Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/73Wbn-XZdpVD8_PaiycS2ddFdFg.roa
File:                     73Wbn-XZdpVD8_PaiycS2ddFdFg.roa (raw, json)
Hash identifier:          iVl1apo5jLRVbCk77jbYDrYWyKE4Jp73jp/j5lpDGb0=
Subject key identifier:   EF:75:9B:9F:E5:D9:76:95:43:F3:F3:DA:8B:27:12:D9:D7:45:74:58
Certificate issuer:       /CN=36574be6ae76cd523b33787cfbdb69264263d074
Certificate serial:       018CC72762DA4FEBD2EEFF90694D53E2C215
Authority key identifier: 36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/73Wbn-XZdpVD8_PaiycS2ddFdFg.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6831
IP address blocks:        2a04:6580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:62:da:4f:eb:d2:ee:ff:90:69:4d:53:e2:c2:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36574be6ae76cd523b33787cfbdb69264263d074
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef759b9fe5d9769543f3f3da8b2712d9d7457458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:93:5b:19:2b:34:7c:12:0c:f2:0d:e5:54:a9:
                    fc:1e:f6:b8:4a:56:ee:1c:8f:11:ca:5e:47:52:5d:
                    38:95:66:a2:a2:d8:0c:1c:f4:7c:3c:a5:8d:10:0c:
                    02:b5:3b:60:19:2a:b0:70:87:9b:97:f8:4d:80:84:
                    ee:10:b3:81:ec:78:69:a7:dd:13:e5:71:ae:2b:1f:
                    72:aa:d4:f7:1d:a1:cb:95:e9:d5:62:88:78:1a:6b:
                    18:dc:08:47:d2:13:26:31:65:07:12:2e:ea:ea:52:
                    4d:82:11:86:52:c0:c7:67:53:08:7a:70:07:cf:a8:
                    f4:58:b2:0d:02:3c:f6:8c:17:bc:15:07:6a:b0:94:
                    e9:f4:0a:37:50:a1:15:3c:8d:8e:3f:63:91:bb:a0:
                    f2:4e:e9:29:68:a5:24:80:54:19:7d:6f:b7:41:f1:
                    60:fe:1f:57:c1:8a:3f:a9:63:ce:c7:b4:2b:57:9c:
                    87:c5:02:a6:db:b7:a9:c4:4f:1c:bc:83:71:39:22:
                    82:1e:dc:b2:ad:f0:b8:d0:2d:69:59:4f:51:4c:04:
                    c9:fd:ad:52:03:07:b8:d1:95:8e:4d:3e:26:3c:ea:
                    b6:20:b8:79:f9:8d:e6:a0:c6:87:8c:46:f3:dd:93:
                    7c:0a:9c:ef:b8:8c:89:3c:9c:5b:39:07:4c:e7:be:
                    04:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:75:9B:9F:E5:D9:76:95:43:F3:F3:DA:8B:27:12:D9:D7:45:74:58
            X509v3 Authority Key Identifier:
                keyid:36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/73Wbn-XZdpVD8_PaiycS2ddFdFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6580::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:37:5f:79:86:90:eb:48:0d:ff:85:a0:76:29:c6:cd:16:e1:
         20:47:cd:9c:69:cd:46:f5:f3:c3:ce:f5:d3:24:32:58:5c:5a:
         26:6f:85:06:a5:36:16:e9:f4:6a:d0:82:e2:d4:0c:c5:8d:25:
         a2:bc:ac:ac:c7:d2:dd:fd:91:3f:c3:9f:7a:b3:c7:ae:9e:eb:
         03:ba:77:1e:e8:98:90:d2:cb:3b:76:01:b4:77:b6:7d:cc:82:
         55:45:c8:be:f7:1e:19:49:f6:e1:fd:57:8f:88:60:c3:4a:bc:
         ce:16:0a:01:8e:82:56:eb:2b:68:89:ce:ec:d4:c4:c8:6e:30:
         d8:b4:c9:b2:43:e8:33:13:b9:be:18:33:14:bd:1a:85:c2:83:
         b8:7d:3c:f4:f4:4f:c1:71:08:49:2f:7a:8d:a2:d5:57:45:d9:
         11:60:b4:2c:92:b0:5d:72:51:66:ac:e3:f3:83:bc:44:a3:e5:
         81:25:ed:f6:90:a2:54:b2:44:01:25:81:1f:dd:74:2d:3d:2f:
         d0:30:5e:81:cc:de:6d:f9:24:4f:7c:e6:0e:27:83:61:92:eb:
         c5:df:6a:06:15:7f:b8:61:55:71:42:b1:a3:06:40:e0:de:b0:
         d2:6b:fd:ae:65:66:2c:de:26:c3:a7:56:72:c7:f1:9c:71:9e:
         b0:ec:16:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ2LaT+vS7v+QaU1T4sIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NTc0YmU2YWU3NmNkNTIzYjMzNzg3Y2ZiZGI2OTI2NDI2
M2QwNzQwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjc1OWI5ZmU1ZDk3Njk1NDNmM2YzZGE4YjI3MTJkOWQ3NDU3NDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JNbGSs0fBIM8g3lVKn8Hva4Slbu
HI8Ryl5HUl04lWaiotgMHPR8PKWNEAwCtTtgGSqwcIebl/hNgITuELOB7Hhpp90T
5XGuKx9yqtT3HaHLlenVYoh4GmsY3AhH0hMmMWUHEi7q6lJNghGGUsDHZ1MIenAH
z6j0WLINAjz2jBe8FQdqsJTp9Ao3UKEVPI2OP2ORu6DyTukpaKUkgFQZfW+3QfFg
/h9XwYo/qWPOx7QrV5yHxQKm27epxE8cvINxOSKCHtyyrfC40C1pWU9RTATJ/a1S
Awe40ZWOTT4mPOq2ILh5+Y3moMaHjEbz3ZN8CpzvuIyJPJxbOQdM574EKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO91m5/l2XaVQ/Pz2osnEtnXRXRYMB8GA1UdIwQY
MBaAFDZXS+auds1SOzN4fPvbaSZCY9B0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMt
MThkZWQ4MGI0YjVkLzEvNzNXYm4tWFpkcFZEOF9QYWl5Y1MyZGRGZEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMtMThkZWQ4MGI0YjVk
LzEvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgRlgDAN
BgkqhkiG9w0BAQsFAAOCAQEAsjdfeYaQ60gN/4WgdinGzRbhIEfNnGnNRvXzw871
0yQyWFxaJm+FBqU2Fun0atCC4tQMxY0lorysrMfS3f2RP8OferPHrp7rA7p3HuiY
kNLLO3YBtHe2fcyCVUXIvvceGUn24f1Xj4hgw0q8zhYKAY6CVusraInO7NTEyG4w
2LTJskPoMxO5vhgzFL0ahcKDuH089PRPwXEISS96jaLVV0XZEWC0LJKwXXJRZqzj
84O8RKPlgSXt9pCiVLJEASWBH910LT0v0DBegczebfkkT3zmDieDYZLrxd9qBhV/
uGFVcUKxowZA4N6w0mv9rmVmLN4mw6dWcsfxnHGesOwWbQ==
-----END CERTIFICATE-----