Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/mLxf1O8ylCsupJ74wJM-9y9IxH8.roa
File:                     mLxf1O8ylCsupJ74wJM-9y9IxH8.roa (raw, json)
Hash identifier:          pZTEZgicYMV5ir1ijyVAV1nTspS1ONCdQzVu9B0r1p0=
Subject key identifier:   98:BC:5F:D4:EF:32:94:2B:2E:A4:9E:F8:C0:93:3E:F7:2F:48:C4:7F
Certificate issuer:       /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial:       018EA576B93B73574BADC95CD7918ECD434D
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/mLxf1O8ylCsupJ74wJM-9y9IxH8.roa
Signing time:             Wed 03 Apr 2024 19:36:44 +0000
ROA not before:           Wed 03 Apr 2024 19:36:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215250
IP address blocks:        2a06:d1c3::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:76:b9:3b:73:57:4b:ad:c9:5c:d7:91:8e:cd:43:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
        Validity
            Not Before: Apr  3 19:36:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98bc5fd4ef32942b2ea49ef8c0933ef72f48c47f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9d:c1:28:4e:e8:a3:e1:1d:63:1a:3a:1a:2c:
                    50:07:42:a7:e1:5d:82:82:25:57:ea:41:52:9f:ae:
                    27:d3:e8:67:91:b1:a3:04:05:6c:f3:fe:72:d1:d2:
                    20:34:0f:03:ee:cd:76:ec:e3:fa:5a:36:44:c5:51:
                    9e:71:ff:3d:d8:03:4d:fb:24:3d:09:9a:8d:8e:5d:
                    99:86:74:7f:eb:2e:b1:97:8f:a3:f5:07:bf:2e:57:
                    ba:1c:65:74:3d:a6:27:79:d3:7a:63:35:98:f0:84:
                    41:a3:db:7a:cb:1b:1a:df:8b:43:89:8e:cf:ef:4f:
                    1d:3e:33:11:25:31:6e:7b:5f:59:c4:33:70:09:a5:
                    6a:f7:39:a8:5e:b4:cf:6d:d2:b8:a7:53:a2:c8:8c:
                    75:3c:14:1a:39:d5:e5:0b:56:ed:27:5a:62:cd:d4:
                    d9:49:a3:b3:cc:1d:72:35:fc:d4:6f:0e:c9:ae:89:
                    cf:f8:04:8c:9f:75:96:a0:9e:4f:01:74:db:02:84:
                    a4:55:47:65:38:3e:01:50:ea:dd:a8:a8:b7:f1:1c:
                    b9:09:e2:d1:3e:8c:29:18:bd:ee:52:96:57:d0:84:
                    c0:62:aa:83:33:62:c0:1e:25:fe:07:aa:e7:4f:39:
                    fa:42:27:d5:45:a6:5b:c4:29:1e:b3:66:82:3c:8e:
                    fc:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:BC:5F:D4:EF:32:94:2B:2E:A4:9E:F8:C0:93:3E:F7:2F:48:C4:7F
            X509v3 Authority Key Identifier:
                keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/mLxf1O8ylCsupJ74wJM-9y9IxH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d1c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:89:f7:83:c4:d2:7e:a0:ec:c8:be:75:50:42:4c:35:7d:0f:
         29:47:b1:35:55:bc:0a:68:ae:b1:51:d1:06:16:78:e6:b6:2c:
         dd:51:46:47:f5:99:a8:3f:92:8d:d9:e0:2c:36:31:0a:00:a6:
         bc:d9:96:4e:7b:7b:6d:75:fb:01:7c:0b:7a:0f:c7:58:48:9b:
         50:98:49:3e:ef:a1:71:26:f5:cf:37:4b:8f:aa:aa:f9:82:ef:
         f8:39:00:2b:43:cc:a1:66:9a:5d:f5:e4:16:85:b4:9b:30:35:
         ad:b3:bc:ee:3f:26:ff:69:00:40:7c:48:53:de:1e:13:76:64:
         72:bf:1e:92:3e:55:3f:2e:16:0b:c8:5d:d3:8d:5b:24:a9:da:
         ec:82:da:d0:70:b8:7a:7f:4d:41:46:b9:d2:2f:11:05:28:40:
         c6:ce:e6:54:a8:8f:a0:68:cc:37:87:53:b8:b0:fe:00:e1:6d:
         8d:16:6e:df:4d:d6:47:8d:d5:32:3e:5d:f0:2f:97:87:0d:de:
         09:89:75:e3:bf:46:cb:8d:2f:88:27:e4:5f:fc:fa:5c:a4:11:
         9b:5f:22:03:ba:ab:51:fc:0b:72:09:6a:74:aa:cc:a9:0f:f5:
         c5:16:f1:46:24:11:81:9a:75:d9:30:03:f5:13:ae:07:11:20:
         1b:c3:66:50
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6ldrk7c1dLrclc15GOzUNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjQwNDAzMTkzNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGJjNWZkNGVmMzI5NDJiMmVhNDllZjhjMDkzM2VmNzJmNDhjNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z3BKE7oo+EdYxo6GixQB0Kn4V2C
giVX6kFSn64n0+hnkbGjBAVs8/5y0dIgNA8D7s127OP6WjZExVGecf892ANN+yQ9
CZqNjl2ZhnR/6y6xl4+j9Qe/Lle6HGV0PaYnedN6YzWY8IRBo9t6yxsa34tDiY7P
708dPjMRJTFue19ZxDNwCaVq9zmoXrTPbdK4p1OiyIx1PBQaOdXlC1btJ1pizdTZ
SaOzzB1yNfzUbw7JronP+ASMn3WWoJ5PAXTbAoSkVUdlOD4BUOrdqKi38Ry5CeLR
PowpGL3uUpZX0ITAYqqDM2LAHiX+B6rnTzn6QifVRaZbxCkes2aCPI78NQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJi8X9TvMpQrLqSe+MCTPvcvSMR/MB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvbUx4ZjFPOHlsQ3N1cEo3NHdKTS05eTlJeEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbRwzAN
BgkqhkiG9w0BAQsFAAOCAQEAZIn3g8TSfqDsyL51UEJMNX0PKUexNVW8CmiusVHR
BhZ45rYs3VFGR/WZqD+SjdngLDYxCgCmvNmWTnt7bXX7AXwLeg/HWEibUJhJPu+h
cSb1zzdLj6qq+YLv+DkAK0PMoWaaXfXkFoW0mzA1rbO87j8m/2kAQHxIU94eE3Zk
cr8ekj5VPy4WC8hd041bJKna7ILa0HC4en9NQUa50i8RBShAxs7mVKiPoGjMN4dT
uLD+AOFtjRZu303WR43VMj5d8C+Xhw3eCYl1479Gy40viCfkX/z6XKQRm18iA7qr
UfwLcglqdKrMqQ/1xRbxRiQRgZp12TAD9ROuBxEgG8NmUA==
-----END CERTIFICATE-----