Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/lMCe8vC7vsn9tIKAwLhQfIUNTRw.roa
File:                     lMCe8vC7vsn9tIKAwLhQfIUNTRw.roa (raw, json)
Hash identifier:          DGMWp3zE4mgSzb7HmMOK0MXvEDADUptAF/UgeaKskD0=
Subject key identifier:   94:C0:9E:F2:F0:BB:BE:C9:FD:B4:82:80:C0:B8:50:7C:85:0D:4D:1C
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018F05BC2A8FF79D319B3FCE633E5BFBE725
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/lMCe8vC7vsn9tIKAwLhQfIUNTRw.roa
Signing time:             Mon 22 Apr 2024 12:16:08 +0000
ROA not before:           Mon 22 Apr 2024 12:16:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:52c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:bc:2a:8f:f7:9d:31:9b:3f:ce:63:3e:5b:fb:e7:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 22 12:16:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94c09ef2f0bbbec9fdb48280c0b8507c850d4d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ac:31:d2:ef:2f:e5:36:fb:bb:da:36:af:12:
                    47:5c:86:0a:d1:07:ef:28:6a:91:02:e8:76:1f:90:
                    77:ff:9b:21:f1:e1:49:d5:cf:62:e5:b5:64:63:f7:
                    19:77:61:31:82:91:b9:c8:ec:6f:f6:b5:60:69:e4:
                    94:3b:aa:e4:0d:49:4d:b9:24:5f:b1:cf:14:d9:a3:
                    1c:d1:18:d7:47:b1:86:88:60:9f:e6:64:b3:6c:2a:
                    32:2a:05:98:fb:f7:fc:bd:de:6a:ce:59:2f:a9:e4:
                    34:62:ce:af:c8:a1:de:fb:33:ef:a8:2f:b1:55:97:
                    dc:29:05:fd:4a:6c:6f:a8:35:ad:1e:ba:b2:49:b3:
                    c4:2f:45:4b:8c:07:15:dc:5f:3f:f0:68:91:7f:b7:
                    b1:55:da:c5:fe:b8:fa:9c:b1:42:86:9d:3e:12:36:
                    51:f7:60:d6:86:8f:44:f8:97:98:fe:d4:9a:7f:2d:
                    84:6f:8b:7f:e2:78:be:4c:be:31:7b:22:37:2a:7f:
                    a5:31:c1:8a:86:c5:c3:37:ea:f4:57:82:c4:15:a5:
                    aa:16:93:7f:f2:78:2d:e7:2b:e3:8e:3d:f0:8f:20:
                    5b:3d:69:52:d5:9a:34:00:d7:8a:f2:6f:81:53:d1:
                    0d:f8:fe:59:6c:ac:29:c4:87:d3:7a:43:c0:e0:f7:
                    33:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C0:9E:F2:F0:BB:BE:C9:FD:B4:82:80:C0:B8:50:7C:85:0D:4D:1C
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/lMCe8vC7vsn9tIKAwLhQfIUNTRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:52c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:b7:93:2c:ac:d1:c4:78:11:65:41:29:f4:1d:39:45:c9:0c:
         84:3a:e2:1d:40:b3:0f:a7:e6:a8:4c:45:77:46:b2:a2:67:98:
         26:f5:90:c2:e1:53:0c:c0:f4:c8:75:da:c1:ed:36:be:8b:2a:
         3d:11:d3:df:fb:13:3a:c0:79:0d:ec:b8:2f:1c:f4:44:20:21:
         4c:ed:69:6b:f8:e8:13:c4:f5:6d:14:c5:57:f9:a2:e6:bc:e2:
         68:3e:a1:44:95:dc:c0:c1:5e:eb:63:c0:41:07:6f:86:89:12:
         92:f9:34:64:da:31:51:4a:db:07:4f:20:26:0e:3e:c0:8c:e8:
         58:28:48:5f:88:a5:ed:4f:ad:84:ee:e6:b6:18:da:5b:f2:96:
         8f:f7:bc:a3:15:e7:21:3b:10:c6:42:3f:f1:50:7c:d5:a3:1d:
         f2:c0:44:82:1a:58:b2:47:f8:08:db:58:62:7e:86:7d:d3:6c:
         f3:10:08:73:0d:78:50:69:cd:80:ad:94:38:d8:05:e4:d6:ba:
         0f:d9:1b:57:c7:23:f4:41:05:fb:ec:dd:c8:2f:4c:6b:21:e4:
         67:48:04:20:5c:23:bd:0d:a4:73:a6:16:f2:6b:58:58:0a:7a:
         61:02:2c:b3:4a:90:d9:82:17:ff:41:1f:c7:ec:0f:2d:ee:41:
         7f:77:d5:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8FvCqP950xmz/OYz5b++clMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNDIyMTIxNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGMwOWVmMmYwYmJiZWM5ZmRiNDgyODBjMGI4NTA3Yzg1MGQ0ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6wx0u8v5Tb7u9o2rxJHXIYK0Qfv
KGqRAuh2H5B3/5sh8eFJ1c9i5bVkY/cZd2ExgpG5yOxv9rVgaeSUO6rkDUlNuSRf
sc8U2aMc0RjXR7GGiGCf5mSzbCoyKgWY+/f8vd5qzlkvqeQ0Ys6vyKHe+zPvqC+x
VZfcKQX9SmxvqDWtHrqySbPEL0VLjAcV3F8/8GiRf7exVdrF/rj6nLFChp0+EjZR
92DWho9E+JeY/tSafy2Eb4t/4ni+TL4xeyI3Kn+lMcGKhsXDN+r0V4LEFaWqFpN/
8ngt5yvjjj3wjyBbPWlS1Zo0ANeK8m+BU9EN+P5ZbKwpxIfTekPA4PczJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJTAnvLwu77J/bSCgMC4UHyFDU0cMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvbE1DZTh2Qzd2c245dElLQXdMaFFmSVVOVFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5SxzAN
BgkqhkiG9w0BAQsFAAOCAQEAQreTLKzRxHgRZUEp9B05RckMhDriHUCzD6fmqExF
d0ayomeYJvWQwuFTDMD0yHXawe02vosqPRHT3/sTOsB5Dey4Lxz0RCAhTO1pa/jo
E8T1bRTFV/mi5rziaD6hRJXcwMFe62PAQQdvhokSkvk0ZNoxUUrbB08gJg4+wIzo
WChIX4il7U+thO7mthjaW/KWj/e8oxXnITsQxkI/8VB81aMd8sBEghpYskf4CNtY
Yn6GfdNs8xAIcw14UGnNgK2UONgF5Na6D9kbV8cj9EEF++zdyC9MayHkZ0gEIFwj
vQ2kc6YW8mtYWAp6YQIss0qQ2YIX/0Efx+wPLe5Bf3fVcQ==
-----END CERTIFICATE-----