Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/pUvABHJDBnmQiAlG-IGQNvmR8Xc.roa
File:                     pUvABHJDBnmQiAlG-IGQNvmR8Xc.roa (raw, json)
Hash identifier:          uLpR+tUaPqKcvHq8mfxn0lgytCp07uPA4ikw5aVNcGE=
Subject key identifier:   A5:4B:C0:04:72:43:06:79:90:88:09:46:F8:81:90:36:F9:91:F1:77
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       018CC727234400555A08E407DE54923060BD
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/pUvABHJDBnmQiAlG-IGQNvmR8Xc.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201086
IP address blocks:        2a0e:9c00::/29 maxlen: 29
                          2a0c:f340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:23:44:00:55:5a:08:e4:07:de:54:92:30:60:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a54bc0047243067990880946f8819036f991f177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8a:3f:60:d5:46:69:7a:56:fa:02:77:e0:ab:
                    06:f3:5b:c5:e6:67:9b:16:60:8e:5d:98:a1:2a:ab:
                    b9:f9:35:8f:a5:21:98:d8:9e:55:de:54:b5:b3:b5:
                    e3:27:99:68:08:aa:97:55:5b:8f:29:ef:8f:e2:cb:
                    c4:8d:a0:7a:44:a6:4e:82:4e:d9:2b:ab:fc:85:8c:
                    8b:bc:63:83:67:1f:d1:e0:54:80:7b:c5:08:8b:df:
                    40:09:9b:a0:cb:0b:07:a9:88:33:93:7c:f3:6e:e6:
                    da:ea:e5:7e:5c:8f:f4:ef:f4:52:4f:d5:50:ba:32:
                    71:a2:86:f0:a5:df:d3:7a:08:14:56:74:34:98:14:
                    73:9c:df:47:aa:ca:9e:42:f5:0c:61:50:a9:8c:9e:
                    c9:1f:d9:00:e6:9e:0e:74:90:a5:99:35:fb:18:d2:
                    e4:35:f5:2b:c3:83:47:62:90:20:ae:2e:4f:d3:9b:
                    b8:fa:e1:d3:8c:75:27:9f:b2:00:1c:81:43:02:f9:
                    66:e1:f2:ad:41:3a:ec:5e:30:6b:d6:a1:c9:bf:a6:
                    5e:5f:aa:44:c4:95:41:22:46:c8:fb:c7:77:5d:8f:
                    be:21:7d:52:8d:83:65:ee:f1:f1:34:6f:30:b8:ee:
                    c9:d9:ff:bb:a4:a8:d4:28:fa:57:83:af:70:f2:88:
                    8f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:4B:C0:04:72:43:06:79:90:88:09:46:F8:81:90:36:F9:91:F1:77
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/pUvABHJDBnmQiAlG-IGQNvmR8Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f340::/32
                  2a0e:9c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:98:20:f9:53:de:14:a1:f9:24:c1:ae:6e:ec:8a:d1:8f:22:
         25:5a:7d:76:92:b1:c3:d9:78:0a:fb:3b:81:b0:8e:e5:0e:57:
         b4:2f:25:3d:73:15:1c:f0:22:1b:e1:5b:58:f5:8a:93:75:d3:
         17:a7:e1:73:51:c2:9b:7c:ec:55:a9:f4:e7:36:6a:cc:48:cb:
         3c:3f:b9:1f:7c:a6:a2:c0:07:cc:19:0d:5e:83:33:e8:94:63:
         8a:d1:37:7d:fd:f3:d6:f2:cb:2b:7f:79:f5:7e:29:48:22:86:
         36:1d:91:fe:41:2f:df:0f:53:bf:ec:aa:0a:80:28:0a:7f:9c:
         49:d3:91:b9:91:db:2b:c6:25:12:c5:d5:46:ee:71:76:bc:30:
         0b:94:37:c0:4c:30:94:b9:71:45:d8:e3:e9:ff:84:bc:ac:55:
         ec:43:ca:e2:8e:d6:69:9c:60:a5:f3:d0:58:76:30:0e:d2:ae:
         a7:a6:2a:22:2f:e7:20:f5:06:88:ca:1a:30:c9:d7:33:69:7e:
         31:d3:c9:ed:28:87:bb:e8:01:5d:4e:6a:b2:dd:04:e5:94:6e:
         8b:7a:cf:43:59:7e:aa:4c:2c:33:a0:5f:0b:c4:83:86:30:41:
         0a:2c:b5:8d:7c:0b:5e:b5:23:09:88:d1:3d:c1:d8:35:82:0f:
         11:f6:3d:7a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHJyNEAFVaCOQH3lSSMGC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTRiYzAwNDcyNDMwNjc5OTA4ODA5NDZmODgxOTAzNmY5OTFmMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYo/YNVGaXpW+gJ34KsG81vF5meb
FmCOXZihKqu5+TWPpSGY2J5V3lS1s7XjJ5loCKqXVVuPKe+P4svEjaB6RKZOgk7Z
K6v8hYyLvGODZx/R4FSAe8UIi99ACZugywsHqYgzk3zzbuba6uV+XI/07/RST9VQ
ujJxoobwpd/TeggUVnQ0mBRznN9HqsqeQvUMYVCpjJ7JH9kA5p4OdJClmTX7GNLk
NfUrw4NHYpAgri5P05u4+uHTjHUnn7IAHIFDAvlm4fKtQTrsXjBr1qHJv6ZeX6pE
xJVBIkbI+8d3XY++IX1SjYNl7vHxNG8wuO7J2f+7pKjUKPpXg69w8oiPJQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKVLwARyQwZ5kIgJRviBkDb5kfF3MB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvcFV2QUJISkRCbm1RaUFsRy1JR1FOdm1SOFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgzzQAMF
AyoOnAAwDQYJKoZIhvcNAQELBQADggEBAG2YIPlT3hSh+STBrm7sitGPIiVafXaS
scPZeAr7O4GwjuUOV7QvJT1zFRzwIhvhW1j1ipN10xen4XNRwpt87FWp9Oc2asxI
yzw/uR98pqLAB8wZDV6DM+iUY4rRN33989byyyt/efV+KUgihjYdkf5BL98PU7/s
qgqAKAp/nEnTkbmR2yvGJRLF1UbucXa8MAuUN8BMMJS5cUXY4+n/hLysVexDyuKO
1mmcYKXz0Fh2MA7SrqemKiIv5yD1BojKGjDJ1zNpfjHTye0oh7voAV1OarLdBOWU
bot6z0NZfqpMLDOgXwvEg4YwQQostY18C161IwmI0T3B2DWCDxH2PXo=
-----END CERTIFICATE-----