Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/3f6640-5d82-4ac6-9389-6ff1d427d971/1/r_6huD8lp70EPusIdPa1OtcJCE8.roa
File:                     r_6huD8lp70EPusIdPa1OtcJCE8.roa (raw, json)
Hash identifier:          q9sKTxFChwA4IulRtLkiuJHa06eKYlgkiYK13vt9oZU=
Subject key identifier:   AF:FE:A1:B8:3F:25:A7:BD:04:3E:EB:08:74:F6:B5:3A:D7:09:08:4F
Certificate issuer:       /CN=c5bd7854aa050fd6e550fc7cd02b558730bfbb7a
Certificate serial:       018E0E7A858D15D5864F8F9977B0C504ECE2
Authority key identifier: C5:BD:78:54:AA:05:0F:D6:E5:50:FC:7C:D0:2B:55:87:30:BF:BB:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xb14VKoFD9blUPx80CtVhzC_u3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/3f6640-5d82-4ac6-9389-6ff1d427d971/1/r_6huD8lp70EPusIdPa1OtcJCE8.roa
Signing time:             Tue 05 Mar 2024 11:58:14 +0000
ROA not before:           Tue 05 Mar 2024 11:58:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41111
IP address blocks:        2a0b:cd41::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/3f6640-5d82-4ac6-9389-6ff1d427d971/1/xb14VKoFD9blUPx80CtVhzC_u3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/3f6640-5d82-4ac6-9389-6ff1d427d971/1/xb14VKoFD9blUPx80CtVhzC_u3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xb14VKoFD9blUPx80CtVhzC_u3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:7a:85:8d:15:d5:86:4f:8f:99:77:b0:c5:04:ec:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5bd7854aa050fd6e550fc7cd02b558730bfbb7a
        Validity
            Not Before: Mar  5 11:58:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=affea1b83f25a7bd043eeb0874f6b53ad709084f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:ff:70:4b:55:97:78:53:40:da:a5:d1:df:d3:
                    9e:8e:fb:52:84:d3:b0:14:44:b5:19:ec:fd:9e:21:
                    be:5c:2b:e6:d4:67:c8:75:ec:15:75:35:3f:17:30:
                    5b:bb:35:96:1e:54:31:53:77:1e:17:0c:52:d2:91:
                    17:1b:21:ad:83:d3:5b:d6:5b:6d:1a:7b:ab:0b:73:
                    0c:04:ad:61:35:0c:6e:50:49:db:4b:10:76:9a:8f:
                    20:f1:4d:eb:e4:0b:44:76:69:7a:9b:a8:9b:94:c3:
                    14:ee:27:21:0c:53:b0:d0:fc:c4:88:54:92:60:01:
                    d0:a0:4d:46:ae:e7:12:82:30:22:59:e0:e2:d9:d4:
                    12:4d:d9:e4:75:1c:a1:5c:71:a9:5a:ec:e2:c1:8f:
                    20:9f:02:bc:9d:71:77:1e:fa:ff:bd:f0:44:b6:a3:
                    ee:a8:f7:f4:f0:40:8c:db:6c:af:f9:c1:72:2d:28:
                    13:27:88:c1:b0:06:86:0e:78:68:8c:0e:5c:9b:e2:
                    c1:c8:c7:df:50:a1:13:69:44:4e:bb:7c:77:12:89:
                    ba:b6:01:95:ae:7d:6e:21:0b:fb:f0:d4:c1:2c:db:
                    3e:84:7a:5b:44:c2:d9:9d:a4:f3:af:5e:17:a1:48:
                    3b:dc:5f:bc:8e:78:db:f6:7d:37:4f:28:8e:93:ef:
                    a7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FE:A1:B8:3F:25:A7:BD:04:3E:EB:08:74:F6:B5:3A:D7:09:08:4F
            X509v3 Authority Key Identifier:
                keyid:C5:BD:78:54:AA:05:0F:D6:E5:50:FC:7C:D0:2B:55:87:30:BF:BB:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xb14VKoFD9blUPx80CtVhzC_u3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/3f6640-5d82-4ac6-9389-6ff1d427d971/1/r_6huD8lp70EPusIdPa1OtcJCE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/3f6640-5d82-4ac6-9389-6ff1d427d971/1/xb14VKoFD9blUPx80CtVhzC_u3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:cd41::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:28:a8:3b:6b:96:6c:5f:df:82:68:0a:cd:0a:fa:2f:c5:87:
         cd:8d:88:85:6d:4c:ea:cf:96:06:40:46:72:8c:dd:57:83:8f:
         aa:9c:7c:10:25:ae:92:95:d3:3c:e4:df:bf:62:50:a3:a1:36:
         21:9b:5d:8f:6d:d7:a2:99:93:56:a8:a0:35:48:46:fc:11:1d:
         48:a4:4a:ea:f3:e2:a8:0f:26:44:29:7a:02:c0:d2:cc:99:23:
         7f:84:41:19:bc:10:3f:09:18:95:86:a6:9d:be:3e:1e:7b:c1:
         d5:b9:13:cd:22:08:20:04:d4:ea:df:53:23:fa:a1:c7:7c:0a:
         b6:09:ea:2e:25:8c:49:21:79:4d:22:37:9c:12:f8:21:82:83:
         a6:3d:b7:45:dc:6a:8b:91:c9:dd:fc:b7:af:9e:93:78:fb:4f:
         e3:8e:04:89:7c:f9:3f:6f:88:e0:75:61:b2:dd:b7:b5:e6:f5:
         90:15:df:a2:ee:e1:fe:6f:54:db:d3:e9:7f:83:15:cc:8e:63:
         c8:f7:c8:bf:51:d2:f6:56:ff:9a:6c:de:62:0a:cf:31:5f:88:
         73:62:cb:4f:f6:02:ee:80:50:26:72:8d:4a:7b:2a:ba:d6:2c:
         6d:51:b0:fb:f9:e2:54:9a:94:2b:2b:5d:59:b7:04:9b:2d:88:
         03:64:ca:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4OeoWNFdWGT4+Zd7DFBOziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YmQ3ODU0YWEwNTBmZDZlNTUwZmM3Y2QwMmI1NTg3MzBi
ZmJiN2EwHhcNMjQwMzA1MTE1ODE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZlYTFiODNmMjVhN2JkMDQzZWViMDg3NGY2YjUzYWQ3MDkwODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7P9wS1WXeFNA2qXR39OejvtShNOw
FES1Gez9niG+XCvm1GfIdewVdTU/FzBbuzWWHlQxU3ceFwxS0pEXGyGtg9Nb1ltt
GnurC3MMBK1hNQxuUEnbSxB2mo8g8U3r5AtEdml6m6iblMMU7ichDFOw0PzEiFSS
YAHQoE1GrucSgjAiWeDi2dQSTdnkdRyhXHGpWuziwY8gnwK8nXF3Hvr/vfBEtqPu
qPf08ECM22yv+cFyLSgTJ4jBsAaGDnhojA5cm+LByMffUKETaUROu3x3Eom6tgGV
rn1uIQv78NTBLNs+hHpbRMLZnaTzr14XoUg73F+8jnjb9n03TyiOk++nXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK/+obg/Jae9BD7rCHT2tTrXCQhPMB8GA1UdIwQY
MBaAFMW9eFSqBQ/W5VD8fNArVYcwv7t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGIxNFZLb0ZEOWJsVVB4ODBDdFZoekNfdTNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zZjY2NDAtNWQ4Mi00YWM2LTkzODkt
NmZmMWQ0MjdkOTcxLzEvcl82aHVEOGxwNzBFUHVzSWRQYTFPdGNKQ0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zZjY2NDAtNWQ4Mi00YWM2LTkzODktNmZmMWQ0MjdkOTcx
LzEveGIxNFZLb0ZEOWJsVVB4ODBDdFZoekNfdTNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvNQTAN
BgkqhkiG9w0BAQsFAAOCAQEAgSioO2uWbF/fgmgKzQr6L8WHzY2IhW1M6s+WBkBG
cozdV4OPqpx8ECWukpXTPOTfv2JQo6E2IZtdj23XopmTVqigNUhG/BEdSKRK6vPi
qA8mRCl6AsDSzJkjf4RBGbwQPwkYlYamnb4+HnvB1bkTzSIIIATU6t9TI/qhx3wK
tgnqLiWMSSF5TSI3nBL4IYKDpj23Rdxqi5HJ3fy3r56TePtP444EiXz5P2+I4HVh
st23teb1kBXfou7h/m9U29Ppf4MVzI5jyPfIv1HS9lb/mmzeYgrPMV+Ic2LLT/YC
7oBQJnKNSnsqutYsbVGw+/niVJqUKytdWbcEmy2IA2TKZA==
-----END CERTIFICATE-----