Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/6i-gCTfh4vtsKMo1IvyIRcsRj9c.roa
File:                     6i-gCTfh4vtsKMo1IvyIRcsRj9c.roa (raw, json)
Hash identifier:          gssQaLLoZQkf1ty2JKT25CluwKKM0iLscYDWQ20x+rM=
Subject key identifier:   EA:2F:A0:09:37:E1:E2:FB:6C:28:CA:35:22:FC:88:45:CB:11:8F:D7
Certificate issuer:       /CN=45b5004ec3cf5c1a755185d6f40683c646cc94ec
Certificate serial:       018CC9BBC5850E80FE9FD11493D2EF64778C
Authority key identifier: 45:B5:00:4E:C3:CF:5C:1A:75:51:85:D6:F4:06:83:C6:46:CC:94:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbUATsPPXBp1UYXW9AaDxkbMlOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/6i-gCTfh4vtsKMo1IvyIRcsRj9c.roa
Signing time:             Tue 02 Jan 2024 10:32:55 +0000
ROA not before:           Tue 02 Jan 2024 10:32:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200494
IP address blocks:        2a13:5dc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/RbUATsPPXBp1UYXW9AaDxkbMlOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/RbUATsPPXBp1UYXW9AaDxkbMlOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RbUATsPPXBp1UYXW9AaDxkbMlOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c5:85:0e:80:fe:9f:d1:14:93:d2:ef:64:77:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45b5004ec3cf5c1a755185d6f40683c646cc94ec
        Validity
            Not Before: Jan  2 10:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea2fa00937e1e2fb6c28ca3522fc8845cb118fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:07:0b:dc:a0:7d:7a:67:df:53:ba:7c:26:5a:
                    b5:f9:89:de:38:0e:53:ba:9e:a1:82:23:31:33:62:
                    5f:1c:18:80:cc:41:53:09:2c:e7:bf:6b:6d:28:e2:
                    79:9a:ec:42:68:ae:ef:5c:7f:c8:a9:d1:de:60:07:
                    86:a3:26:52:5b:62:b2:e0:0b:3c:17:a4:d7:8e:62:
                    16:f7:59:26:3b:7c:4a:8f:35:f4:7c:1d:f9:18:d1:
                    34:30:52:24:5d:7e:cc:55:32:5b:80:8a:1e:0f:9c:
                    8a:7c:40:a4:50:bd:60:13:ee:2b:26:05:6f:dd:a7:
                    c0:9f:8f:77:a5:1a:8c:47:01:60:2a:c5:78:f0:fe:
                    aa:01:4d:49:6e:db:4a:9a:c2:cc:6f:30:8f:04:21:
                    15:bc:1c:a0:5f:fb:6b:7d:c2:72:c7:15:f5:20:88:
                    59:f7:ba:32:cf:00:1f:fc:84:d4:87:69:c0:65:01:
                    85:5b:a0:49:52:c7:62:75:00:c6:b8:25:f9:5b:6d:
                    77:f3:82:de:26:3f:bc:aa:0e:4d:66:5b:b1:10:c0:
                    de:af:60:d7:5c:1f:23:45:21:ab:b8:2b:e6:29:6c:
                    23:31:b0:a4:ef:6f:70:3c:3b:1f:b9:39:46:40:a6:
                    c3:98:78:8d:94:69:f9:e6:de:4d:87:17:6a:bd:1c:
                    82:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2F:A0:09:37:E1:E2:FB:6C:28:CA:35:22:FC:88:45:CB:11:8F:D7
            X509v3 Authority Key Identifier:
                keyid:45:B5:00:4E:C3:CF:5C:1A:75:51:85:D6:F4:06:83:C6:46:CC:94:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbUATsPPXBp1UYXW9AaDxkbMlOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/6i-gCTfh4vtsKMo1IvyIRcsRj9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c5e52a-8023-47ac-b27a-4aebefac49b1/1/RbUATsPPXBp1UYXW9AaDxkbMlOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:8f:ee:11:ba:2c:d7:d1:80:0a:af:fd:6d:f3:12:84:8f:88:
         c2:6f:0c:ca:ff:aa:85:2a:be:22:63:99:4f:ae:cc:55:85:86:
         df:cf:09:f8:4f:e1:89:60:a1:ea:9b:91:67:6b:46:40:34:cc:
         2c:bc:61:5b:ca:8c:bd:f1:2f:fe:48:1d:1c:57:38:98:1e:54:
         1b:5a:b7:a8:d8:fc:2e:6b:b8:f4:03:9e:11:1f:6e:11:d2:13:
         62:a0:dd:3e:af:57:f5:54:00:28:2e:b6:44:8a:37:c1:29:1e:
         ca:fb:6c:f9:3f:d3:cc:a2:fe:67:18:21:d6:84:ab:ad:76:cd:
         ea:a0:99:f1:c3:55:04:9d:1e:f8:a0:6b:87:f1:84:10:4f:76:
         c9:40:de:a0:71:16:91:4a:71:2f:1e:2b:d5:33:3d:50:40:75:
         76:fb:37:3f:b2:9f:fe:87:90:1b:68:fc:f4:86:00:5a:67:8c:
         f3:34:cc:0b:56:7c:22:e9:58:e0:92:8e:c6:70:26:2b:81:c9:
         3d:2c:a4:4b:e8:55:23:31:e3:9d:a2:da:dd:ab:e6:3c:60:da:
         b1:12:db:3c:b6:df:c6:3e:6c:4d:48:5c:98:df:c9:d5:71:30:
         c6:b9:85:d5:fd:99:e5:61:77:79:a4:da:52:a7:7b:fe:4b:80:
         5b:b1:d7:23
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu8WFDoD+n9EUk9LvZHeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YjUwMDRlYzNjZjVjMWE3NTUxODVkNmY0MDY4M2M2NDZj
Yzk0ZWMwHhcNMjQwMTAyMTAzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTJmYTAwOTM3ZTFlMmZiNmMyOGNhMzUyMmZjODg0NWNiMTE4ZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQcL3KB9emffU7p8Jlq1+YneOA5T
up6hgiMxM2JfHBiAzEFTCSznv2ttKOJ5muxCaK7vXH/IqdHeYAeGoyZSW2Ky4As8
F6TXjmIW91kmO3xKjzX0fB35GNE0MFIkXX7MVTJbgIoeD5yKfECkUL1gE+4rJgVv
3afAn493pRqMRwFgKsV48P6qAU1JbttKmsLMbzCPBCEVvBygX/trfcJyxxX1IIhZ
97oyzwAf/ITUh2nAZQGFW6BJUsdidQDGuCX5W21384LeJj+8qg5NZluxEMDer2DX
XB8jRSGruCvmKWwjMbCk729wPDsfuTlGQKbDmHiNlGn55t5NhxdqvRyCdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOovoAk34eL7bCjKNSL8iEXLEY/XMB8GA1UdIwQY
MBaAFEW1AE7Dz1wadVGF1vQGg8ZGzJTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJVQVRzUFBYQnAxVVlYVzlBYUR4a2JNbE93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jNWU1MmEtODAyMy00N2FjLWIyN2Et
NGFlYmVmYWM0OWIxLzEvNmktZ0NUZmg0dnRzS01vMUl2eUlSY3NSajljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jNWU1MmEtODAyMy00N2FjLWIyN2EtNGFlYmVmYWM0OWIx
LzEvUmJVQVRzUFBYQnAxVVlYVzlBYUR4a2JNbE93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNdwDAN
BgkqhkiG9w0BAQsFAAOCAQEAwI/uEbos19GACq/9bfMShI+Iwm8Myv+qhSq+ImOZ
T67MVYWG388J+E/hiWCh6puRZ2tGQDTMLLxhW8qMvfEv/kgdHFc4mB5UG1q3qNj8
Lmu49AOeER9uEdITYqDdPq9X9VQAKC62RIo3wSkeyvts+T/TzKL+Zxgh1oSrrXbN
6qCZ8cNVBJ0e+KBrh/GEEE92yUDeoHEWkUpxLx4r1TM9UEB1dvs3P7Kf/oeQG2j8
9IYAWmeM8zTMC1Z8IulY4JKOxnAmK4HJPSykS+hVIzHjnaLa3avmPGDasRLbPLbf
xj5sTUhcmN/J1XEwxrmF1f2Z5WF3eaTaUqd7/kuAW7HXIw==
-----END CERTIFICATE-----