Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/Xuii6IX1hB0EakRrKZ24JjO4hZY.roa
File:                     Xuii6IX1hB0EakRrKZ24JjO4hZY.roa (raw, json)
Hash identifier:          A2XqILgJ2etNHIl+MAiotqVvDGXzgNELqomOQeQCjA0=
Subject key identifier:   5E:E8:A2:E8:85:F5:84:1D:04:6A:44:6B:29:9D:B8:26:33:B8:85:96
Certificate issuer:       /CN=3188fae3ebbb3d74feeddcf507f83e67db8850a2
Certificate serial:       018CC425321E735A8E21F3307EB309F06CC4
Authority key identifier: 31:88:FA:E3:EB:BB:3D:74:FE:ED:DC:F5:07:F8:3E:67:DB:88:50:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/Xuii6IX1hB0EakRrKZ24JjO4hZY.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33988
IP address blocks:        2a0b:8f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:32:1e:73:5a:8e:21:f3:30:7e:b3:09:f0:6c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3188fae3ebbb3d74feeddcf507f83e67db8850a2
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ee8a2e885f5841d046a446b299db82633b88596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c0:d8:dc:42:97:33:ee:2f:12:ff:e4:b1:96:
                    fd:42:c9:93:07:e6:d9:17:d6:5f:2e:ed:e4:7f:ff:
                    19:58:5e:45:1d:77:7b:bf:e4:6d:b4:83:f7:da:0f:
                    03:4e:4b:14:f0:e8:c4:88:14:df:66:b9:76:78:80:
                    f6:4e:da:ae:67:2d:0f:12:cd:af:50:b4:2c:1b:3d:
                    04:ce:13:29:e8:3b:45:02:29:a6:6b:27:51:01:43:
                    d4:c7:ab:28:64:5b:74:45:c9:03:f5:98:19:12:72:
                    6b:0a:36:ee:67:85:46:2d:b3:39:c3:ba:57:d8:ec:
                    7a:40:d6:65:44:97:a7:9a:a6:40:ca:50:d2:01:b5:
                    b3:0d:d2:42:f9:17:b6:49:50:78:81:4e:ed:28:35:
                    37:56:74:9d:de:a8:e1:72:5d:4d:6c:40:21:80:d9:
                    1c:13:b1:2e:30:f9:3b:3b:ee:d9:d3:61:35:89:c7:
                    e8:74:b8:1b:b1:d1:d5:86:9f:6d:c6:9d:66:c0:2e:
                    20:9e:cc:c5:f7:ea:92:49:42:ac:fe:3a:a0:65:4a:
                    89:9e:66:24:29:dd:d0:3c:61:a9:57:18:4a:56:88:
                    d3:69:d7:96:11:1f:a9:92:47:a9:01:22:db:ad:75:
                    b6:f5:fe:e9:80:b6:a8:ae:9f:fe:bd:7f:f8:be:25:
                    f3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E8:A2:E8:85:F5:84:1D:04:6A:44:6B:29:9D:B8:26:33:B8:85:96
            X509v3 Authority Key Identifier:
                keyid:31:88:FA:E3:EB:BB:3D:74:FE:ED:DC:F5:07:F8:3E:67:DB:88:50:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/Xuii6IX1hB0EakRrKZ24JjO4hZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:a6:68:f0:43:ea:82:00:ed:b2:ea:e3:a4:e4:9b:5d:2a:a6:
         a3:8e:9b:0d:98:4f:a6:84:5d:99:d0:7d:c0:c1:08:1f:45:15:
         80:15:63:e3:dd:c2:e4:0e:c1:01:6b:df:af:b3:d0:64:c1:45:
         00:9a:f8:34:53:ff:a1:9f:81:93:9a:38:8a:da:ce:80:7d:87:
         20:c5:2a:4b:b2:37:ef:34:7c:71:16:14:a9:bf:38:64:a2:4a:
         fb:7e:23:e2:bd:a1:a8:12:c7:25:33:4b:0c:6b:9e:da:28:de:
         d4:05:00:a1:c4:dd:9e:da:44:0b:cc:ab:ee:da:13:c1:f6:d0:
         e1:4a:05:ef:41:c7:5f:56:e7:ce:a2:e9:70:51:16:71:6b:a0:
         4f:f2:e1:70:0f:9d:b1:ae:80:67:f0:a5:2f:de:c8:20:07:20:
         13:49:39:a7:e0:c9:fa:f9:6c:2e:2e:f3:9f:a7:5a:ab:e5:2c:
         af:31:2a:25:25:bf:fa:ee:93:d0:8b:4e:09:2e:d5:ac:95:a5:
         c6:13:8e:12:c8:dd:70:f6:de:04:1b:d7:d4:bb:bc:42:90:df:
         80:99:e8:90:29:36:0a:aa:7e:a9:ee:33:50:0a:7b:bc:c8:81:
         06:cd:3f:fa:22:93:b7:d2:5b:74:7f:2a:b5:92:c4:a0:4d:39:
         2b:71:b5:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJTIec1qOIfMwfrMJ8GzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODhmYWUzZWJiYjNkNzRmZWVkZGNmNTA3ZjgzZTY3ZGI4
ODUwYTIwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWU4YTJlODg1ZjU4NDFkMDQ2YTQ0NmIyOTlkYjgyNjMzYjg4NTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncDY3EKXM+4vEv/ksZb9QsmTB+bZ
F9ZfLu3kf/8ZWF5FHXd7v+RttIP32g8DTksU8OjEiBTfZrl2eID2TtquZy0PEs2v
ULQsGz0EzhMp6DtFAimmaydRAUPUx6soZFt0RckD9ZgZEnJrCjbuZ4VGLbM5w7pX
2Ox6QNZlRJenmqZAylDSAbWzDdJC+Re2SVB4gU7tKDU3VnSd3qjhcl1NbEAhgNkc
E7EuMPk7O+7Z02E1icfodLgbsdHVhp9txp1mwC4gnszF9+qSSUKs/jqgZUqJnmYk
Kd3QPGGpVxhKVojTadeWER+pkkepASLbrXW29f7pgLaorp/+vX/4viXz7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF7oouiF9YQdBGpEaymduCYzuIWWMB8GA1UdIwQY
MBaAFDGI+uPruz10/u3c9Qf4PmfbiFCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlqNjQtdTdQWFQtN2R6MUJfZy1aOXVJVUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9lYTI5ZjItYzM0MC00ZDYxLWI1YmIt
Yjg1M2RmZjg3NjVjLzEvWHVpaTZJWDFoQjBFYWtScktaMjRKak80aFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9lYTI5ZjItYzM0MC00ZDYxLWI1YmItYjg1M2RmZjg3NjVj
LzEvTVlqNjQtdTdQWFQtN2R6MUJfZy1aOXVJVUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKguPADAN
BgkqhkiG9w0BAQsFAAOCAQEAIKZo8EPqggDtsurjpOSbXSqmo46bDZhPpoRdmdB9
wMEIH0UVgBVj493C5A7BAWvfr7PQZMFFAJr4NFP/oZ+Bk5o4itrOgH2HIMUqS7I3
7zR8cRYUqb84ZKJK+34j4r2hqBLHJTNLDGue2ije1AUAocTdntpEC8yr7toTwfbQ
4UoF70HHX1bnzqLpcFEWcWugT/LhcA+dsa6AZ/ClL97IIAcgE0k5p+DJ+vlsLi7z
n6daq+UsrzEqJSW/+u6T0ItOCS7VrJWlxhOOEsjdcPbeBBvX1Lu8QpDfgJnokCk2
Cqp+qe4zUAp7vMiBBs0/+iKTt9JbdH8qtZLEoE05K3G1Zg==
-----END CERTIFICATE-----