Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/i-5l2BUUIJzmr1v6PpQOm_eU4q8.roa
File:                     i-5l2BUUIJzmr1v6PpQOm_eU4q8.roa (raw, json)
Hash identifier:          sSysNWnJguecSd+TMV3bmiRFAyjgH0yZWQh5NQGET9s=
Subject key identifier:   8B:EE:65:D8:15:14:20:9C:E6:AF:5B:FA:3E:94:0E:9B:F7:94:E2:AF
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE824E4F0703F12E5DF5FC5E1D7318
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/i-5l2BUUIJzmr1v6PpQOm_eU4q8.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201319
IP address blocks:        2a07:2902:6f00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:82:4e:4f:07:03:f1:2e:5d:f5:fc:5e:1d:73:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bee65d81514209ce6af5bfa3e940e9bf794e2af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:80:0d:4d:1d:bc:56:b1:b6:3d:62:cd:b8:65:
                    fd:4f:3b:91:ab:d7:04:69:30:2e:3b:25:f4:cd:12:
                    8e:ee:8d:fe:83:e5:16:de:b7:b6:31:f3:59:45:10:
                    13:98:19:72:b5:1f:c8:22:b0:8f:3e:43:90:c2:e6:
                    8a:b6:a5:8e:05:12:bf:9a:31:c9:68:fe:fd:ca:97:
                    e6:cd:a3:a5:d6:e7:1b:d1:3b:9b:33:52:93:c1:0c:
                    b5:4b:9a:e6:1a:3c:42:08:f6:0d:0d:eb:3f:41:8d:
                    1f:aa:db:02:31:ef:80:4d:1c:b0:cf:3a:27:52:84:
                    9c:57:1e:4b:9a:47:b7:cc:c4:f9:10:74:a6:7d:8a:
                    e2:e7:72:22:e3:27:0d:a6:38:31:8c:81:4d:53:7c:
                    39:f4:da:a3:d2:bf:1e:1e:b6:58:fa:12:a2:9b:fe:
                    15:b5:1e:99:96:e9:7a:f1:4c:8e:99:61:15:c5:28:
                    95:80:42:8c:b7:57:be:b7:2e:b2:74:7d:f9:8e:c4:
                    59:98:38:09:92:8d:d0:48:b2:42:d3:46:d1:27:43:
                    83:a2:e0:71:09:d8:f9:e1:20:4c:7b:a8:1b:05:fe:
                    ca:02:ae:f4:53:9e:19:84:b9:4d:f4:3c:05:a6:b9:
                    a3:6d:cf:3c:a4:db:41:c1:0d:59:25:4c:9e:64:85:
                    e2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:EE:65:D8:15:14:20:9C:E6:AF:5B:FA:3E:94:0E:9B:F7:94:E2:AF
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/i-5l2BUUIJzmr1v6PpQOm_eU4q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2902:6f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:fd:94:c9:60:f0:e3:01:45:c8:cb:2c:b4:c5:be:60:63:0f:
         d3:8e:05:34:44:8b:96:7f:e6:3a:81:d4:cb:85:c0:cd:ce:43:
         4d:e5:6c:11:d2:75:87:fa:3e:a4:b4:a0:16:97:0a:a3:cb:ac:
         59:db:c9:23:45:36:74:76:2c:9d:08:90:57:d0:77:f8:50:52:
         58:09:dd:26:2f:77:b4:f2:b2:e1:17:e5:91:86:1d:e7:31:73:
         0f:dd:a4:75:3c:69:42:aa:54:b2:c1:0e:05:fd:7f:24:5d:1e:
         0e:db:6e:ae:7e:ef:fd:12:f1:02:e8:08:ec:e4:c0:c0:23:1a:
         99:58:cc:45:26:37:22:11:ef:61:55:62:b1:59:03:cc:9f:7d:
         1c:c8:b4:66:98:92:79:f2:c1:4f:f2:ba:42:09:9a:41:4f:0d:
         e0:ee:e2:c8:ae:fe:09:c7:30:15:8f:01:39:97:0e:41:27:42:
         70:c5:bf:54:39:76:df:98:1e:be:fe:ec:9c:36:3a:eb:87:c0:
         9d:8a:f4:2f:62:d3:a1:51:45:7d:bb:66:1a:da:28:9e:90:2e:
         d5:13:f4:02:10:ff:20:f3:2c:4a:e7:55:35:49:77:d3:3f:08:
         dd:93:78:02:97:dd:79:0f:13:a6:90:2e:e5:ba:20:b2:5a:0c:
         01:36:13:f7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3oJOTwcD8S5d9fxeHXMYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmVlNjVkODE1MTQyMDljZTZhZjViZmEzZTk0MGU5YmY3OTRlMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYANTR28VrG2PWLNuGX9TzuRq9cE
aTAuOyX0zRKO7o3+g+UW3re2MfNZRRATmBlytR/IIrCPPkOQwuaKtqWOBRK/mjHJ
aP79ypfmzaOl1ucb0TubM1KTwQy1S5rmGjxCCPYNDes/QY0fqtsCMe+ATRywzzon
UoScVx5Lmke3zMT5EHSmfYri53Ii4ycNpjgxjIFNU3w59Nqj0r8eHrZY+hKim/4V
tR6Zlul68UyOmWEVxSiVgEKMt1e+ty6ydH35jsRZmDgJko3QSLJC00bRJ0ODouBx
Cdj54SBMe6gbBf7KAq70U54ZhLlN9DwFprmjbc88pNtBwQ1ZJUyeZIXiQwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIvuZdgVFCCc5q9b+j6UDpv3lOKvMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvaS01bDJCVVVJSnptcjF2NlBwUU9tX2VVNHE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgcpAm8w
DQYJKoZIhvcNAQELBQADggEBAAn9lMlg8OMBRcjLLLTFvmBjD9OOBTREi5Z/5jqB
1MuFwM3OQ03lbBHSdYf6PqS0oBaXCqPLrFnbySNFNnR2LJ0IkFfQd/hQUlgJ3SYv
d7TysuEX5ZGGHecxcw/dpHU8aUKqVLLBDgX9fyRdHg7bbq5+7/0S8QLoCOzkwMAj
GplYzEUmNyIR72FVYrFZA8yffRzItGaYknnywU/yukIJmkFPDeDu4siu/gnHMBWP
ATmXDkEnQnDFv1Q5dt+YHr7+7Jw2OuuHwJ2K9C9i06FRRX27ZhraKJ6QLtUT9AIQ
/yDzLErnVTVJd9M/CN2TeAKX3XkPE6aQLuW6ILJaDAE2E/c=
-----END CERTIFICATE-----