Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/XBmeJD0YnVPkyPrbFZs_3Kc9gvw.roa
File:                     XBmeJD0YnVPkyPrbFZs_3Kc9gvw.roa (raw, json)
Hash identifier:          KdBsqfL8sOR/FvcGfo1XV3qrmhZ4uKVMRLo1IovkvzQ=
Subject key identifier:   5C:19:9E:24:3D:18:9D:53:E4:C8:FA:DB:15:9B:3F:DC:A7:3D:82:FC
Certificate issuer:       /CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
Certificate serial:       018CC7935D2EECE83124175E95A7EE3CF731
Authority key identifier: 98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/XBmeJD0YnVPkyPrbFZs_3Kc9gvw.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57712
IP address blocks:        2a00:f440:c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5d:2e:ec:e8:31:24:17:5e:95:a7:ee:3c:f7:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c199e243d189d53e4c8fadb159b3fdca73d82fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a0:23:5b:c3:75:7c:4c:c0:9f:d3:b1:e6:1e:
                    68:a7:3c:85:99:1a:b0:87:29:9b:40:fe:a8:9c:ef:
                    1e:a6:9f:fc:52:f5:06:ea:0a:4a:d4:05:9c:a2:52:
                    a1:b1:45:1d:cb:a8:45:05:2d:62:6b:55:dd:e4:8d:
                    a8:a3:c0:80:61:1e:3b:39:36:31:20:ef:60:24:d3:
                    4f:83:fb:2b:f1:8b:e8:ab:61:11:25:44:2f:51:d1:
                    07:a8:b8:ec:97:ef:1b:30:84:0c:13:d7:33:4a:78:
                    42:ef:e7:56:f1:a2:8a:ef:64:b8:04:10:68:33:84:
                    13:e6:23:d7:37:5c:6d:65:c4:18:dc:22:30:58:12:
                    8b:31:0b:21:12:e1:e3:6e:98:61:1e:a9:1f:1c:59:
                    74:9f:9c:9f:e3:21:e0:dd:ed:d8:1d:69:8e:1c:81:
                    51:b1:6d:6b:50:ec:6a:79:b0:18:6d:3f:f3:e6:d6:
                    fb:93:a3:28:b3:c7:10:58:f6:2b:0f:60:8b:0e:93:
                    da:e5:38:7a:6e:43:79:da:d2:4e:bd:35:ed:8a:25:
                    92:d5:7e:38:9e:50:f4:6a:92:8e:92:f0:e1:ab:88:
                    ca:e9:70:c1:e9:6e:00:30:25:be:21:90:3c:11:af:
                    19:2c:ec:b2:75:06:3a:08:41:ba:a5:b3:d1:aa:1a:
                    a1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:19:9E:24:3D:18:9D:53:E4:C8:FA:DB:15:9B:3F:DC:A7:3D:82:FC
            X509v3 Authority Key Identifier:
                keyid:98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/XBmeJD0YnVPkyPrbFZs_3Kc9gvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f440:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:d3:2c:e5:6a:05:6b:5d:05:20:4d:4f:29:d0:e5:ca:79:06:
         e1:2e:fa:68:62:e3:e6:5f:ee:9b:fe:2b:5b:95:44:c0:01:87:
         a4:da:3c:0e:66:9d:63:d2:c7:f1:53:10:8b:50:f0:69:1f:f3:
         88:23:6f:a7:e9:6b:9b:92:40:35:ff:5d:74:0a:db:36:98:b1:
         cb:64:e9:5f:15:b5:01:4e:e1:49:b1:bf:89:ae:e8:c2:a0:e0:
         4e:50:1e:02:f7:ad:c8:96:9c:63:b1:b8:e0:8f:9f:26:8f:e3:
         22:3e:6b:b3:b3:74:75:77:81:b2:53:14:6f:44:40:b0:b4:fb:
         60:6d:a6:28:86:b4:06:48:26:61:36:25:5b:43:3a:8f:c1:4b:
         6c:0d:19:2e:7b:1d:6e:03:c2:4e:bd:63:51:7e:58:b8:7a:4a:
         13:81:1c:a6:02:37:c4:99:bf:ab:5a:11:10:7f:82:6f:bd:57:
         87:91:5d:55:c0:b5:05:ff:b4:fc:7f:26:01:26:c5:fc:e7:1a:
         0d:cf:cf:a4:3f:fc:f1:aa:a5:d8:b3:8a:e5:4b:30:95:f6:4b:
         d0:72:e2:0d:0e:98:c8:28:0f:58:a5:64:59:87:48:42:67:29:
         4c:0c:e2:3d:89:5d:68:b5:c4:6b:85:61:2b:98:1e:19:a0:c3:
         a0:a1:3d:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk10u7OgxJBdelafuPPcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTFjNDQ4ODY5OWU2ZDAyNGUzOWNjNGQ2MWVlZWFiZDM4
MDEwZmEwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzE5OWUyNDNkMTg5ZDUzZTRjOGZhZGIxNTliM2ZkY2E3M2Q4MmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6AjW8N1fEzAn9Ox5h5opzyFmRqw
hymbQP6onO8epp/8UvUG6gpK1AWcolKhsUUdy6hFBS1ia1Xd5I2oo8CAYR47OTYx
IO9gJNNPg/sr8Yvoq2ERJUQvUdEHqLjsl+8bMIQME9czSnhC7+dW8aKK72S4BBBo
M4QT5iPXN1xtZcQY3CIwWBKLMQshEuHjbphhHqkfHFl0n5yf4yHg3e3YHWmOHIFR
sW1rUOxqebAYbT/z5tb7k6Mos8cQWPYrD2CLDpPa5Th6bkN52tJOvTXtiiWS1X44
nlD0apKOkvDhq4jK6XDB6W4AMCW+IZA8Ea8ZLOyydQY6CEG6pbPRqhqhDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFwZniQ9GJ1T5Mj62xWbP9ynPYL8MB8GA1UdIwQY
MBaAFJiRxEiGmebQJOOcxNYe7qvTgBD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUt
ZTEwYTYwNTk2YzI2LzEvWEJtZUpEMFluVlBreVByYkZac18zS2M5Z3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUtZTEwYTYwNTk2YzI2
LzEvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD0QAAM
MA0GCSqGSIb3DQEBCwUAA4IBAQBb0yzlagVrXQUgTU8p0OXKeQbhLvpoYuPmX+6b
/itblUTAAYek2jwOZp1j0sfxUxCLUPBpH/OII2+n6WubkkA1/110Cts2mLHLZOlf
FbUBTuFJsb+JrujCoOBOUB4C963Ilpxjsbjgj58mj+MiPmuzs3R1d4GyUxRvRECw
tPtgbaYohrQGSCZhNiVbQzqPwUtsDRkuex1uA8JOvWNRfli4ekoTgRymAjfEmb+r
WhEQf4JvvVeHkV1VwLUF/7T8fyYBJsX85xoNz8+kP/zxqqXYs4rlSzCV9kvQcuIN
DpjIKA9YpWRZh0hCZylMDOI9iV1otcRrhWErmB4ZoMOgoT1V
-----END CERTIFICATE-----