Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/261EOmxPKe9Mji5TsQKH65dSiCs.roa
File:                     261EOmxPKe9Mji5TsQKH65dSiCs.roa (raw, json)
Hash identifier:          /MqE6UiSqhEs9LSGy0oSxFhR0rqQJ/oZI8d9cnH6go0=
Subject key identifier:   DB:AD:44:3A:6C:4F:29:EF:4C:8E:2E:53:B1:02:87:EB:97:52:88:2B
Certificate issuer:       /CN=4098174db451d9fefdeec15f9b9c7929daae9980
Certificate serial:       018CC50137AC8E0169C6E150232A9CBE2327
Authority key identifier: 40:98:17:4D:B4:51:D9:FE:FD:EE:C1:5F:9B:9C:79:29:DA:AE:99:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QJgXTbRR2f797sFfm5x5KdqumYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/261EOmxPKe9Mji5TsQKH65dSiCs.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60019
IP address blocks:        2a02:7d60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/QJgXTbRR2f797sFfm5x5KdqumYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/QJgXTbRR2f797sFfm5x5KdqumYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QJgXTbRR2f797sFfm5x5KdqumYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:37:ac:8e:01:69:c6:e1:50:23:2a:9c:be:23:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4098174db451d9fefdeec15f9b9c7929daae9980
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbad443a6c4f29ef4c8e2e53b10287eb9752882b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5a:02:26:34:9a:6f:1a:ae:da:5b:4c:22:21:
                    d7:5c:e5:ef:ac:58:12:41:83:3e:8b:43:83:ba:61:
                    50:7a:22:d5:a5:0d:a8:0d:c9:83:ae:b6:c5:35:e7:
                    29:84:a8:1c:a6:b5:f3:9b:df:9f:91:17:dc:43:41:
                    29:49:fb:80:1f:03:66:72:9b:e9:dc:c8:86:03:b1:
                    11:45:13:e8:37:23:f3:2a:ce:79:b0:73:9b:f1:56:
                    c5:5c:1f:90:5b:9f:b9:e2:2a:3c:ec:69:b1:6a:d7:
                    71:0e:66:a6:fb:be:4a:ad:ee:ac:fe:df:8b:7d:6f:
                    b2:2d:8a:7e:fc:2d:44:a8:89:ba:65:d8:15:83:2d:
                    bb:0f:d3:2c:c6:8e:74:ca:e4:13:c5:b1:33:78:19:
                    42:c3:e9:37:48:62:f4:a2:b3:e9:8e:d8:bc:5e:e9:
                    f3:ba:f5:62:52:ca:0f:03:54:76:e6:4f:f1:6d:f2:
                    89:79:e8:2f:75:05:80:8f:8c:45:cb:2d:bf:e7:2e:
                    65:c7:23:b9:55:07:63:79:99:62:f8:2e:77:17:04:
                    a9:82:97:b0:a2:a8:ab:9e:6e:56:35:64:68:2a:ea:
                    7b:0a:6b:e9:d3:d3:0b:fe:7f:e1:ab:f3:47:ef:dc:
                    88:01:d7:3a:c7:b8:1a:fb:09:a3:3e:87:5c:3a:68:
                    e5:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AD:44:3A:6C:4F:29:EF:4C:8E:2E:53:B1:02:87:EB:97:52:88:2B
            X509v3 Authority Key Identifier:
                keyid:40:98:17:4D:B4:51:D9:FE:FD:EE:C1:5F:9B:9C:79:29:DA:AE:99:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QJgXTbRR2f797sFfm5x5KdqumYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/261EOmxPKe9Mji5TsQKH65dSiCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/7e1057-3d1a-4f6a-bf87-cfa8f9d9f81c/1/QJgXTbRR2f797sFfm5x5KdqumYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7d60::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:a0:92:21:36:05:cf:4c:1f:87:b4:9d:b5:13:7c:60:5e:54:
         69:56:a1:af:03:07:29:4d:4b:66:9c:76:80:88:d0:5d:75:6f:
         38:d3:a7:fe:db:4f:4c:44:d4:5e:ae:e9:c8:ea:be:5e:8b:2b:
         82:4b:9c:c8:08:a4:81:ba:39:1d:fa:83:7c:54:0e:cc:0c:a2:
         74:b9:ca:b9:d1:c5:f1:ee:df:76:8d:d4:26:3c:f7:8a:d5:01:
         9e:e9:64:1a:04:df:69:30:5b:b7:2c:c0:4f:c5:1b:e2:da:dc:
         5d:cc:4c:f0:dd:f5:d2:4a:57:8c:c8:df:09:6b:e9:b2:bb:75:
         0a:0d:29:ec:ad:c0:97:0a:da:cd:95:e1:ed:f1:68:ac:47:d3:
         17:83:47:aa:7e:7e:a9:f0:a4:00:d7:84:87:2f:ea:d9:36:2f:
         5f:88:e1:64:93:91:3a:aa:f2:11:68:44:46:65:02:65:9f:b6:
         be:3d:46:ce:6c:2e:5b:16:67:da:d7:8f:1e:a6:4c:ba:d4:3f:
         74:78:6b:64:2d:93:12:27:02:6b:9b:6d:71:ef:db:fa:c6:de:
         10:ce:30:a1:9c:a9:d1:de:27:e9:f1:59:09:05:a1:95:03:14:
         00:82:14:67:5d:07:4c:52:cf:37:07:4f:f0:18:cd:da:d0:28:
         ba:e4:c7:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFATesjgFpxuFQIyqcviMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOTgxNzRkYjQ1MWQ5ZmVmZGVlYzE1ZjliOWM3OTI5ZGFh
ZTk5ODAwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFkNDQzYTZjNGYyOWVmNGM4ZTJlNTNiMTAyODdlYjk3NTI4ODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjloCJjSabxqu2ltMIiHXXOXvrFgS
QYM+i0ODumFQeiLVpQ2oDcmDrrbFNecphKgcprXzm9+fkRfcQ0EpSfuAHwNmcpvp
3MiGA7ERRRPoNyPzKs55sHOb8VbFXB+QW5+54io87GmxatdxDmam+75Kre6s/t+L
fW+yLYp+/C1EqIm6ZdgVgy27D9Msxo50yuQTxbEzeBlCw+k3SGL0orPpjti8Xunz
uvViUsoPA1R25k/xbfKJeegvdQWAj4xFyy2/5y5lxyO5VQdjeZli+C53FwSpgpew
oqirnm5WNWRoKup7Cmvp09ML/n/hq/NH79yIAdc6x7ga+wmjPodcOmjlSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNutRDpsTynvTI4uU7ECh+uXUogrMB8GA1UdIwQY
MBaAFECYF020Udn+/e7BX5uceSnarpmAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUpnWFRiUlIyZjc5N3NGZm01eDVLZHF1bVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83ZTEwNTctM2QxYS00ZjZhLWJmODct
Y2ZhOGY5ZDlmODFjLzEvMjYxRU9teFBLZTlNamk1VHNRS0g2NWRTaUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83ZTEwNTctM2QxYS00ZjZhLWJmODctY2ZhOGY5ZDlmODFj
LzEvUUpnWFRiUlIyZjc5N3NGZm01eDVLZHF1bVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgJ9YDAN
BgkqhkiG9w0BAQsFAAOCAQEANKCSITYFz0wfh7SdtRN8YF5UaVahrwMHKU1LZpx2
gIjQXXVvONOn/ttPTETUXq7pyOq+XosrgkucyAikgbo5HfqDfFQOzAyidLnKudHF
8e7fdo3UJjz3itUBnulkGgTfaTBbtyzAT8Ub4trcXcxM8N310kpXjMjfCWvpsrt1
Cg0p7K3AlwrazZXh7fForEfTF4NHqn5+qfCkANeEhy/q2TYvX4jhZJOROqryEWhE
RmUCZZ+2vj1GzmwuWxZn2tePHqZMutQ/dHhrZC2TEicCa5ttce/b+sbeEM4woZyp
0d4n6fFZCQWhlQMUAIIUZ10HTFLPNwdP8BjN2tAouuTHTg==
-----END CERTIFICATE-----