Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/0f2682-9878-416b-965c-40aac6396777/1/XeniVCb1jyaCDYp5QsoVDwBQBOw.roa
File:                     XeniVCb1jyaCDYp5QsoVDwBQBOw.roa (raw, json)
Hash identifier:          pCTT+sHw4XUHhcgJRO5sn4V/jDzElMGOeOwwOIBBxEc=
Subject key identifier:   5D:E9:E2:54:26:F5:8F:26:82:0D:8A:79:42:CA:15:0F:00:50:04:EC
Certificate issuer:       /CN=9a380c55c46117f9d0f9f89f885fd8ac584c72e7
Certificate serial:       018E6113184B9F76AF6D5F7488C08A200C21
Authority key identifier: 9A:38:0C:55:C4:61:17:F9:D0:F9:F8:9F:88:5F:D8:AC:58:4C:72:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjgMVcRhF_nQ-fifiF_YrFhMcuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/0f2682-9878-416b-965c-40aac6396777/1/XeniVCb1jyaCDYp5QsoVDwBQBOw.roa
Signing time:             Thu 21 Mar 2024 12:53:45 +0000
ROA not before:           Thu 21 Mar 2024 12:53:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216361
IP address blocks:        2a0b:6740::/48 maxlen: 48
                          2a0b:6740:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/0f2682-9878-416b-965c-40aac6396777/1/mjgMVcRhF_nQ-fifiF_YrFhMcuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/0f2682-9878-416b-965c-40aac6396777/1/mjgMVcRhF_nQ-fifiF_YrFhMcuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mjgMVcRhF_nQ-fifiF_YrFhMcuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:13:18:4b:9f:76:af:6d:5f:74:88:c0:8a:20:0c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a380c55c46117f9d0f9f89f885fd8ac584c72e7
        Validity
            Not Before: Mar 21 12:53:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5de9e25426f58f26820d8a7942ca150f005004ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a1:a4:f4:1c:5d:9f:8e:04:cf:b0:56:ef:37:
                    09:34:b9:43:33:34:3d:b3:2c:e0:f4:eb:dd:5b:5b:
                    70:4b:ac:df:4b:10:19:de:11:1d:e8:45:a2:a3:b7:
                    1c:9e:08:b5:1a:bb:2e:dc:e6:31:9e:02:5b:26:70:
                    d0:2a:e6:da:43:60:d3:f5:76:49:6b:d6:51:4c:99:
                    f1:f9:6a:7b:a1:43:64:57:c5:2c:7c:c5:45:de:9f:
                    57:ba:66:22:0e:5e:46:6d:bb:bd:d7:ec:0f:89:2d:
                    17:41:81:4b:0e:8e:d3:1b:24:c4:0c:23:0f:1c:4e:
                    88:f4:f9:e5:3c:02:1c:e2:6a:09:2f:18:64:f5:d6:
                    4a:9d:35:2d:13:a9:96:22:c3:74:b1:0f:0d:51:19:
                    d4:c3:a1:ac:49:3b:5f:93:05:a9:c3:7f:5d:05:5c:
                    64:70:1f:28:73:45:1e:25:22:08:91:94:30:98:5c:
                    47:9c:cf:c1:1f:ae:90:3f:f5:8b:32:99:5d:2a:a8:
                    6f:df:61:40:6a:da:f8:71:c7:1c:72:c5:50:80:ad:
                    4a:6c:d2:9e:80:f2:8d:0e:7e:7b:37:58:cc:4b:b6:
                    42:41:bb:96:ff:72:5c:76:53:7f:7a:e7:47:05:e3:
                    89:25:c7:48:7a:33:78:e9:82:25:83:06:13:ad:0d:
                    19:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:E9:E2:54:26:F5:8F:26:82:0D:8A:79:42:CA:15:0F:00:50:04:EC
            X509v3 Authority Key Identifier:
                keyid:9A:38:0C:55:C4:61:17:F9:D0:F9:F8:9F:88:5F:D8:AC:58:4C:72:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjgMVcRhF_nQ-fifiF_YrFhMcuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/0f2682-9878-416b-965c-40aac6396777/1/XeniVCb1jyaCDYp5QsoVDwBQBOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/0f2682-9878-416b-965c-40aac6396777/1/mjgMVcRhF_nQ-fifiF_YrFhMcuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6740::/47

    Signature Algorithm: sha256WithRSAEncryption
         5f:f2:29:88:76:b0:16:10:e4:53:66:63:b6:cf:2f:16:c5:39:
         0f:a2:3e:5c:ff:4c:ab:d6:73:8a:b2:82:c2:08:54:4e:39:2f:
         fd:13:f3:cd:06:f5:77:4b:f1:cd:56:5a:cf:1f:51:17:bc:70:
         d8:98:e6:68:27:b9:6d:fe:c5:e1:3a:fb:2f:72:04:88:04:1d:
         5e:15:bb:c6:fd:e5:5a:02:c4:87:db:aa:c6:40:66:1f:4d:c8:
         16:43:1c:95:27:25:a5:0d:15:f0:29:cf:0c:fe:5e:0c:35:ff:
         6e:db:f7:ce:6d:a8:c8:5f:66:44:59:05:d6:99:f7:0f:16:e3:
         51:4d:ec:82:44:39:35:06:11:22:88:d1:77:42:d2:dc:a0:5f:
         da:7a:ec:66:4a:59:03:0a:90:1a:59:10:d2:f6:08:de:78:5e:
         6e:b7:db:5d:fc:ec:58:ba:38:a6:54:81:18:e8:66:2d:b6:66:
         e1:47:d9:af:2b:de:81:44:18:e7:3b:30:33:9d:44:35:17:89:
         91:1b:3e:f0:01:8b:1c:43:f9:65:de:48:b2:44:45:02:a9:77:
         1a:bc:61:b7:57:60:b5:ce:35:62:a5:60:9d:cb:5f:b5:a9:72:
         2c:ba:3b:ad:f1:0e:66:d1:43:92:0f:0b:61:f4:09:3e:5c:49:
         d5:1c:4f:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5hExhLn3avbV90iMCKIAwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMzgwYzU1YzQ2MTE3ZjlkMGY5Zjg5Zjg4NWZkOGFjNTg0
YzcyZTcwHhcNMjQwMzIxMTI1MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGU5ZTI1NDI2ZjU4ZjI2ODIwZDhhNzk0MmNhMTUwZjAwNTAwNGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6Gk9Bxdn44Ez7BW7zcJNLlDMzQ9
syzg9OvdW1twS6zfSxAZ3hEd6EWio7ccngi1Grsu3OYxngJbJnDQKubaQ2DT9XZJ
a9ZRTJnx+Wp7oUNkV8UsfMVF3p9XumYiDl5Gbbu91+wPiS0XQYFLDo7TGyTEDCMP
HE6I9PnlPAIc4moJLxhk9dZKnTUtE6mWIsN0sQ8NURnUw6GsSTtfkwWpw39dBVxk
cB8oc0UeJSIIkZQwmFxHnM/BH66QP/WLMpldKqhv32FAatr4cccccsVQgK1KbNKe
gPKNDn57N1jMS7ZCQbuW/3JcdlN/eudHBeOJJcdIejN46YIlgwYTrQ0ZFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF3p4lQm9Y8mgg2KeULKFQ8AUATsMB8GA1UdIwQY
MBaAFJo4DFXEYRf50Pn4n4hf2KxYTHLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWpnTVZjUmhGX25RLWZpZmlGX1lyRmhNY3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8wZjI2ODItOTg3OC00MTZiLTk2NWMt
NDBhYWM2Mzk2Nzc3LzEvWGVuaVZDYjFqeWFDRFlwNVFzb1ZEd0JRQk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8wZjI2ODItOTg3OC00MTZiLTk2NWMtNDBhYWM2Mzk2Nzc3
LzEvbWpnTVZjUmhGX25RLWZpZmlGX1lyRmhNY3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgtnQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBf8imIdrAWEORTZmO2zy8WxTkPoj5c/0yr1nOK
soLCCFROOS/9E/PNBvV3S/HNVlrPH1EXvHDYmOZoJ7lt/sXhOvsvcgSIBB1eFbvG
/eVaAsSH26rGQGYfTcgWQxyVJyWlDRXwKc8M/l4MNf9u2/fObajIX2ZEWQXWmfcP
FuNRTeyCRDk1BhEiiNF3QtLcoF/aeuxmSlkDCpAaWRDS9gjeeF5ut9td/OxYujim
VIEY6GYttmbhR9mvK96BRBjnOzAznUQ1F4mRGz7wAYscQ/ll3kiyREUCqXcavGG3
V2C1zjVipWCdy1+1qXIsujut8Q5m0UOSDwth9Ak+XEnVHE+W
-----END CERTIFICATE-----