Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/Nu1X3B7Aken878NVsIWYhkrsals.roa
File:                     Nu1X3B7Aken878NVsIWYhkrsals.roa (raw, json)
Hash identifier:          QiPuUtoIFrTjeSHmiqXYTehR/W/G0U6UCpG3n/Lr+LM=
Subject key identifier:   36:ED:57:DC:1E:C0:91:E9:FC:EF:C3:55:B0:85:98:86:4A:EC:6A:5B
Certificate issuer:       /CN=21351865b767dd7b9c22314bfc8055bd57db0065
Certificate serial:       018CC94E4A4E0E621628085D28B8A580DF8C
Authority key identifier: 21:35:18:65:B7:67:DD:7B:9C:22:31:4B:FC:80:55:BD:57:DB:00:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/Nu1X3B7Aken878NVsIWYhkrsals.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48292
IP address blocks:        2a0c:f587:ffff::/48 maxlen: 48
                          2a0c:f587:fffe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4a:4e:0e:62:16:28:08:5d:28:b8:a5:80:df:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21351865b767dd7b9c22314bfc8055bd57db0065
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36ed57dc1ec091e9fcefc355b08598864aec6a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d9:2c:05:1a:f8:3f:9a:b2:98:5f:5e:32:ae:
                    34:dd:2f:e4:aa:04:f1:a3:b9:e9:4f:55:00:7f:cf:
                    c0:be:3d:ad:d3:06:76:73:b3:63:6e:2e:6d:f9:e3:
                    be:8b:27:5c:30:c9:79:cb:d9:85:8b:c0:1c:2a:f5:
                    3c:e3:41:09:fb:6e:4a:5b:2d:fa:a9:db:7b:cd:ff:
                    17:01:66:19:ba:f1:6b:ab:0b:b7:fe:b5:4d:e1:8c:
                    be:6f:b5:29:13:4a:6e:37:b6:f6:d5:57:43:96:44:
                    32:e7:bf:f1:ba:c8:20:4f:ec:3c:00:e3:38:8e:3c:
                    34:93:fb:b1:48:ff:35:d4:1b:63:06:32:59:32:81:
                    a0:b7:0f:f1:e6:8a:b9:b2:35:84:c7:6c:cc:c8:4c:
                    d8:56:ec:ea:7c:bd:d7:70:19:4a:28:67:b2:9c:66:
                    2b:49:b6:d2:73:b1:21:a7:e0:5e:9b:16:35:b7:7e:
                    0d:94:76:bd:4e:47:57:db:0a:0a:a9:04:d7:27:7c:
                    6b:be:77:06:84:fb:f3:0b:92:0a:5c:63:65:77:d4:
                    dd:2a:92:6d:11:c1:c9:2f:ac:5f:29:c0:a0:03:e6:
                    c2:fc:b5:fe:61:9a:16:8e:db:8d:f8:74:90:a1:cd:
                    f2:d6:82:d5:86:4b:79:9d:23:cf:c5:f3:05:5f:62:
                    d9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:ED:57:DC:1E:C0:91:E9:FC:EF:C3:55:B0:85:98:86:4A:EC:6A:5B
            X509v3 Authority Key Identifier:
                keyid:21:35:18:65:B7:67:DD:7B:9C:22:31:4B:FC:80:55:BD:57:DB:00:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/Nu1X3B7Aken878NVsIWYhkrsals.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:f587:fffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         08:40:00:6c:2f:f4:82:20:18:6b:2a:c9:57:21:d4:d3:e3:55:
         29:83:99:51:07:47:2f:35:bf:b2:bd:07:b4:b7:f1:15:e6:d3:
         ef:f7:1a:2f:ba:58:66:e5:8b:0c:32:fd:41:29:9f:9f:25:45:
         ee:dc:ed:4a:52:a9:bf:91:86:99:00:f8:23:c6:b8:ff:83:d0:
         60:62:52:d0:33:51:75:b4:1f:dc:cf:f4:3a:44:fe:89:aa:cf:
         ba:a7:0d:0c:10:6c:10:f2:18:36:dc:58:60:bb:c7:30:da:19:
         c5:11:0b:97:57:7f:45:9c:56:59:0e:55:db:c8:44:47:69:e0:
         cd:11:1c:43:db:b1:48:16:90:46:93:39:68:c8:53:8f:79:e4:
         7a:37:3a:a0:63:a1:ff:ed:89:00:75:d9:00:ba:56:08:81:47:
         34:ac:5b:21:ed:35:48:f8:ee:25:ca:63:ef:a4:15:7a:bb:4e:
         c9:3c:bb:78:1a:8d:9c:f7:5e:b7:37:b9:83:f6:2c:1d:97:bd:
         bd:42:b3:4f:06:3d:5d:24:b6:6a:d1:e6:7a:59:c7:6d:5e:ed:
         39:98:2c:d1:44:fd:b6:99:77:7c:1c:55:a5:a3:eb:bb:d3:bb:
         81:4e:d1:af:24:87:d2:e6:3f:a7:2f:b1:ce:3d:f3:24:09:3d:
         a7:85:0e:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTkpODmIWKAhdKLilgN+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzUxODY1Yjc2N2RkN2I5YzIyMzE0YmZjODA1NWJkNTdk
YjAwNjUwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVkNTdkYzFlYzA5MWU5ZmNlZmMzNTViMDg1OTg4NjRhZWM2YTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9ksBRr4P5qymF9eMq403S/kqgTx
o7npT1UAf8/Avj2t0wZ2c7Njbi5t+eO+iydcMMl5y9mFi8AcKvU840EJ+25KWy36
qdt7zf8XAWYZuvFrqwu3/rVN4Yy+b7UpE0puN7b21VdDlkQy57/xusggT+w8AOM4
jjw0k/uxSP811BtjBjJZMoGgtw/x5oq5sjWEx2zMyEzYVuzqfL3XcBlKKGeynGYr
SbbSc7Ehp+BemxY1t34NlHa9TkdX2woKqQTXJ3xrvncGhPvzC5IKXGNld9TdKpJt
EcHJL6xfKcCgA+bC/LX+YZoWjtuN+HSQoc3y1oLVhkt5nSPPxfMFX2LZbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDbtV9wewJHp/O/DVbCFmIZK7GpbMB8GA1UdIwQY
MBaAFCE1GGW3Z917nCIxS/yAVb1X2wBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRVWVpiZG4zWHVjSWpGTF9JQlZ2VmZiQUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lNTJiMDctZjJhNC00N2MxLTk0NjAt
MWU0ZTA0MDA4NDRiLzEvTnUxWDNCN0FrZW44NzhOVnNJV1loa3JzYWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lNTJiMDctZjJhNC00N2MxLTk0NjAtMWU0ZTA0MDA4NDRi
LzEvSVRVWVpiZG4zWHVjSWpGTF9JQlZ2VmZiQUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgz1h//+
MA0GCSqGSIb3DQEBCwUAA4IBAQAIQABsL/SCIBhrKslXIdTT41Upg5lRB0cvNb+y
vQe0t/EV5tPv9xovulhm5YsMMv1BKZ+fJUXu3O1KUqm/kYaZAPgjxrj/g9BgYlLQ
M1F1tB/cz/Q6RP6Jqs+6pw0MEGwQ8hg23Fhgu8cw2hnFEQuXV39FnFZZDlXbyERH
aeDNERxD27FIFpBGkzloyFOPeeR6NzqgY6H/7YkAddkAulYIgUc0rFsh7TVI+O4l
ymPvpBV6u07JPLt4Go2c9163N7mD9iwdl729QrNPBj1dJLZq0eZ6WcdtXu05mCzR
RP22mXd8HFWlo+u707uBTtGvJIfS5j+nL7HOPfMkCT2nhQ6X
-----END CERTIFICATE-----