Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/5g3GZwQJmW0kd5JOfezGQomeAJw.roa
File:                     5g3GZwQJmW0kd5JOfezGQomeAJw.roa (raw, json)
Hash identifier:          09QYZZAZeIu8+g1HBI+maIAR1g/486+pOcJFJGFMAxo=
Subject key identifier:   E6:0D:C6:67:04:09:99:6D:24:77:92:4E:7D:EC:C6:42:89:9E:00:9C
Certificate issuer:       /CN=41e383c5807e9b32f576d0a5b8ee7744cacfb717
Certificate serial:       018F05F898952102040756819886C5A15791
Authority key identifier: 41:E3:83:C5:80:7E:9B:32:F5:76:D0:A5:B8:EE:77:44:CA:CF:B7:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/5g3GZwQJmW0kd5JOfezGQomeAJw.roa
Signing time:             Mon 22 Apr 2024 13:22:09 +0000
ROA not before:           Mon 22 Apr 2024 13:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400989
IP address blocks:        2a06:9080::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:f8:98:95:21:02:04:07:56:81:98:86:c5:a1:57:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41e383c5807e9b32f576d0a5b8ee7744cacfb717
        Validity
            Not Before: Apr 22 13:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e60dc6670409996d2477924e7decc642899e009c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e0:1b:7d:a9:c3:0a:fd:ef:96:b6:b0:db:35:
                    30:43:eb:01:04:b4:c5:9e:cb:8d:83:c4:27:a8:77:
                    0a:77:09:fb:25:fd:a8:d7:b4:43:84:d4:c0:02:c6:
                    0d:4e:5a:0f:6f:3c:59:ff:91:9e:66:b7:c0:db:ed:
                    e7:8f:50:dd:0d:61:fa:e2:e8:57:8a:2c:da:97:70:
                    64:0b:f2:0e:ec:ec:06:0c:17:9e:fd:09:21:c9:0c:
                    45:d6:65:47:36:27:82:9b:26:db:21:c8:78:57:6e:
                    46:06:83:1b:21:f6:26:55:22:b7:9e:75:f9:36:eb:
                    0e:aa:05:10:63:65:f6:93:a3:91:99:68:ac:64:73:
                    75:76:c6:47:77:58:08:d8:ec:ce:dd:ed:bf:bf:ba:
                    05:8a:e0:ba:6f:c6:2f:f0:6d:25:48:86:d3:e9:86:
                    b7:ae:32:be:d8:04:7e:f9:e5:34:6f:cf:a5:97:55:
                    30:4b:65:95:76:b9:a6:39:4e:45:51:17:65:55:22:
                    3c:73:c2:19:31:0c:ea:dc:e8:71:f3:a2:88:c7:67:
                    bb:1c:8b:95:be:c2:7c:04:80:b1:05:9c:f1:20:69:
                    c2:d2:eb:bd:ec:69:d5:76:7b:27:2c:32:cc:69:75:
                    0d:ee:97:00:0b:5f:31:64:f9:99:cf:96:3b:07:a0:
                    8f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:0D:C6:67:04:09:99:6D:24:77:92:4E:7D:EC:C6:42:89:9E:00:9C
            X509v3 Authority Key Identifier:
                keyid:41:E3:83:C5:80:7E:9B:32:F5:76:D0:A5:B8:EE:77:44:CA:CF:B7:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/5g3GZwQJmW0kd5JOfezGQomeAJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9080::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:a9:94:cd:36:60:3d:b2:83:1d:a3:51:32:14:b4:0f:e6:cb:
         e8:63:bc:7a:75:7e:74:ac:da:1e:f4:e6:08:14:47:54:ce:ee:
         22:d0:ec:85:c8:34:bb:d9:07:e7:3a:cb:f1:f7:a2:ac:a2:93:
         8e:d3:d4:50:ab:b9:75:eb:c5:3c:fb:49:4c:a2:46:51:6c:dc:
         e7:7d:cc:2b:c9:76:e7:7c:8e:fe:d9:f2:86:a0:09:6d:7e:09:
         9a:ff:43:74:0e:2c:9f:2d:7c:6b:77:18:63:41:16:91:f4:34:
         4f:b9:d8:1b:36:96:db:51:8f:8c:8b:bc:57:7e:1c:e4:81:9c:
         4d:fe:34:98:53:21:38:25:dc:6c:77:0a:0f:b9:14:63:ff:5a:
         7c:0b:87:bf:4c:8e:12:ee:ad:f3:cf:7a:a7:23:82:8b:aa:8d:
         7e:69:45:d4:0a:d3:b4:60:4d:7c:10:1f:bc:d8:2e:d1:fa:8b:
         2b:d4:4f:c6:3d:02:18:0f:fd:7a:90:6d:db:0a:c9:2b:c9:3e:
         b1:e1:ee:13:ed:86:38:a2:33:ed:ed:f4:cc:3b:5c:4e:c7:79:
         cf:ea:f8:0c:c8:10:53:27:90:93:80:25:e8:a3:64:5d:ee:88:
         72:61:97:85:9b:59:e9:f2:b3:e8:7b:87:f7:01:68:d5:ca:d3:
         a0:c2:f9:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8F+JiVIQIEB1aBmIbFoVeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZTM4M2M1ODA3ZTliMzJmNTc2ZDBhNWI4ZWU3NzQ0Y2Fj
ZmI3MTcwHhcNMjQwNDIyMTMyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjBkYzY2NzA0MDk5OTZkMjQ3NzkyNGU3ZGVjYzY0Mjg5OWUwMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOAbfanDCv3vlraw2zUwQ+sBBLTF
nsuNg8QnqHcKdwn7Jf2o17RDhNTAAsYNTloPbzxZ/5GeZrfA2+3nj1DdDWH64uhX
iizal3BkC/IO7OwGDBee/QkhyQxF1mVHNieCmybbIch4V25GBoMbIfYmVSK3nnX5
NusOqgUQY2X2k6ORmWisZHN1dsZHd1gI2OzO3e2/v7oFiuC6b8Yv8G0lSIbT6Ya3
rjK+2AR++eU0b8+ll1UwS2WVdrmmOU5FURdlVSI8c8IZMQzq3Ohx86KIx2e7HIuV
vsJ8BICxBZzxIGnC0uu97GnVdnsnLDLMaXUN7pcAC18xZPmZz5Y7B6CP8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOYNxmcECZltJHeSTn3sxkKJngCcMB8GA1UdIwQY
MBaAFEHjg8WAfpsy9XbQpbjud0TKz7cXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWVPRHhZQi1tekwxZHRDbHVPNTNSTXJQdHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hZWE0NjUtYmE0NS00OWFjLTljNjgt
N2I0MWZhYmM2ZjY3LzEvNWczR1p3UUptVzBrZDVKT2ZlekdRb21lQUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hZWE0NjUtYmE0NS00OWFjLTljNjgtN2I0MWZhYmM2ZjY3
LzEvUWVPRHhZQi1tekwxZHRDbHVPNTNSTXJQdHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgaQgDAN
BgkqhkiG9w0BAQsFAAOCAQEAjKmUzTZgPbKDHaNRMhS0D+bL6GO8enV+dKzaHvTm
CBRHVM7uItDshcg0u9kH5zrL8feirKKTjtPUUKu5devFPPtJTKJGUWzc533MK8l2
53yO/tnyhqAJbX4Jmv9DdA4sny18a3cYY0EWkfQ0T7nYGzaW21GPjIu8V34c5IGc
Tf40mFMhOCXcbHcKD7kUY/9afAuHv0yOEu6t8896pyOCi6qNfmlF1ArTtGBNfBAf
vNgu0fqLK9RPxj0CGA/9epBt2wrJK8k+seHuE+2GOKIz7e30zDtcTsd5z+r4DMgQ
UyeQk4Al6KNkXe6IcmGXhZtZ6fKz6HuH9wFo1crToML5aA==
-----END CERTIFICATE-----