Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/i51s5Gd-XNGTVnJ6E_-6-ydCd30.roa
File:                     i51s5Gd-XNGTVnJ6E_-6-ydCd30.roa (raw, json)
Hash identifier:          YpWFPXIujybYV1DF0/5LsDM1rdqLov2ncF2XiYU8PY4=
Subject key identifier:   8B:9D:6C:E4:67:7E:5C:D1:93:56:72:7A:13:FF:BA:FB:27:42:77:7D
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD6C1788CB01E9B9E9DEEC5320395
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/i51s5Gd-XNGTVnJ6E_-6-ydCd30.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42683
IP address blocks:        2a02:2698:5800::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d6:c1:78:8c:b0:1e:9b:9e:9d:ee:c5:32:03:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b9d6ce4677e5cd19356727a13ffbafb2742777d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:52:c0:bb:75:f1:8c:b4:ba:ed:1c:47:59:db:
                    3b:7c:6e:f5:de:6c:84:de:fa:e2:b2:d5:89:26:bd:
                    6e:e1:e2:c6:dd:3e:e8:71:b2:a1:6c:03:50:cf:bf:
                    34:8a:52:bb:08:fd:b9:dd:a9:0d:2d:ff:26:2c:e9:
                    55:15:28:3a:31:59:28:9c:71:a1:bb:39:8c:61:95:
                    5c:2a:6a:97:d6:58:81:78:bb:17:53:dc:66:36:e9:
                    fa:80:ce:31:4f:5a:14:5a:16:6b:3e:e3:8f:31:4a:
                    a5:93:df:cd:4b:4f:e7:81:45:d3:37:36:04:b5:b9:
                    03:e0:81:87:50:9f:5f:52:fe:d3:73:98:78:12:68:
                    3d:1f:1f:ae:ed:30:6c:c1:7e:db:d3:a0:19:8a:64:
                    fc:bd:a8:e4:0e:08:e0:9e:4a:b0:8d:63:cc:03:27:
                    92:db:be:ab:ff:99:3b:f4:78:d4:48:0b:7c:32:d4:
                    45:f7:b1:09:17:5e:a9:1a:82:35:96:e0:d9:fb:e8:
                    32:ea:37:87:7e:5f:6a:28:cb:18:54:fa:07:43:ac:
                    eb:54:8b:29:5b:8c:05:bb:cb:a2:39:c8:ed:09:cc:
                    49:cc:60:b8:31:3f:ff:90:cd:79:12:8c:8a:49:12:
                    d4:d3:dd:0d:96:c9:ab:df:ca:02:82:99:e7:05:61:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:9D:6C:E4:67:7E:5C:D1:93:56:72:7A:13:FF:BA:FB:27:42:77:7D
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/i51s5Gd-XNGTVnJ6E_-6-ydCd30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:5800::/38

    Signature Algorithm: sha256WithRSAEncryption
         b5:44:c0:01:fd:82:fd:b1:05:4b:4c:b1:ce:6b:86:f0:79:86:
         8b:f9:ab:68:86:42:55:fc:7f:86:ce:ea:8d:60:ac:dd:bf:2d:
         9c:57:7e:a6:7d:cb:40:48:7b:34:ff:9c:21:52:1d:f7:dd:f4:
         81:f9:6c:93:a1:68:55:4f:ab:d1:7d:1d:d1:06:da:c3:03:72:
         8d:93:66:2c:bf:50:88:ec:bd:c5:f2:04:b0:94:18:c4:7d:41:
         75:63:51:e4:3c:76:46:fd:6e:4d:bb:d5:d4:1d:be:62:88:d0:
         d5:ef:20:bd:aa:12:33:14:a4:4d:c6:56:9e:b7:e2:48:e7:4f:
         a2:9f:a3:f9:c1:85:43:4c:2d:d0:dc:99:d7:ae:d0:49:74:e6:
         59:20:28:c0:08:45:cb:68:b3:06:5c:e6:8e:0c:a4:2c:4a:4e:
         b5:54:8a:c6:21:73:9a:67:32:92:8e:4b:3e:d3:aa:b2:a5:53:
         37:a5:60:01:28:bc:71:e2:a8:b0:ec:af:8a:72:17:8b:89:fa:
         21:2e:d2:a1:c0:a7:18:8c:2b:b3:07:50:45:91:51:fc:59:ea:
         f4:ab:f7:bf:2c:73:2d:d7:5c:c1:12:a0:7b:a4:8f:f8:95:0f:
         58:41:49:a2:d9:7e:f3:75:4c:7b:21:16:6e:88:96:02:05:68:
         9b:c9:f9:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNbBeIywHpuene7FMgOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjlkNmNlNDY3N2U1Y2QxOTM1NjcyN2ExM2ZmYmFmYjI3NDI3NzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlLAu3XxjLS67RxHWds7fG713myE
3vristWJJr1u4eLG3T7ocbKhbANQz780ilK7CP253akNLf8mLOlVFSg6MVkonHGh
uzmMYZVcKmqX1liBeLsXU9xmNun6gM4xT1oUWhZrPuOPMUqlk9/NS0/ngUXTNzYE
tbkD4IGHUJ9fUv7Tc5h4Emg9Hx+u7TBswX7b06AZimT8vajkDgjgnkqwjWPMAyeS
276r/5k79HjUSAt8MtRF97EJF16pGoI1luDZ++gy6jeHfl9qKMsYVPoHQ6zrVIsp
W4wFu8uiOcjtCcxJzGC4MT//kM15EoyKSRLU090Nlsmr38oCgpnnBWF61wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIudbORnflzRk1ZyehP/uvsnQnd9MB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvaTUxczVHZC1YTkdUVm5KNkVfLTYteWRDZDMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmFgw
DQYJKoZIhvcNAQELBQADggEBALVEwAH9gv2xBUtMsc5rhvB5hov5q2iGQlX8f4bO
6o1grN2/LZxXfqZ9y0BIezT/nCFSHffd9IH5bJOhaFVPq9F9HdEG2sMDco2TZiy/
UIjsvcXyBLCUGMR9QXVjUeQ8dkb9bk271dQdvmKI0NXvIL2qEjMUpE3GVp634kjn
T6Kfo/nBhUNMLdDcmdeu0El05lkgKMAIRctoswZc5o4MpCxKTrVUisYhc5pnMpKO
Sz7TqrKlUzelYAEovHHiqLDsr4pyF4uJ+iEu0qHApxiMK7MHUEWRUfxZ6vSr978s
cy3XXMESoHukj/iVD1hBSaLZfvN1THshFm6IlgIFaJvJ+R4=
-----END CERTIFICATE-----