Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/9c928d-8326-42c5-8a71-73a3a40bdc30/1/SxdRDhh5LHh79FOeToDTni3b2Dk.roa
File:                     SxdRDhh5LHh79FOeToDTni3b2Dk.roa (raw, json)
Hash identifier:          StEaV1ZLZzt5rLPpjeDe0ls2Z6ngaL7FsM8WlWXXdUA=
Subject key identifier:   4B:17:51:0E:18:79:2C:78:7B:F4:53:9E:4E:80:D3:9E:2D:DB:D8:39
Certificate issuer:       /CN=7fe33668972dffb7ec8628ae8c3c26bede1cab9a
Certificate serial:       018EF78AB3B6C965E58A5C93E88B89EA80C8
Authority key identifier: 7F:E3:36:68:97:2D:FF:B7:EC:86:28:AE:8C:3C:26:BE:DE:1C:AB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-M2aJct_7fshiiujDwmvt4cq5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/9c928d-8326-42c5-8a71-73a3a40bdc30/1/SxdRDhh5LHh79FOeToDTni3b2Dk.roa
Signing time:             Fri 19 Apr 2024 18:07:26 +0000
ROA not before:           Fri 19 Apr 2024 18:07:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51465
IP address blocks:        2a06:51c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/9c928d-8326-42c5-8a71-73a3a40bdc30/1/f-M2aJct_7fshiiujDwmvt4cq5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/9c928d-8326-42c5-8a71-73a3a40bdc30/1/f-M2aJct_7fshiiujDwmvt4cq5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-M2aJct_7fshiiujDwmvt4cq5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:8a:b3:b6:c9:65:e5:8a:5c:93:e8:8b:89:ea:80:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fe33668972dffb7ec8628ae8c3c26bede1cab9a
        Validity
            Not Before: Apr 19 18:07:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b17510e18792c787bf4539e4e80d39e2ddbd839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:48:1c:8f:a1:cb:d3:71:83:c1:f8:28:14:
                    90:e5:b2:ef:ba:ee:ca:10:b9:25:c1:4f:de:9e:78:
                    c0:2e:8b:27:40:be:64:e9:12:58:85:1e:d1:7e:43:
                    d1:7b:39:57:6e:68:86:a7:67:ce:a8:b7:1a:f0:1c:
                    23:c6:eb:a9:8f:a1:a9:1b:79:21:0c:b9:13:8a:ff:
                    15:66:d1:57:c8:26:64:03:56:9e:14:2a:4d:05:30:
                    63:58:e0:1e:fc:38:1f:c4:7b:09:4b:0e:e9:2e:ca:
                    98:ad:26:06:c9:89:ae:45:55:83:1e:00:5f:59:8d:
                    79:03:7b:22:f8:6a:fc:59:9d:6f:11:19:85:64:2e:
                    17:7b:7e:fc:43:ce:82:8a:7a:90:ad:7c:2e:18:44:
                    8b:9c:06:15:6e:9b:e1:ee:4a:f0:6c:ab:7b:6c:8e:
                    22:92:89:c6:97:94:d8:a9:08:b1:90:a9:dc:dc:6c:
                    51:e7:98:29:94:b7:15:43:f0:02:16:aa:df:6a:71:
                    bf:7b:1b:8b:9e:bb:0e:bb:c8:6d:99:2d:ae:65:32:
                    a7:d5:4b:3e:73:d7:64:23:7c:1e:10:34:ee:c1:cb:
                    cb:a1:ba:fb:7f:20:83:45:00:0b:fd:7c:90:3a:ed:
                    e3:37:4a:3a:75:c0:54:1e:0b:52:68:c9:88:de:6d:
                    87:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:17:51:0E:18:79:2C:78:7B:F4:53:9E:4E:80:D3:9E:2D:DB:D8:39
            X509v3 Authority Key Identifier:
                keyid:7F:E3:36:68:97:2D:FF:B7:EC:86:28:AE:8C:3C:26:BE:DE:1C:AB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-M2aJct_7fshiiujDwmvt4cq5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9c928d-8326-42c5-8a71-73a3a40bdc30/1/SxdRDhh5LHh79FOeToDTni3b2Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9c928d-8326-42c5-8a71-73a3a40bdc30/1/f-M2aJct_7fshiiujDwmvt4cq5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:51c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:4f:c2:49:96:89:74:d2:b5:b5:2e:54:18:bc:0b:8c:64:26:
         8e:6e:38:f1:f8:be:c3:cc:07:4b:67:63:0a:85:eb:f3:a7:de:
         ac:03:5d:3b:8d:f6:8e:a7:b0:b5:0f:d4:6d:68:41:cd:89:ae:
         e4:48:f1:57:65:6b:4f:32:d8:37:26:e7:ce:0d:a4:60:8f:c4:
         81:03:db:2b:38:43:20:e4:94:53:9b:4a:09:74:80:8a:50:8b:
         c3:f9:73:23:24:2e:aa:97:d7:a2:db:b0:a1:01:11:dd:cc:84:
         a2:db:76:3f:32:b3:bb:c9:b4:7c:a8:18:0a:a5:5e:62:21:f1:
         d2:4a:d9:d9:1b:31:1a:eb:53:f7:be:74:d4:fa:7c:a7:d0:2a:
         0c:87:ae:68:79:1a:7a:02:2c:53:d1:13:9a:b1:6e:59:91:f4:
         1d:95:ba:8f:29:44:0a:8d:8d:8a:9a:78:1c:3d:b5:b4:88:de:
         9b:fc:1f:8f:f1:5a:6c:1a:49:5a:f8:fe:43:02:d4:c2:67:e7:
         51:56:7a:15:b4:48:2b:c5:c3:47:2e:51:e2:4e:ff:f9:a4:e3:
         41:5a:a4:89:7a:ce:63:e7:d1:66:4f:e8:cc:37:64:94:04:da:
         7c:0d:8c:e8:82:68:38:9b:24:10:21:79:50:05:ff:53:ee:6b:
         58:12:3d:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY73irO2yWXlilyT6IuJ6oDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmZTMzNjY4OTcyZGZmYjdlYzg2MjhhZThjM2MyNmJlZGUx
Y2FiOWEwHhcNMjQwNDE5MTgwNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE3NTEwZTE4NzkyYzc4N2JmNDUzOWU0ZTgwZDM5ZTJkZGJkODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL1IHI+hy9Nxg8H4KBSQ5bLvuu7K
ELklwU/ennjALosnQL5k6RJYhR7RfkPRezlXbmiGp2fOqLca8Bwjxuupj6GpG3kh
DLkTiv8VZtFXyCZkA1aeFCpNBTBjWOAe/DgfxHsJSw7pLsqYrSYGyYmuRVWDHgBf
WY15A3si+Gr8WZ1vERmFZC4Xe378Q86CinqQrXwuGESLnAYVbpvh7krwbKt7bI4i
konGl5TYqQixkKnc3GxR55gplLcVQ/ACFqrfanG/exuLnrsOu8htmS2uZTKn1Us+
c9dkI3weEDTuwcvLobr7fyCDRQAL/XyQOu3jN0o6dcBUHgtSaMmI3m2H2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEsXUQ4YeSx4e/RTnk6A054t29g5MB8GA1UdIwQY
MBaAFH/jNmiXLf+37IYorow8Jr7eHKuaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZi1NMmFKY3RfN2ZzaGlpdWpEd212dDRjcTVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85YzkyOGQtODMyNi00MmM1LThhNzEt
NzNhM2E0MGJkYzMwLzEvU3hkUkRoaDVMSGg3OUZPZVRvRFRuaTNiMkRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85YzkyOGQtODMyNi00MmM1LThhNzEtNzNhM2E0MGJkYzMw
LzEvZi1NMmFKY3RfN2ZzaGlpdWpEd212dDRjcTVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgZRwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQApT8JJlol00rW1LlQYvAuMZCaObjjx+L7DzAdL
Z2MKhevzp96sA107jfaOp7C1D9RtaEHNia7kSPFXZWtPMtg3JufODaRgj8SBA9sr
OEMg5JRTm0oJdICKUIvD+XMjJC6ql9ei27ChARHdzISi23Y/MrO7ybR8qBgKpV5i
IfHSStnZGzEa61P3vnTU+nyn0CoMh65oeRp6AixT0ROasW5ZkfQdlbqPKUQKjY2K
mngcPbW0iN6b/B+P8VpsGkla+P5DAtTCZ+dRVnoVtEgrxcNHLlHiTv/5pONBWqSJ
es5j59FmT+jMN2SUBNp8DYzogmg4myQQIXlQBf9T7mtYEj0/
-----END CERTIFICATE-----