Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/53d1a5-9c61-4ff2-b21b-70c95209fe89/1/tH2x_CNWWC7YE4iWAobwWnfNsEs.roa
File:                     tH2x_CNWWC7YE4iWAobwWnfNsEs.roa (raw, json)
Hash identifier:          aKu3iRXlNiXS4c51wx9OOq9pBfp4GsyZnQOgn80EMAU=
Subject key identifier:   B4:7D:B1:FC:23:56:58:2E:D8:13:88:96:02:86:F0:5A:77:CD:B0:4B
Certificate issuer:       /CN=6294db0b87f6aeecce7fb22fb1b1421d906a6350
Certificate serial:       018CC794C2E3B498866EEB6136756B05B518
Authority key identifier: 62:94:DB:0B:87:F6:AE:EC:CE:7F:B2:2F:B1:B1:42:1D:90:6A:63:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YpTbC4f2ruzOf7IvsbFCHZBqY1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/53d1a5-9c61-4ff2-b21b-70c95209fe89/1/tH2x_CNWWC7YE4iWAobwWnfNsEs.roa
Signing time:             Tue 02 Jan 2024 00:31:04 +0000
ROA not before:           Tue 02 Jan 2024 00:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     131199
IP address blocks:        2a0c:36c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/53d1a5-9c61-4ff2-b21b-70c95209fe89/1/YpTbC4f2ruzOf7IvsbFCHZBqY1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/53d1a5-9c61-4ff2-b21b-70c95209fe89/1/YpTbC4f2ruzOf7IvsbFCHZBqY1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YpTbC4f2ruzOf7IvsbFCHZBqY1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c2:e3:b4:98:86:6e:eb:61:36:75:6b:05:b5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6294db0b87f6aeecce7fb22fb1b1421d906a6350
        Validity
            Not Before: Jan  2 00:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b47db1fc2356582ed81388960286f05a77cdb04b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:40:40:4b:cd:66:2e:a8:63:5d:a9:0b:34:38:
                    f5:2e:c0:10:9d:1b:74:9c:7b:66:e7:d3:b4:5f:9f:
                    2a:f4:99:6e:63:22:8e:60:95:6f:e5:d5:04:7f:4f:
                    86:9f:25:2a:65:97:c7:57:07:0f:f1:13:d1:70:88:
                    57:c2:ed:91:7d:4c:83:da:e6:22:0b:aa:b2:49:e7:
                    ce:f1:c3:e5:a0:bd:02:34:6e:9f:43:d2:af:af:b2:
                    08:ac:fd:44:44:13:20:2c:d4:4f:3a:51:87:92:f5:
                    b9:7e:af:8b:6c:89:1e:bf:a7:4f:ed:a5:30:a2:52:
                    4e:a2:b8:52:85:bd:68:13:42:0e:a3:60:5f:3d:df:
                    a3:d1:30:05:0a:68:bc:b3:a6:5e:7f:ac:45:da:59:
                    d9:43:da:4f:dd:23:62:4d:49:7a:87:4d:37:a2:5e:
                    eb:dc:9d:3b:ab:49:43:93:f0:e5:e2:fa:89:1e:b5:
                    2f:64:01:ee:ff:14:9f:ec:51:b2:78:db:c5:5b:30:
                    e7:29:ea:dd:b9:31:d7:3c:5b:13:2a:ab:8a:c0:e1:
                    c6:f6:89:10:41:47:3e:00:d9:ac:65:ca:dd:82:71:
                    c6:40:10:ee:60:8e:71:91:99:9f:54:f9:ef:d9:3a:
                    4a:1d:f5:43:ff:29:52:d8:20:3a:c2:e3:ff:9a:98:
                    b4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7D:B1:FC:23:56:58:2E:D8:13:88:96:02:86:F0:5A:77:CD:B0:4B
            X509v3 Authority Key Identifier:
                keyid:62:94:DB:0B:87:F6:AE:EC:CE:7F:B2:2F:B1:B1:42:1D:90:6A:63:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YpTbC4f2ruzOf7IvsbFCHZBqY1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/53d1a5-9c61-4ff2-b21b-70c95209fe89/1/tH2x_CNWWC7YE4iWAobwWnfNsEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/53d1a5-9c61-4ff2-b21b-70c95209fe89/1/YpTbC4f2ruzOf7IvsbFCHZBqY1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:36c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:cb:df:34:07:56:30:76:c7:b1:92:7f:9b:07:f9:a3:e0:76:
         3e:61:dc:e4:5b:14:29:ab:15:4b:34:21:49:39:7c:b2:fd:f9:
         18:d2:13:e8:e8:d1:5f:dc:cf:e1:f9:dc:7d:8c:37:0c:4c:7c:
         a2:dd:f2:12:ec:a5:c2:8b:fb:d4:9a:46:d5:ed:00:c8:42:b4:
         2f:7e:04:ed:74:28:0c:1b:77:66:6d:d3:6c:04:6c:36:61:37:
         91:2c:7b:4c:56:d3:72:92:94:52:f8:32:7d:68:fb:64:18:57:
         02:70:7d:3d:ca:ca:5e:c3:6b:27:1b:75:1e:90:9e:d3:fd:05:
         b0:93:1b:24:b8:ec:cb:6b:d2:4e:27:48:f5:a1:7a:e9:29:d6:
         d4:42:59:66:3a:0a:3f:49:3e:f2:8f:0d:f6:b8:d2:5f:70:84:
         8c:d7:45:a9:ca:9e:35:a4:15:39:de:1b:d6:e6:28:3e:df:af:
         7a:32:9f:55:1a:92:03:6c:e0:94:a6:bc:5e:45:96:39:6d:fb:
         7c:ac:e0:d3:06:32:fa:c1:fb:19:01:26:eb:14:eb:a0:20:11:
         ed:a6:a6:99:a6:11:c7:39:41:7a:b9:c5:14:1e:f0:98:cc:84:
         5c:72:7a:b1:d3:7d:56:c6:13:e9:17:36:6b:d5:19:cc:90:93:
         b9:f3:2d:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlMLjtJiGbuthNnVrBbUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyOTRkYjBiODdmNmFlZWNjZTdmYjIyZmIxYjE0MjFkOTA2
YTYzNTAwHhcNMjQwMTAyMDAzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDdkYjFmYzIzNTY1ODJlZDgxMzg4OTYwMjg2ZjA1YTc3Y2RiMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0BAS81mLqhjXakLNDj1LsAQnRt0
nHtm59O0X58q9JluYyKOYJVv5dUEf0+GnyUqZZfHVwcP8RPRcIhXwu2RfUyD2uYi
C6qySefO8cPloL0CNG6fQ9Kvr7IIrP1ERBMgLNRPOlGHkvW5fq+LbIkev6dP7aUw
olJOorhShb1oE0IOo2BfPd+j0TAFCmi8s6Zef6xF2lnZQ9pP3SNiTUl6h003ol7r
3J07q0lDk/Dl4vqJHrUvZAHu/xSf7FGyeNvFWzDnKerduTHXPFsTKquKwOHG9okQ
QUc+ANmsZcrdgnHGQBDuYI5xkZmfVPnv2TpKHfVD/ylS2CA6wuP/mpi0MQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLR9sfwjVlgu2BOIlgKG8Fp3zbBLMB8GA1UdIwQY
MBaAFGKU2wuH9q7szn+yL7GxQh2QamNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXBUYkM0ZjJydXpPZjdJdnNiRkNIWkJxWTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81M2QxYTUtOWM2MS00ZmYyLWIyMWIt
NzBjOTUyMDlmZTg5LzEvdEgyeF9DTldXQzdZRTRpV0FvYndXbmZOc0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81M2QxYTUtOWM2MS00ZmYyLWIyMWItNzBjOTUyMDlmZTg5
LzEvWXBUYkM0ZjJydXpPZjdJdnNiRkNIWkJxWTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgw2wTAN
BgkqhkiG9w0BAQsFAAOCAQEAYcvfNAdWMHbHsZJ/mwf5o+B2PmHc5FsUKasVSzQh
STl8sv35GNIT6OjRX9zP4fncfYw3DEx8ot3yEuylwov71JpG1e0AyEK0L34E7XQo
DBt3Zm3TbARsNmE3kSx7TFbTcpKUUvgyfWj7ZBhXAnB9PcrKXsNrJxt1HpCe0/0F
sJMbJLjsy2vSTidI9aF66SnW1EJZZjoKP0k+8o8N9rjSX3CEjNdFqcqeNaQVOd4b
1uYoPt+vejKfVRqSA2zglKa8XkWWOW37fKzg0wYy+sH7GQEm6xTroCAR7aammaYR
xzlBernFFB7wmMyEXHJ6sdN9VsYT6Rc2a9UZzJCTufMtQQ==
-----END CERTIFICATE-----