Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/AMcYfCunQwSKAABJ6hBmiE7K7qE.roa
File:                     AMcYfCunQwSKAABJ6hBmiE7K7qE.roa (raw, json)
Hash identifier:          Fc6ngBgPtvYtcjdYLoVrTGMD5cuVlcCeuRl1JycWwQM=
Subject key identifier:   00:C7:18:7C:2B:A7:43:04:8A:00:00:49:EA:10:66:88:4E:CA:EE:A1
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CFA5B0FAFF42659286D747E08E26B
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/AMcYfCunQwSKAABJ6hBmiE7K7qE.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        2a09:eac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fa:5b:0f:af:f4:26:59:28:6d:74:7e:08:e2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00c7187c2ba743048a000049ea1066884ecaeea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:91:7e:22:08:47:78:e9:f9:e1:f4:c9:42:c1:
                    78:aa:db:72:90:97:07:1f:02:86:89:be:94:ad:8c:
                    1e:3e:06:6c:9e:68:0b:f4:51:bf:fe:c4:a1:83:4d:
                    84:26:7d:32:22:01:05:77:96:dd:9b:9a:af:d5:ca:
                    6b:a5:af:48:6f:72:4e:50:b8:50:30:73:14:e8:45:
                    91:71:3b:b4:60:ac:05:06:91:bd:8e:92:3b:99:0c:
                    e7:85:3c:09:b8:36:9c:8d:85:6a:cb:6b:db:9f:d3:
                    c7:e6:01:6b:af:f3:91:99:1e:70:25:fa:a7:5d:26:
                    91:ba:d8:81:c0:77:2a:3b:72:61:b1:87:47:6e:eb:
                    77:c9:23:60:2d:24:8c:d7:45:f5:d4:d8:c2:87:b4:
                    e5:39:e0:46:1a:5c:e6:59:32:2f:37:79:6a:4e:85:
                    60:71:be:2e:d4:97:07:4d:98:a9:61:42:16:1c:6b:
                    56:5e:4b:07:03:78:ec:2d:0e:f2:9d:1a:56:9c:79:
                    d9:0a:54:0b:de:f6:59:71:15:f1:25:31:65:38:a9:
                    76:a1:77:67:3f:1d:34:a1:fb:af:91:7d:86:d8:27:
                    a3:af:93:3c:d3:9a:e8:03:7a:1c:77:0c:cf:6c:0d:
                    af:a9:51:de:43:0c:79:ef:81:4e:09:30:9a:95:16:
                    4b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:C7:18:7C:2B:A7:43:04:8A:00:00:49:EA:10:66:88:4E:CA:EE:A1
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/AMcYfCunQwSKAABJ6hBmiE7K7qE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:eac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:b4:e7:b9:d5:0a:eb:1f:d7:9c:7c:48:f8:7e:aa:e4:9f:0c:
         f4:13:c5:46:63:d8:ff:3a:6f:9c:5c:cb:17:8e:36:b8:69:b4:
         fb:07:c4:d6:17:b8:a9:e8:5a:28:70:3a:89:9a:ee:74:00:14:
         03:b3:90:72:7c:ff:49:81:32:0f:df:5d:e6:45:3a:7a:75:74:
         2b:d7:66:53:e8:d4:20:8a:b5:62:b6:e6:d5:a9:ea:3f:9d:3e:
         f9:b1:db:f8:75:f4:c9:3f:b0:4b:e3:3a:06:cf:49:e4:54:5a:
         e0:41:39:32:b2:b0:4b:27:e4:90:50:dc:53:2b:36:47:e6:2b:
         06:24:9c:af:b1:1a:71:3d:7b:30:64:6b:2a:27:cf:a5:38:9b:
         1e:8d:b8:b7:fe:c1:82:15:76:71:13:d6:5b:88:43:c8:a1:cd:
         7a:94:43:a6:20:a8:b2:d9:80:3d:c0:89:33:82:69:b2:90:0c:
         b0:c5:70:ee:43:11:02:c2:99:6c:11:14:2a:66:f2:2d:be:6f:
         be:10:04:69:80:47:d1:cc:03:6e:2b:74:da:3f:d5:d9:f3:07:
         62:0e:bf:57:5f:22:69:31:8c:e1:8e:e3:ad:7e:60:9d:a9:10:
         f2:24:e0:b4:09:07:f3:3d:12:76:b4:77:16:69:b2:da:6b:ab:
         0c:e1:c9:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbPpbD6/0JlkobXR+COJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGM3MTg3YzJiYTc0MzA0OGEwMDAwNDllYTEwNjY4ODRlY2FlZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJF+IghHeOn54fTJQsF4qttykJcH
HwKGib6UrYwePgZsnmgL9FG//sShg02EJn0yIgEFd5bdm5qv1cprpa9Ib3JOULhQ
MHMU6EWRcTu0YKwFBpG9jpI7mQznhTwJuDacjYVqy2vbn9PH5gFrr/ORmR5wJfqn
XSaRutiBwHcqO3JhsYdHbut3ySNgLSSM10X11NjCh7TlOeBGGlzmWTIvN3lqToVg
cb4u1JcHTZipYUIWHGtWXksHA3jsLQ7ynRpWnHnZClQL3vZZcRXxJTFlOKl2oXdn
Px00ofuvkX2G2Cejr5M805roA3ocdwzPbA2vqVHeQwx574FOCTCalRZLrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFADHGHwrp0MEigAASeoQZohOyu6hMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvQU1jWWZDdW5Rd1NLQUFCSjZoQm1pRTdLN3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgnqwDAN
BgkqhkiG9w0BAQsFAAOCAQEAXLTnudUK6x/XnHxI+H6q5J8M9BPFRmPY/zpvnFzL
F442uGm0+wfE1he4qehaKHA6iZrudAAUA7OQcnz/SYEyD99d5kU6enV0K9dmU+jU
IIq1Yrbm1anqP50++bHb+HX0yT+wS+M6Bs9J5FRa4EE5MrKwSyfkkFDcUys2R+Yr
BiScr7EacT17MGRrKifPpTibHo24t/7BghV2cRPWW4hDyKHNepRDpiCostmAPcCJ
M4JpspAMsMVw7kMRAsKZbBEUKmbyLb5vvhAEaYBH0cwDbit02j/V2fMHYg6/V18i
aTGM4Y7jrX5gnakQ8iTgtAkH8z0SdrR3Fmmy2murDOHJwA==
-----END CERTIFICATE-----