:96:27:f8:ee:74:1e:8f:9f:76:90:d5:90:e5:bb:28:
         72:81:2b:bd:20:ff:3a:aa:c1:8e:76:ca:a7:13:06:58:4e:c4:
         88:17:99:a4:b0:e1:af:51:ad:77:3f:6d:ad:91:6e:62:40:23:
         4e:bd:47:c9:83:fd:e1:a9:15:95:55:c0:1a:72:4f:a7:71:ea:
         42:29:8c:e0:0c:11:3e:d4:24:01:8e:33:60:09:32:bd:3f:22:
         e7:89:a6:b8:bf:c0:b9:04:c2:1e:5b:cb:58:75:1a:19:38:db:
         5e:43:70:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4Kiz0ZL/5GSpKC4XMYbqtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmFlMzQ2MzkzOGIyNmY4M2I3NmYwYzRkZjgxZGZhYmIx
NWE0ZWIwHhcNMjQwMzA0MTczODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTVjMjYwOTMyZTdjZWFiMjlmYzVkYjU2OWVjYzdmNWU3MTgyZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGq7N3a138MAG6YQUBdh88IMK5CZ
fctshK1B+jV6dlZFB3zua7C+t8oVigNQ2yCyHbZ0WeRBmHBuTglOVLkjXpHvPfa4
VKWasnYcSc81ORD09sayVVEJxYdkyuzTfoJXZN9+tmp76IsaH/c53cVSn5Zyirgd
BXGyXAHx0+bfaEUNeeVeFbVGLcRMndVHhQFsEWcI35x6HeFJPM5bd6Oj+R/HtRWb
mVYctZ2kymLhzFfc8UWEm8pczkyERIp+l2FMKHrzLnEza2wRdJFoZJwD/tRDTyr5
LwIWogm/8HmaQPbx/bDqZiSF8SNBTtI/MC4O1iJKl+T5/VL2Y8GPh/H6GwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOVcJgky586rKfxdtWnsx/XnGC70MB8GA1UdIwQY
MBaAFJYq40Y5OLJvg7dvDE34Hfq7FaTrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGlyalJqazRzbS1EdDI4TVRmZ2QtcnNWcE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iYjBmYzMtZDVmOS00YmY1LTk2ODMt
OWVkZjBkMTdmYjkxLzEvNVZ3bUNUTG56cXNwX0YyMWFlekg5ZWNZTHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iYjBmYzMtZDVmOS00YmY1LTk2ODMtOWVkZjBkMTdmYjkx
LzEvbGlyalJqazRzbS1EdDI4TVRmZ2QtcnNWcE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNv4DAN
BgkqhkiG9w0BAQsFAAOCAQEAlKv99zqT56JqJXiW6BCrPmlM2elhAwvOZC/N9S0M
RUVX14bQhDB8Yn8yrjAJbG2umYGZEFKcMO2+M0bFJWev+dBSpClOmdkI9BOm+Ayy
i70W8NR1jntM0UI4N31+SgLiWtSVhV5UuBTn6BHxlvAPMVquyay1Bv6LwC+rEi9B
XGIJm0zoiTO/h1tQOYWvCJmA0p8nlif47nQej592kNWQ5bsocoErvSD/OqrBjnbK
pxMGWE7EiBeZpLDhr1Gtdz9trZFuYkAjTr1HyYP94akVlVXAGnJPp3HqQimM4AwR
PtQkAY4zYAkyvT8i54mmuL/AuQTCHlvLWHUaGTjbXkNwVw==
-----END CERTIFICATE-----