Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/_VKcpRfOICQLwlTmF5NSulTC4io.roa
File:                     _VKcpRfOICQLwlTmF5NSulTC4io.roa (raw, json)
Hash identifier:          tFibP30sea+8uYhEzUodRqZ5ebBO6oQFEPpsZWNrcRg=
Subject key identifier:   FD:52:9C:A5:17:CE:20:24:0B:C2:54:E6:17:93:52:BA:54:C2:E2:2A
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE821F403301A49016C11C1EB89DCF
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/_VKcpRfOICQLwlTmF5NSulTC4io.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60115
IP address blocks:        2a07:2918:6000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:82:1f:40:33:01:a4:90:16:c1:1c:1e:b8:9d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd529ca517ce20240bc254e6179352ba54c2e22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e5:7d:f7:1c:3f:38:24:d0:81:d8:10:e4:b6:
                    0a:a3:68:3d:05:3c:63:ef:96:1e:9b:7b:61:b1:d8:
                    ae:aa:1f:00:ab:03:54:41:b7:fb:a2:59:e3:6c:38:
                    f8:67:06:38:3d:f8:fe:5b:f1:c2:59:82:86:c9:81:
                    1f:94:35:68:62:c9:c9:4f:ab:b4:f5:b8:a8:c7:27:
                    0c:1d:94:6e:18:0a:83:60:6b:16:61:1e:8f:6a:88:
                    b6:73:42:a4:c1:68:5c:f9:6e:92:b3:4c:a5:12:8d:
                    d0:5e:3f:d3:d4:fd:63:1b:50:18:7e:2a:64:03:1a:
                    4a:4c:71:2f:01:f9:0a:ea:0c:9e:9d:23:7e:15:b0:
                    7c:b4:f7:a3:d2:e3:2d:ec:a5:1b:9e:b6:ca:6e:74:
                    d8:82:b1:b1:71:ef:aa:5f:ac:aa:3c:ed:e3:f9:74:
                    e5:cf:71:1a:8d:29:d9:4f:08:6b:84:9b:4f:f8:91:
                    5a:0f:36:de:44:6a:11:c4:5d:0c:a7:f9:4d:b1:cf:
                    51:2b:c4:de:1b:87:c4:d1:b1:2e:f1:ae:99:49:e0:
                    3d:e7:ae:c8:08:77:2e:aa:2f:33:75:cd:48:eb:49:
                    c3:df:29:73:0f:19:12:7e:d8:e4:de:e8:0e:c0:ad:
                    f4:27:ce:ff:61:18:51:b9:fe:83:0d:97:d0:21:c7:
                    c6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:52:9C:A5:17:CE:20:24:0B:C2:54:E6:17:93:52:BA:54:C2:E2:2A
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/_VKcpRfOICQLwlTmF5NSulTC4io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2918:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3b:10:95:6a:fa:b2:76:fe:f0:f4:37:e2:d0:b2:d0:1f:f2:47:
         6f:89:22:e8:39:07:15:5d:0b:6b:80:30:a8:e2:1b:7a:99:16:
         e4:b7:1f:5f:35:a2:68:a6:eb:7e:cd:53:c3:ce:9a:61:0d:2d:
         7d:12:6e:7f:41:5d:e9:06:8f:24:84:b5:45:f6:73:10:20:2a:
         c1:bc:11:1a:79:f9:12:21:de:b1:8c:c2:47:47:4b:fe:e0:d2:
         20:cb:c7:35:9e:f2:5a:88:5a:25:5c:73:07:22:e3:e9:12:64:
         a7:af:58:65:14:ba:7b:e4:0f:cb:d3:7a:e5:3d:6b:53:1a:3d:
         0a:f5:a1:e3:5a:a3:ba:a6:3d:a7:96:02:b3:5a:96:3d:58:bf:
         30:5e:f1:96:c1:9c:07:f6:ae:94:83:26:52:3b:8d:3d:18:15:
         a6:34:d5:aa:8c:83:4c:65:46:c3:ab:1d:1d:b4:35:d8:78:d3:
         25:17:a5:12:47:02:8a:81:a8:54:03:a4:eb:39:7d:77:f3:9c:
         65:63:3d:32:bb:ee:2e:86:8e:a7:b9:b9:5c:ec:c0:ab:50:54:
         78:e4:d6:c5:e6:a6:cc:df:b1:49:a7:ae:db:28:34:74:4d:dd:
         cd:54:eb:09:38:72:af:20:67:0e:d3:be:dc:2e:8b:d8:95:60:
         05:55:ca:4b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3oIfQDMBpJAWwRweuJ3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDUyOWNhNTE3Y2UyMDI0MGJjMjU0ZTYxNzkzNTJiYTU0YzJlMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+V99xw/OCTQgdgQ5LYKo2g9BTxj
75Yem3thsdiuqh8AqwNUQbf7olnjbDj4ZwY4Pfj+W/HCWYKGyYEflDVoYsnJT6u0
9bioxycMHZRuGAqDYGsWYR6Paoi2c0KkwWhc+W6Ss0ylEo3QXj/T1P1jG1AYfipk
AxpKTHEvAfkK6gyenSN+FbB8tPej0uMt7KUbnrbKbnTYgrGxce+qX6yqPO3j+XTl
z3EajSnZTwhrhJtP+JFaDzbeRGoRxF0Mp/lNsc9RK8TeG4fE0bEu8a6ZSeA9567I
CHcuqi8zdc1I60nD3ylzDxkSftjk3ugOwK30J87/YRhRuf6DDZfQIcfGnwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFP1SnKUXziAkC8JU5heTUrpUwuIqMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvX1ZLY3BSZk9JQ1FMd2xUbUY1TlN1bFRDNGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgcpGGAw
DQYJKoZIhvcNAQELBQADggEBADsQlWr6snb+8PQ34tCy0B/yR2+JIug5BxVdC2uA
MKjiG3qZFuS3H181omim637NU8POmmENLX0Sbn9BXekGjySEtUX2cxAgKsG8ERp5
+RIh3rGMwkdHS/7g0iDLxzWe8lqIWiVccwci4+kSZKevWGUUunvkD8vTeuU9a1Ma
PQr1oeNao7qmPaeWArNalj1YvzBe8ZbBnAf2rpSDJlI7jT0YFaY01aqMg0xlRsOr
HR20Ndh40yUXpRJHAoqBqFQDpOs5fXfznGVjPTK77i6Gjqe5uVzswKtQVHjk1sXm
pszfsUmnrtsoNHRN3c1U6wk4cq8gZw7Tvtwui9iVYAVVyks=
-----END CERTIFICATE-----