Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/XGVz_aUFjO2Zl5dSX8HvQ5PMp_o.roa
File:                     XGVz_aUFjO2Zl5dSX8HvQ5PMp_o.roa (raw, json)
Hash identifier:          OUg5KJ2qZpcIHvGZ9z9kLqkG28wmtcJSqgxf8+kKdOc=
Subject key identifier:   5C:65:73:FD:A5:05:8C:ED:99:97:97:52:5F:C1:EF:43:93:CC:A7:FA
Certificate issuer:       /CN=665e4d7ea8a3470c9703ee7551481c36f774febb
Certificate serial:       018F0CCB6A3E8F24D0E02CB45E0FDEF1D166
Authority key identifier: 66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/XGVz_aUFjO2Zl5dSX8HvQ5PMp_o.roa
Signing time:             Tue 23 Apr 2024 21:10:08 +0000
ROA not before:           Tue 23 Apr 2024 21:10:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215338
IP address blocks:        2a0e:6a87::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:cb:6a:3e:8f:24:d0:e0:2c:b4:5e:0f:de:f1:d1:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665e4d7ea8a3470c9703ee7551481c36f774febb
        Validity
            Not Before: Apr 23 21:10:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c6573fda5058ced999797525fc1ef4393cca7fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:26:21:a1:f9:ce:b6:2a:38:b8:06:87:d4:2f:
                    d1:f8:c0:ba:7d:09:37:4e:4d:ca:e4:f1:cb:03:aa:
                    77:12:1d:02:6f:19:07:26:a7:83:60:33:f9:6b:0b:
                    d8:72:a7:6a:5c:1f:46:79:b4:f5:85:1f:6d:8c:29:
                    b4:66:a1:e2:c9:31:5e:56:84:bb:d1:63:ab:ee:65:
                    50:af:47:77:08:17:76:23:1f:bd:57:3b:34:6e:ae:
                    ab:b1:80:af:ee:84:f5:33:1d:fb:16:58:5d:78:e0:
                    13:14:fb:4d:f0:fc:1b:4d:c8:d2:21:19:40:b5:2e:
                    38:c2:99:ba:99:ea:1f:21:cd:dd:4e:32:3a:3a:d4:
                    44:77:7d:88:da:14:82:bc:80:5e:1d:d5:f6:3a:f1:
                    39:f4:75:9c:d8:13:ab:1b:fb:11:c0:59:28:51:04:
                    01:6c:05:ca:f4:48:c9:1f:ea:dc:94:52:08:f6:0d:
                    ed:94:69:04:26:1b:50:68:12:a8:ee:2b:c1:67:13:
                    fd:e8:1b:e4:cd:2c:aa:9b:65:af:10:72:41:c3:ba:
                    5c:32:fd:9d:81:d5:da:1b:d0:8b:47:75:47:a0:fe:
                    d7:6e:7e:6b:d5:94:b8:eb:48:5e:65:41:03:8a:9a:
                    2b:fc:85:8a:fa:2d:4c:4a:db:41:fa:91:3f:75:87:
                    02:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:65:73:FD:A5:05:8C:ED:99:97:97:52:5F:C1:EF:43:93:CC:A7:FA
            X509v3 Authority Key Identifier:
                keyid:66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/XGVz_aUFjO2Zl5dSX8HvQ5PMp_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6a87::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:23:04:f0:21:79:17:ec:b0:dd:5f:b7:f8:3f:a8:f6:23:dc:
         22:bd:d3:a0:85:5f:ba:1c:ea:41:4f:df:40:a1:85:49:72:74:
         02:c5:37:20:ce:70:8f:aa:dd:cc:42:9e:4a:de:25:c8:13:ea:
         f9:1e:1f:7f:a4:15:00:5a:e9:aa:e4:06:84:95:8b:f1:d2:46:
         92:72:57:e0:9e:09:67:2e:87:ec:a1:c1:5d:50:bb:6a:e9:4c:
         4a:96:a5:10:d4:6d:18:f5:35:bb:14:8d:be:8f:fc:b2:f3:b4:
         40:e7:93:0e:75:b4:78:22:d7:e5:2e:4c:3e:44:02:cc:7d:24:
         c4:d8:53:28:20:09:b6:68:3b:ba:12:2c:71:fb:64:0b:d7:ba:
         d8:d0:38:03:78:d4:82:13:5f:31:b2:68:bb:3a:b9:cc:e4:2a:
         ec:8d:6c:76:44:04:b5:60:f3:41:6f:5e:42:08:c8:cd:1d:e5:
         69:ba:70:95:b3:f5:5d:19:69:ed:71:b3:97:d3:6c:b8:a0:ed:
         cc:2f:8d:93:1e:83:b0:88:65:74:78:8b:3c:f8:94:07:32:c7:
         dc:53:41:e5:54:28:f6:a9:22:e0:4b:c6:ee:19:c4:bf:44:de:
         72:da:b1:f3:db:60:cf:a8:3e:2b:1b:7f:81:58:82:9f:be:ed:
         fd:b1:4b:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8My2o+jyTQ4Cy0Xg/e8dFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWU0ZDdlYThhMzQ3MGM5NzAzZWU3NTUxNDgxYzM2Zjc3
NGZlYmIwHhcNMjQwNDIzMjExMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzY1NzNmZGE1MDU4Y2VkOTk5Nzk3NTI1ZmMxZWY0MzkzY2NhN2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiYhofnOtio4uAaH1C/R+MC6fQk3
Tk3K5PHLA6p3Eh0CbxkHJqeDYDP5awvYcqdqXB9GebT1hR9tjCm0ZqHiyTFeVoS7
0WOr7mVQr0d3CBd2Ix+9Vzs0bq6rsYCv7oT1Mx37FlhdeOATFPtN8PwbTcjSIRlA
tS44wpm6meofIc3dTjI6OtREd32I2hSCvIBeHdX2OvE59HWc2BOrG/sRwFkoUQQB
bAXK9EjJH+rclFII9g3tlGkEJhtQaBKo7ivBZxP96BvkzSyqm2WvEHJBw7pcMv2d
gdXaG9CLR3VHoP7Xbn5r1ZS460heZUEDipor/IWK+i1MSttB+pE/dYcCqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFxlc/2lBYztmZeXUl/B70OTzKf6MB8GA1UdIwQY
MBaAFGZeTX6oo0cMlwPudVFIHDb3dP67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmIt
MTYyZWQ2MjRlMjgyLzEvWEdWel9hVUZqTzJabDVkU1g4SHZRNVBNcF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmItMTYyZWQ2MjRlMjgy
LzEvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5qhzAN
BgkqhkiG9w0BAQsFAAOCAQEAWiME8CF5F+yw3V+3+D+o9iPcIr3ToIVfuhzqQU/f
QKGFSXJ0AsU3IM5wj6rdzEKeSt4lyBPq+R4ff6QVAFrpquQGhJWL8dJGknJX4J4J
Zy6H7KHBXVC7aulMSpalENRtGPU1uxSNvo/8svO0QOeTDnW0eCLX5S5MPkQCzH0k
xNhTKCAJtmg7uhIscftkC9e62NA4A3jUghNfMbJouzq5zOQq7I1sdkQEtWDzQW9e
QgjIzR3labpwlbP1XRlp7XGzl9NsuKDtzC+Nkx6DsIhldHiLPPiUBzLH3FNB5VQo
9qki4EvG7hnEv0Tectqx89tgz6g+Kxt/gViCn77t/bFLyw==
-----END CERTIFICATE-----