Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/934ec3-b76a-40d0-8a3a-824729ab4b9a/1/XsJ7zZl6_pdVnaU_g_P2XtGKkTM.roa
File:                     XsJ7zZl6_pdVnaU_g_P2XtGKkTM.roa (raw, json)
Hash identifier:          E5+hCCeeA6UCC+sw93YEyD8jP0Lp9lmyYz9eDkxjv0U=
Subject key identifier:   5E:C2:7B:CD:99:7A:FE:97:55:9D:A5:3F:83:F3:F6:5E:D1:8A:91:33
Certificate issuer:       /CN=12133a6523e2ed0a0c9a36ea8a7c6f0e72a5dd64
Certificate serial:       018CC94D9302450C50C4BEDA0EC6B224ED8E
Authority key identifier: 12:13:3A:65:23:E2:ED:0A:0C:9A:36:EA:8A:7C:6F:0E:72:A5:DD:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhM6ZSPi7QoMmjbqinxvDnKl3WQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/934ec3-b76a-40d0-8a3a-824729ab4b9a/1/XsJ7zZl6_pdVnaU_g_P2XtGKkTM.roa
Signing time:             Tue 02 Jan 2024 08:32:33 +0000
ROA not before:           Tue 02 Jan 2024 08:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47254
IP address blocks:        2a02:d1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/934ec3-b76a-40d0-8a3a-824729ab4b9a/1/EhM6ZSPi7QoMmjbqinxvDnKl3WQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/934ec3-b76a-40d0-8a3a-824729ab4b9a/1/EhM6ZSPi7QoMmjbqinxvDnKl3WQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhM6ZSPi7QoMmjbqinxvDnKl3WQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:93:02:45:0c:50:c4:be:da:0e:c6:b2:24:ed:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12133a6523e2ed0a0c9a36ea8a7c6f0e72a5dd64
        Validity
            Not Before: Jan  2 08:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ec27bcd997afe97559da53f83f3f65ed18a9133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:51:2b:5b:fd:4f:43:ca:e4:b7:a3:13:26:02:
                    cc:97:5e:5e:ff:2c:b2:fb:40:ba:07:46:bb:bd:d9:
                    46:5c:9c:90:04:02:53:3c:6a:e9:af:a1:b2:d5:cc:
                    18:47:1f:29:39:f7:d0:da:56:b4:56:ba:b3:4a:8d:
                    cc:20:82:c9:4d:82:e4:7e:46:d5:dc:04:7e:70:18:
                    41:f6:29:4d:86:d5:da:ba:08:67:43:e7:7c:68:75:
                    7d:5a:f9:28:be:a5:85:48:bf:13:97:5c:f1:c5:c5:
                    2e:f0:15:a4:40:40:d1:26:b5:56:bb:dd:6b:0b:64:
                    70:df:87:35:af:12:50:14:05:78:bd:20:a8:cc:31:
                    f4:eb:54:93:ae:b2:90:02:85:53:5b:7f:eb:09:73:
                    18:c6:93:8b:60:7a:a3:e6:b6:48:78:90:7e:cd:b8:
                    96:60:48:95:e0:1c:53:c7:29:a3:9d:42:78:39:b2:
                    6b:c1:28:23:03:fa:45:f9:ff:f5:cd:e7:24:0e:ed:
                    c5:47:aa:3a:77:79:c4:75:d4:32:b8:e1:31:58:66:
                    88:ca:58:cc:48:82:38:4e:31:1a:54:ae:f4:3e:0f:
                    6f:25:2e:ba:ad:e5:02:6b:ad:e6:ec:8c:42:95:c7:
                    2a:0b:db:46:ea:a3:fe:23:3a:8e:97:58:b2:ae:02:
                    79:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C2:7B:CD:99:7A:FE:97:55:9D:A5:3F:83:F3:F6:5E:D1:8A:91:33
            X509v3 Authority Key Identifier:
                keyid:12:13:3A:65:23:E2:ED:0A:0C:9A:36:EA:8A:7C:6F:0E:72:A5:DD:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhM6ZSPi7QoMmjbqinxvDnKl3WQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/934ec3-b76a-40d0-8a3a-824729ab4b9a/1/XsJ7zZl6_pdVnaU_g_P2XtGKkTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/934ec3-b76a-40d0-8a3a-824729ab4b9a/1/EhM6ZSPi7QoMmjbqinxvDnKl3WQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:15:67:70:35:f2:2f:07:22:18:f8:03:14:11:14:b0:9d:e6:
         6f:f4:3c:96:e8:e3:78:eb:d5:86:bf:f3:c6:bc:36:4f:a4:e6:
         2b:79:66:b9:46:3a:dc:35:af:47:c7:1f:a7:fc:4c:7f:d3:19:
         0e:1f:2e:c0:82:40:f7:e8:b9:38:56:05:13:61:bf:4b:fd:98:
         b8:80:fa:6c:cc:dd:7d:49:63:af:27:40:fd:c3:30:be:2c:29:
         37:a7:8b:d5:1c:c9:1b:ec:dd:0f:b3:8c:76:32:11:ba:1c:25:
         6f:59:af:8e:53:92:02:55:16:3f:59:df:2c:f1:66:05:bf:1e:
         82:c1:46:dc:be:f7:dd:93:0e:7f:a5:d8:bf:f8:21:a0:33:22:
         ca:09:02:e6:71:fb:e3:34:84:a2:2a:f6:c3:1d:b7:8c:16:c2:
         87:2b:b9:cf:9d:65:08:c9:95:10:a2:9d:7f:06:8d:03:9e:cb:
         a7:fa:25:9c:88:3c:f9:66:cb:a8:a6:75:c2:c9:5e:0c:17:a7:
         f5:bf:be:3d:18:2b:d2:38:f4:67:48:2f:5d:01:9c:b4:ec:cd:
         60:6a:5c:71:35:6b:38:ef:64:72:d5:f8:b1:9b:37:57:71:7d:
         98:67:87:2b:e3:a3:58:3e:ce:06:6b:b9:aa:f6:95:d6:36:24:
         c5:5d:5a:f1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTZMCRQxQxL7aDsayJO2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTMzYTY1MjNlMmVkMGEwYzlhMzZlYThhN2M2ZjBlNzJh
NWRkNjQwHhcNMjQwMTAyMDgzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMyN2JjZDk5N2FmZTk3NTU5ZGE1M2Y4M2YzZjY1ZWQxOGE5MTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1ErW/1PQ8rkt6MTJgLMl15e/yyy
+0C6B0a7vdlGXJyQBAJTPGrpr6Gy1cwYRx8pOffQ2la0VrqzSo3MIILJTYLkfkbV
3AR+cBhB9ilNhtXaughnQ+d8aHV9WvkovqWFSL8Tl1zxxcUu8BWkQEDRJrVWu91r
C2Rw34c1rxJQFAV4vSCozDH061STrrKQAoVTW3/rCXMYxpOLYHqj5rZIeJB+zbiW
YEiV4BxTxymjnUJ4ObJrwSgjA/pF+f/1zeckDu3FR6o6d3nEddQyuOExWGaIyljM
SII4TjEaVK70Pg9vJS66reUCa63m7IxClccqC9tG6qP+IzqOl1iyrgJ59QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF7Ce82Zev6XVZ2lP4Pz9l7RipEzMB8GA1UdIwQY
MBaAFBITOmUj4u0KDJo26op8bw5ypd1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhNNlpTUGk3UW9NbWpicWlueHZEbktsM1dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85MzRlYzMtYjc2YS00MGQwLThhM2Et
ODI0NzI5YWI0YjlhLzEvWHNKN3pabDZfcGRWbmFVX2dfUDJYdEdLa1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85MzRlYzMtYjc2YS00MGQwLThhM2EtODI0NzI5YWI0Yjlh
LzEvRWhNNlpTUGk3UW9NbWpicWlueHZEbktsM1dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgLRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAZBVncDXyLwciGPgDFBEUsJ3mb/Q8lujjeOvVhr/z
xrw2T6TmK3lmuUY63DWvR8cfp/xMf9MZDh8uwIJA9+i5OFYFE2G/S/2YuID6bMzd
fUljrydA/cMwviwpN6eL1RzJG+zdD7OMdjIRuhwlb1mvjlOSAlUWP1nfLPFmBb8e
gsFG3L733ZMOf6XYv/ghoDMiygkC5nH74zSEoir2wx23jBbChyu5z51lCMmVEKKd
fwaNA57Lp/olnIg8+WbLqKZ1wsleDBen9b++PRgr0jj0Z0gvXQGctOzNYGpccTVr
OO9kctX4sZs3V3F9mGeHK+OjWD7OBmu5qvaV1jYkxV1a8Q==
-----END CERTIFICATE-----