Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/XwtTzgmbaOEUpqfGYf24GnyAEj0.roa
File:                     XwtTzgmbaOEUpqfGYf24GnyAEj0.roa (raw, json)
Hash identifier:          p/9fWNiDnigkJrBOhUuTQkdrSzcw6vDImyW1B2N5V6E=
Subject key identifier:   5F:0B:53:CE:09:9B:68:E1:14:A6:A7:C6:61:FD:B8:1A:7C:80:12:3D
Certificate issuer:       /CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
Certificate serial:       018CC3490AD83825E951247E2A76D14FB048
Authority key identifier: 5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/XwtTzgmbaOEUpqfGYf24GnyAEj0.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        2a06:6541:2002::/48 maxlen: 48
                          2a06:6540:2002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0a:d8:38:25:e9:51:24:7e:2a:76:d1:4f:b0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f0b53ce099b68e114a6a7c661fdb81a7c80123d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4c:bc:0d:54:f1:c4:4d:dd:1d:fc:e0:5d:39:
                    b1:b3:fc:18:8a:4c:04:dd:4c:ab:9e:ca:5b:56:0f:
                    f2:ce:e3:7f:2a:d6:8e:68:bd:c5:ea:e0:22:97:0f:
                    88:14:8c:cc:39:d7:7f:41:b5:61:05:44:fb:92:fa:
                    ac:71:ff:15:0f:2f:b7:42:8e:e3:b0:9b:ac:67:e9:
                    b7:a5:4f:b3:87:52:9e:a7:52:78:e4:f7:ae:79:7a:
                    1d:af:45:3b:96:9c:89:f7:e8:cc:ea:52:98:d4:9f:
                    10:b9:34:63:d2:11:33:8d:2e:5a:68:aa:73:b9:40:
                    ed:3c:88:54:a5:ca:94:c6:f4:cd:57:57:6b:3b:81:
                    7f:a1:4a:72:63:cf:5e:7e:61:05:c0:2c:f9:e3:ef:
                    03:a3:0e:19:84:8a:2f:49:91:ca:b1:5c:88:1d:9e:
                    e8:dd:82:86:df:e9:2b:31:96:61:3e:b5:c4:c7:89:
                    10:c5:a0:eb:1f:c6:8b:0f:3d:65:d0:b5:8d:46:ab:
                    d2:a8:3e:19:23:07:40:71:0c:03:31:9b:a0:4c:77:
                    a7:2b:bf:82:ba:ac:10:fb:68:f4:b5:53:6d:f0:58:
                    94:47:9b:89:ae:29:96:b2:e4:b0:ca:7f:4d:fe:a1:
                    15:eb:ec:09:24:43:18:05:70:63:68:7a:bc:71:8f:
                    18:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0B:53:CE:09:9B:68:E1:14:A6:A7:C6:61:FD:B8:1A:7C:80:12:3D
            X509v3 Authority Key Identifier:
                keyid:5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/XwtTzgmbaOEUpqfGYf24GnyAEj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:6540:2002::/48
                  2a06:6541:2002::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:68:c6:aa:42:c9:26:67:0d:91:2a:94:71:0d:41:af:0c:66:
         41:07:67:6d:f8:9e:60:2b:a1:48:26:cb:ba:f2:ae:9e:01:11:
         c3:77:d5:ed:5b:b5:2c:b0:47:56:f2:70:cb:21:b0:88:a8:b1:
         f3:e2:a2:60:80:ec:38:50:fa:ce:54:b5:80:59:45:49:c1:f8:
         f4:77:5a:18:0b:e7:bb:28:2a:a7:83:ce:3b:9f:9e:6a:86:28:
         39:b8:4f:eb:48:6e:e4:57:83:54:b1:52:a9:f8:3c:25:3e:24:
         14:b8:ed:28:fb:46:0b:3a:3c:b4:2f:7d:22:b0:67:ba:f2:0c:
         33:4b:6e:5e:1b:8b:b6:28:0d:2e:10:93:52:38:1f:c2:62:9b:
         36:93:15:7a:8f:38:c9:e2:77:4b:b4:c0:1f:d4:54:55:d0:2e:
         bc:79:63:8e:bd:67:68:64:c3:53:cc:48:24:da:33:18:c0:b6:
         db:51:60:9b:43:23:85:b1:90:7b:ad:69:be:04:53:c2:32:75:
         bb:ac:76:91:fd:b0:25:f4:c8:5b:56:a1:81:50:bd:61:34:d6:
         f0:dc:41:8e:14:38:45:34:c4:3c:12:1d:9a:48:d6:a3:6e:f1:
         0c:61:9c:4c:7d:45:ff:1d:33:60:46:de:21:02:45:fd:49:52:
         05:8b:bb:92
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSQrYOCXpUSR+KnbRT7BIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzQ2NmNjODlmOWRiNGUzMWM1NDAwZDJhZTdhMmJmZmRi
MjI1NDcwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBiNTNjZTA5OWI2OGUxMTRhNmE3YzY2MWZkYjgxYTdjODAxMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUy8DVTxxE3dHfzgXTmxs/wYikwE
3UyrnspbVg/yzuN/KtaOaL3F6uAilw+IFIzMOdd/QbVhBUT7kvqscf8VDy+3Qo7j
sJusZ+m3pU+zh1Kep1J45PeueXodr0U7lpyJ9+jM6lKY1J8QuTRj0hEzjS5aaKpz
uUDtPIhUpcqUxvTNV1drO4F/oUpyY89efmEFwCz54+8Dow4ZhIovSZHKsVyIHZ7o
3YKG3+krMZZhPrXEx4kQxaDrH8aLDz1l0LWNRqvSqD4ZIwdAcQwDMZugTHenK7+C
uqwQ+2j0tVNt8FiUR5uJrimWsuSwyn9N/qEV6+wJJEMYBXBjaHq8cY8YfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF8LU84Jm2jhFKanxmH9uBp8gBI9MB8GA1UdIwQY
MBaAFFrEZsyJ+dtOMcVADSrnor/9siVHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2Yt
OWFiZDFhYTY0YmUxLzEvWHd0VHpnbWJhT0VVcHFmR1lmMjRHbnlBRWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2YtOWFiZDFhYTY0YmUx
LzEvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgZlQCAC
AwcAKgZlQSACMA0GCSqGSIb3DQEBCwUAA4IBAQCcaMaqQskmZw2RKpRxDUGvDGZB
B2dt+J5gK6FIJsu68q6eARHDd9XtW7UssEdW8nDLIbCIqLHz4qJggOw4UPrOVLWA
WUVJwfj0d1oYC+e7KCqng847n55qhig5uE/rSG7kV4NUsVKp+DwlPiQUuO0o+0YL
Ojy0L30isGe68gwzS25eG4u2KA0uEJNSOB/CYps2kxV6jzjJ4ndLtMAf1FRV0C68
eWOOvWdoZMNTzEgk2jMYwLbbUWCbQyOFsZB7rWm+BFPCMnW7rHaR/bAl9MhbVqGB
UL1hNNbw3EGOFDhFNMQ8Eh2aSNajbvEMYZxMfUX/HTNgRt4hAkX9SVIFi7uS
-----END CERTIFICATE-----