Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/XMLjUh121fXQv3Ydx8ZPBt93TIk.roa
File:                     XMLjUh121fXQv3Ydx8ZPBt93TIk.roa (raw, json)
Hash identifier:          ERkNHgvidT+UW+LtMgAxn5wo6tsnNQG3OWmWIrjB+yY=
Subject key identifier:   5C:C2:E3:52:1D:76:D5:F5:D0:BF:76:1D:C7:C6:4F:06:DF:77:4C:89
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       018CC34956F54915FB51E542F625CC2BAA93
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/XMLjUh121fXQv3Ydx8ZPBt93TIk.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40975
IP address blocks:        2a0a:2e00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:56:f5:49:15:fb:51:e5:42:f6:25:cc:2b:aa:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cc2e3521d76d5f5d0bf761dc7c64f06df774c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4c:f5:34:86:04:7d:15:f1:28:be:52:0c:7a:
                    7e:88:62:ac:65:6b:1e:35:34:99:a2:11:aa:00:18:
                    7f:9c:c5:f5:aa:75:c9:8c:12:64:c3:2b:90:65:76:
                    62:34:5f:d7:9e:7d:84:2b:69:6a:95:3c:c2:e5:b4:
                    b1:f0:25:6f:e1:f1:11:e5:9b:a5:da:dc:cf:bb:08:
                    eb:bb:e6:e2:ab:bc:03:3c:25:cc:aa:44:25:74:d1:
                    5d:c7:0a:ab:95:be:8f:40:ee:5d:d1:48:9e:1c:45:
                    51:8e:1d:6a:0c:6b:30:a6:7e:14:8a:be:72:e5:a8:
                    52:7f:68:11:0b:33:51:a7:d6:a2:4f:aa:44:24:6d:
                    6a:30:fc:17:40:55:05:59:8f:70:7a:fe:6c:88:06:
                    7d:98:63:2d:55:97:53:6d:f4:8c:6c:17:d4:50:bf:
                    57:80:f5:9c:c1:6a:9d:57:7b:31:d3:b9:33:74:8d:
                    b9:09:4c:b2:0c:09:5e:1c:82:3f:1b:2a:bc:0a:7d:
                    84:0d:39:2b:3b:04:b7:30:7e:b6:87:c6:89:e7:17:
                    d6:55:de:f5:9c:31:eb:b3:3d:39:cf:f8:a2:ec:f7:
                    1a:40:2f:e7:07:c2:02:0d:59:46:e1:ef:f1:fe:48:
                    25:cf:49:c5:f1:2a:30:73:f3:3b:0d:a7:23:8c:5c:
                    34:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C2:E3:52:1D:76:D5:F5:D0:BF:76:1D:C7:C6:4F:06:DF:77:4C:89
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/XMLjUh121fXQv3Ydx8ZPBt93TIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2e00::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:30:c5:4b:94:90:17:e3:06:48:cc:d2:33:d9:60:38:e7:79:
         8a:9f:ba:a7:77:18:6e:14:51:36:a2:85:85:30:84:01:c8:b5:
         b1:6b:30:ce:d7:64:be:3c:30:53:56:d6:a0:42:82:a2:c1:1d:
         24:c5:ac:0d:f3:de:30:55:a4:40:4a:c3:08:53:03:f4:c7:dd:
         d4:c1:3c:76:a7:e1:7f:4c:21:73:cd:a8:75:15:53:04:f2:13:
         7d:d4:ca:e0:7d:28:40:96:92:ce:78:9e:1b:f0:de:c5:bb:17:
         27:cd:6d:06:77:89:ea:fb:97:2b:33:97:6f:84:06:9c:23:72:
         06:44:f6:57:48:87:4a:ce:7f:75:af:d2:2b:2c:15:44:58:06:
         ca:8d:1d:07:47:a5:ce:94:3b:68:0f:78:8f:30:a1:8a:18:0c:
         ec:c4:25:58:4c:ef:08:c4:7b:f5:b9:58:22:75:c4:81:36:80:
         c4:0f:cb:ae:53:53:d0:ec:62:04:0d:34:1e:ad:86:2e:87:52:
         dd:9c:a1:5a:3a:c5:39:ae:8a:6e:79:a3:00:57:4e:d7:c8:c0:
         2e:c4:e9:f5:83:4c:20:0c:d1:c6:62:d2:2a:2a:ce:61:5d:a0:
         9b:35:bd:7e:ae:b6:fc:0c:47:85:4e:9c:68:9a:ec:ae:01:45:
         3c:a3:41:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSVb1SRX7UeVC9iXMK6qTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2MyZTM1MjFkNzZkNWY1ZDBiZjc2MWRjN2M2NGYwNmRmNzc0Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEz1NIYEfRXxKL5SDHp+iGKsZWse
NTSZohGqABh/nMX1qnXJjBJkwyuQZXZiNF/Xnn2EK2lqlTzC5bSx8CVv4fER5Zul
2tzPuwjru+biq7wDPCXMqkQldNFdxwqrlb6PQO5d0UieHEVRjh1qDGswpn4Uir5y
5ahSf2gRCzNRp9aiT6pEJG1qMPwXQFUFWY9wev5siAZ9mGMtVZdTbfSMbBfUUL9X
gPWcwWqdV3sx07kzdI25CUyyDAleHII/Gyq8Cn2EDTkrOwS3MH62h8aJ5xfWVd71
nDHrsz05z/ii7PcaQC/nB8ICDVlG4e/x/kglz0nF8Sowc/M7DacjjFw0FQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFzC41IddtX10L92HcfGTwbfd0yJMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvWE1MalVoMTIxZlhRdjNZZHg4WlBCdDkzVElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgouAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBPMMVLlJAX4wZIzNIz2WA453mKn7qndxhuFFE2
ooWFMIQByLWxazDO12S+PDBTVtagQoKiwR0kxawN894wVaRASsMIUwP0x93UwTx2
p+F/TCFzzah1FVME8hN91MrgfShAlpLOeJ4b8N7FuxcnzW0Gd4nq+5crM5dvhAac
I3IGRPZXSIdKzn91r9IrLBVEWAbKjR0HR6XOlDtoD3iPMKGKGAzsxCVYTO8IxHv1
uVgidcSBNoDED8uuU1PQ7GIEDTQerYYuh1LdnKFaOsU5ropueaMAV07XyMAuxOn1
g0wgDNHGYtIqKs5hXaCbNb1+rrb8DEeFTpxomuyuAUU8o0Ek
-----END CERTIFICATE-----