Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/cx6RSFKGRMysR8-lxazbdzOwPgM.roa
File:                     cx6RSFKGRMysR8-lxazbdzOwPgM.roa (raw, json)
Hash identifier:          gcM5nphMQqNN9jdFYbLQLoofVnR6R7ovN8nbROZhraA=
Subject key identifier:   73:1E:91:48:52:86:44:CC:AC:47:CF:A5:C5:AC:DB:77:33:B0:3E:03
Certificate issuer:       /CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
Certificate serial:       018D9011649204F3A66CCDD0E7668C4FDF7E
Authority key identifier: C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/cx6RSFKGRMysR8-lxazbdzOwPgM.roa
Signing time:             Fri 09 Feb 2024 22:51:15 +0000
ROA not before:           Fri 09 Feb 2024 22:51:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0f:ff40:c0f3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 01:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:90:11:64:92:04:f3:a6:6c:cd:d0:e7:66:8c:4f:df:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
        Validity
            Not Before: Feb  9 22:51:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=731e9148528644ccac47cfa5c5acdb7733b03e03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8d:01:5b:3d:85:54:0a:da:2c:69:ad:2c:86:
                    d2:bc:8f:b3:82:dd:9a:dd:f3:da:c2:f0:d5:8a:7e:
                    9f:bd:24:21:f7:93:e5:d2:5e:ae:a1:bc:66:c0:86:
                    2d:82:a4:6c:74:65:70:ad:7b:9c:94:53:85:5e:81:
                    b8:a6:c3:7b:b7:97:74:7f:f3:7a:4e:3d:c4:c3:8a:
                    a5:44:7c:15:0a:86:78:a1:e3:10:e7:f4:eb:75:4c:
                    d2:7f:26:61:38:db:22:f9:b9:ba:3b:22:63:48:17:
                    98:ca:59:e7:af:48:fc:c5:f4:ce:0d:d2:c7:73:29:
                    e4:b5:7c:3b:00:88:13:d0:6b:52:fe:72:2d:db:09:
                    29:a6:06:d0:81:b4:e0:bd:c9:c5:c8:f5:2d:e6:bf:
                    16:b4:01:2a:66:05:c6:19:8e:01:af:36:44:a6:99:
                    56:54:6b:9f:85:a9:c6:bf:48:e6:3e:79:73:b3:7c:
                    5e:d0:66:e6:65:f2:64:a3:46:67:0c:07:c0:dd:c0:
                    57:26:16:3e:22:e1:b6:4a:89:4d:ca:67:5a:63:e2:
                    8b:09:f3:39:65:fa:5e:f4:26:61:72:ff:7f:09:68:
                    e5:9a:a4:62:40:8d:c8:56:6e:cc:6b:af:d6:c6:3f:
                    52:b4:a7:c5:d1:3f:1c:c9:0e:e7:a1:e0:2d:a4:4c:
                    75:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:1E:91:48:52:86:44:CC:AC:47:CF:A5:C5:AC:DB:77:33:B0:3E:03
            X509v3 Authority Key Identifier:
                keyid:C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/cx6RSFKGRMysR8-lxazbdzOwPgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40:c0f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:ed:2b:41:93:91:e7:74:30:18:d4:e0:4a:9b:a4:61:33:6b:
         d5:57:e1:f5:e7:5c:77:76:14:b5:c3:19:d6:96:fa:68:9b:ac:
         da:12:6c:97:89:4d:a9:7a:54:cb:c3:38:4e:f4:45:ec:0a:b9:
         41:e0:d1:ea:a3:39:8a:5e:a5:fa:b5:8b:a5:e9:3c:b8:dc:0a:
         1c:18:94:f6:43:82:80:3a:c8:2c:36:4e:c0:62:8d:ea:f2:04:
         a2:55:0a:d0:99:7f:ef:d6:8b:97:72:ce:b0:5b:94:7a:43:55:
         15:0e:ad:c8:22:9f:24:a0:74:c5:50:8e:d2:25:a4:c9:d3:6c:
         6c:d4:78:a3:4f:6f:52:94:5e:e5:9a:4f:4a:05:4c:8f:26:ee:
         cf:c2:6b:02:de:52:59:c4:0f:55:c3:cc:46:fa:23:b8:65:e6:
         66:d3:af:9a:ed:8a:c0:9a:b7:a4:09:42:d4:1d:02:be:79:9e:
         f1:9f:b0:d5:e0:f2:6c:c7:b1:b1:77:1e:2c:d7:7d:c0:3a:e5:
         ac:b9:ec:21:15:1a:49:da:fe:cc:74:45:41:22:6b:9b:0e:69:
         5b:9f:a2:30:a1:25:d1:71:a3:c4:63:06:eb:62:c1:ef:90:ea:
         37:0e:58:d6:5f:43:4e:fd:1a:06:d0:85:66:74:49:9e:22:f6:
         71:4f:2b:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2QEWSSBPOmbM3Q52aMT99+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ODQ5MjMyZTM5NDNiZjI1N2M5ZGNhZWFiMGVmOTJkMzBh
NGNmYWQwHhcNMjQwMjA5MjI1MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFlOTE0ODUyODY0NGNjYWM0N2NmYTVjNWFjZGI3NzMzYjAzZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY0BWz2FVAraLGmtLIbSvI+zgt2a
3fPawvDVin6fvSQh95Pl0l6uobxmwIYtgqRsdGVwrXuclFOFXoG4psN7t5d0f/N6
Tj3Ew4qlRHwVCoZ4oeMQ5/TrdUzSfyZhONsi+bm6OyJjSBeYylnnr0j8xfTODdLH
cynktXw7AIgT0GtS/nIt2wkppgbQgbTgvcnFyPUt5r8WtAEqZgXGGY4BrzZEpplW
VGufhanGv0jmPnlzs3xe0GbmZfJko0ZnDAfA3cBXJhY+IuG2SolNymdaY+KLCfM5
Zfpe9CZhcv9/CWjlmqRiQI3IVm7Ma6/Wxj9StKfF0T8cyQ7noeAtpEx1owIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHMekUhShkTMrEfPpcWs23czsD4DMB8GA1UdIwQY
MBaAFMWEkjLjlDvyV8ncrqsO+S0wpM+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYt
YWZhOTE3YmRmN2QxLzEvY3g2UlNGS0dSTXlzUjgtbHhhemJkek93UGdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYtYWZhOTE3YmRmN2Qx
LzEveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg//QMDz
MA0GCSqGSIb3DQEBCwUAA4IBAQA57StBk5HndDAY1OBKm6RhM2vVV+H151x3dhS1
wxnWlvpom6zaEmyXiU2pelTLwzhO9EXsCrlB4NHqozmKXqX6tYul6Ty43AocGJT2
Q4KAOsgsNk7AYo3q8gSiVQrQmX/v1ouXcs6wW5R6Q1UVDq3IIp8koHTFUI7SJaTJ
02xs1HijT29SlF7lmk9KBUyPJu7PwmsC3lJZxA9Vw8xG+iO4ZeZm06+a7YrAmrek
CULUHQK+eZ7xn7DV4PJsx7Gxdx4s133AOuWsuewhFRpJ2v7MdEVBImubDmlbn6Iw
oSXRcaPEYwbrYsHvkOo3DljWX0NO/RoG0IVmdEmeIvZxTysP
-----END CERTIFICATE-----