Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/X2q9U_e6J65en6p1Nj0b08ctrWo.roa
File:                     X2q9U_e6J65en6p1Nj0b08ctrWo.roa (raw, json)
Hash identifier:          Kp+hZgAx6+Vey/LPZXpYvKb6X+K85gGvpE5trg6VLjk=
Subject key identifier:   5F:6A:BD:53:F7:BA:27:AE:5E:9F:AA:75:36:3D:1B:D3:C7:2D:AD:6A
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC79423C8EF81C4614156635908F9629B
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/X2q9U_e6J65en6p1Nj0b08ctrWo.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47583
IP address blocks:        2a00:1eb8:c006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:23:c8:ef:81:c4:61:41:56:63:59:08:f9:62:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f6abd53f7ba27ae5e9faa75363d1bd3c72dad6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:91:b7:6e:c7:d4:c5:ee:65:aa:6e:57:06:cd:
                    cf:1d:8e:2e:7e:20:a8:58:6d:f6:41:25:73:4f:c8:
                    92:71:be:18:cc:97:65:83:5d:3a:77:36:c9:3e:07:
                    83:fa:08:09:05:ca:64:85:14:d4:64:3e:cb:0c:c7:
                    17:8c:f4:0c:6b:b6:89:ca:66:3c:a8:3d:89:b5:07:
                    63:a5:80:b5:5b:ce:c7:1c:69:7e:9a:98:5d:ca:f6:
                    be:7c:9b:35:4a:2b:33:8f:15:e6:b8:8a:d2:9c:d1:
                    df:6a:84:7d:42:ba:c2:1b:59:ee:3a:a2:d7:a0:26:
                    db:73:2f:1d:05:c6:eb:5a:ea:18:60:f5:a5:12:f1:
                    cf:36:55:90:07:8f:f4:8d:2f:bc:56:10:d5:00:82:
                    0a:2d:aa:0b:ff:cd:06:fa:b5:67:04:6a:3b:5a:bd:
                    de:70:fe:e7:25:dd:36:47:81:70:78:ed:0e:be:97:
                    4c:de:78:ad:d2:85:74:74:ae:9c:df:75:9c:89:ae:
                    d3:30:ea:b0:29:2c:f0:0b:a3:a7:23:4a:c7:73:dd:
                    e0:ab:38:02:66:a5:06:cd:53:91:0a:65:fc:89:b5:
                    8f:23:fc:da:a5:02:0f:16:05:3f:3b:82:7a:ee:1d:
                    df:db:71:bd:74:74:f3:c5:1e:d5:94:89:09:72:ae:
                    26:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6A:BD:53:F7:BA:27:AE:5E:9F:AA:75:36:3D:1B:D3:C7:2D:AD:6A
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/X2q9U_e6J65en6p1Nj0b08ctrWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1eb8:c006::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:94:c8:08:30:68:62:cf:14:b6:cb:53:50:e4:3b:c0:33:96:
         f6:de:11:3a:a9:d0:1a:20:83:14:d3:46:93:49:19:d8:07:d7:
         16:1e:f0:fe:f0:1c:85:c3:b9:1a:89:5d:67:f1:56:42:39:0c:
         28:73:0c:d7:da:bb:b7:2b:75:d5:81:c2:d3:21:71:be:b3:b4:
         a6:8a:95:68:2a:af:9b:bc:07:a8:f2:f5:25:d3:39:dd:6d:41:
         2e:48:a9:1e:01:68:3f:89:44:23:5d:06:da:d0:f7:9d:27:01:
         f0:3b:a1:1a:32:61:df:19:ab:0c:2f:6c:4b:dd:11:3f:d2:89:
         cc:36:a5:8b:e8:f0:ef:cc:61:8c:6d:11:4b:32:fe:af:5f:2a:
         eb:cf:42:15:3c:1e:df:b6:12:6c:36:8b:75:15:fe:5a:1d:ed:
         e4:e5:30:05:9f:b1:ac:be:91:77:49:be:1c:9c:c6:78:93:7b:
         12:7c:49:4c:8d:a9:3a:77:ab:52:a2:d3:31:03:7d:0f:95:a1:
         32:87:05:31:e2:c1:ed:34:59:c5:e0:f4:b9:00:d9:aa:93:bc:
         70:5e:1e:70:c4:6b:48:0c:5d:a2:40:81:76:ac:88:91:ff:a3:
         8c:46:4d:4f:fe:57:3d:6e:0b:04:7e:99:a3:ba:13:23:66:05:
         90:86:1e:a6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzHlCPI74HEYUFWY1kI+WKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjZhYmQ1M2Y3YmEyN2FlNWU5ZmFhNzUzNjNkMWJkM2M3MmRhZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZG3bsfUxe5lqm5XBs3PHY4ufiCo
WG32QSVzT8iScb4YzJdlg106dzbJPgeD+ggJBcpkhRTUZD7LDMcXjPQMa7aJymY8
qD2JtQdjpYC1W87HHGl+mphdyva+fJs1SiszjxXmuIrSnNHfaoR9QrrCG1nuOqLX
oCbbcy8dBcbrWuoYYPWlEvHPNlWQB4/0jS+8VhDVAIIKLaoL/80G+rVnBGo7Wr3e
cP7nJd02R4FweO0OvpdM3nit0oV0dK6c33Wcia7TMOqwKSzwC6OnI0rHc93gqzgC
ZqUGzVORCmX8ibWPI/zapQIPFgU/O4J67h3f23G9dHTzxR7VlIkJcq4mNQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFF9qvVP3uieuXp+qdTY9G9PHLa1qMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL1gycTlVX2U2SjY1ZW42cDFOajBiMDhjdHJXby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAB64
wAYwDQYJKoZIhvcNAQELBQADggEBAJCUyAgwaGLPFLbLU1DkO8AzlvbeETqp0Bog
gxTTRpNJGdgH1xYe8P7wHIXDuRqJXWfxVkI5DChzDNfau7crddWBwtMhcb6ztKaK
lWgqr5u8B6jy9SXTOd1tQS5IqR4BaD+JRCNdBtrQ950nAfA7oRoyYd8ZqwwvbEvd
ET/Sicw2pYvo8O/MYYxtEUsy/q9fKuvPQhU8Ht+2Emw2i3UV/lod7eTlMAWfsay+
kXdJvhycxniTexJ8SUyNqTp3q1Ki0zEDfQ+VoTKHBTHiwe00WcXg9LkA2aqTvHBe
HnDEa0gMXaJAgXasiJH/o4xGTU/+Vz1uCwR+maO6EyNmBZCGHqY=
-----END CERTIFICATE-----