Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/5vm5ri9oB66DF80XibO1V0wNqTU.roa
File:                     5vm5ri9oB66DF80XibO1V0wNqTU.roa (raw, json)
Hash identifier:          IXk4iEP4p4/vPQOYg1Dm2UbV53Sz51FNtajU0GtSty0=
Subject key identifier:   E6:F9:B9:AE:2F:68:07:AE:83:17:CD:17:89:B3:B5:57:4C:0D:A9:35
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018CC726FC0A4A9827CA77A3F76B12A6D9A9
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/5vm5ri9oB66DF80XibO1V0wNqTU.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207080
IP address blocks:        2a0c:2f06::/32 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fc:0a:4a:98:27:ca:77:a3:f7:6b:12:a6:d9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6f9b9ae2f6807ae8317cd1789b3b5574c0da935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:53:d8:9c:da:a3:70:16:0a:50:b4:eb:a2:e0:
                    54:04:e1:cc:91:a8:a2:16:33:0e:f2:7d:38:bc:1c:
                    57:75:da:da:94:29:c6:f4:7b:be:53:72:8e:e4:bd:
                    e7:d5:0e:38:56:35:b8:0c:fd:2d:56:bd:fc:f1:6f:
                    4a:17:6f:59:e0:77:c5:42:ed:d0:f8:3e:d6:e2:4f:
                    0d:32:5a:31:92:99:e3:7c:fe:f1:0e:96:0d:4e:fe:
                    ff:9c:6e:38:58:ce:a3:43:3f:2d:b1:7e:a9:7b:4b:
                    a1:04:8e:2b:ea:8f:36:29:bd:e9:91:1e:43:04:95:
                    c6:9f:a1:18:79:03:01:75:2b:82:f2:8b:2a:d6:3f:
                    37:7a:76:a1:d1:b0:19:a1:35:ac:0b:24:b5:de:10:
                    e6:44:fe:91:d3:23:72:40:b7:c9:a0:52:cd:88:e5:
                    ad:0c:f5:b7:54:f0:a0:b3:15:b4:f2:f1:4d:7e:66:
                    cc:3a:28:9b:f2:8c:03:b1:5c:bb:25:38:ed:5b:95:
                    1d:93:e7:fc:4c:22:8c:59:ad:f6:9c:60:16:34:3e:
                    17:f7:c9:3b:10:3e:ed:a8:f2:07:77:3e:60:74:02:
                    c7:60:ca:b0:18:c7:c1:df:a7:98:dd:25:bf:66:71:
                    f9:65:3f:c4:f7:83:22:10:b1:10:ae:87:a1:17:5f:
                    d6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F9:B9:AE:2F:68:07:AE:83:17:CD:17:89:B3:B5:57:4C:0D:A9:35
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/5vm5ri9oB66DF80XibO1V0wNqTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2f06::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:06:71:84:3d:73:e2:28:5d:4b:95:c0:00:d2:03:bd:69:c1:
         8a:bd:c6:0d:fc:ff:16:ba:d8:7d:71:c0:e9:1c:97:9e:cc:62:
         ed:b9:09:c8:bd:d7:0a:25:c6:17:cc:3a:67:b1:b4:56:e6:f4:
         f1:3b:76:57:75:ad:5a:f9:f9:9c:03:e7:90:b4:66:3a:2d:98:
         cf:96:81:ea:da:56:da:a4:cb:da:30:be:ae:47:be:7f:f5:02:
         3a:cf:12:e0:25:9c:cb:a3:9f:4d:3a:2a:9f:83:67:7c:60:84:
         c6:30:93:24:7a:0e:d6:d7:ef:2c:70:78:a0:55:2d:d4:21:02:
         05:9a:b7:f5:84:67:5f:90:fa:4f:a9:03:d4:e0:fe:5f:06:41:
         59:b3:14:04:9d:37:03:81:44:a2:ce:5c:bf:52:fe:cf:0a:1c:
         ae:db:2c:1e:ca:21:24:ef:94:0a:39:ea:58:ac:66:da:f0:bb:
         7e:8e:7d:09:08:18:65:cb:2b:54:42:15:3b:43:2b:01:61:6f:
         30:1c:ad:6d:2f:62:0e:ca:fd:a1:d5:2c:c2:50:3a:8a:04:32:
         01:88:74:16:75:3e:9c:25:a9:70:f8:d5:5c:87:dc:cd:a8:9e:
         5e:9a:61:a6:8a:77:ed:c2:1b:9c:f0:ef:1c:4f:00:21:89:10:
         c5:0e:ba:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJvwKSpgnynej92sSptmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmY5YjlhZTJmNjgwN2FlODMxN2NkMTc4OWIzYjU1NzRjMGRhOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFPYnNqjcBYKULTrouBUBOHMkaii
FjMO8n04vBxXddralCnG9Hu+U3KO5L3n1Q44VjW4DP0tVr388W9KF29Z4HfFQu3Q
+D7W4k8NMloxkpnjfP7xDpYNTv7/nG44WM6jQz8tsX6pe0uhBI4r6o82Kb3pkR5D
BJXGn6EYeQMBdSuC8osq1j83enah0bAZoTWsCyS13hDmRP6R0yNyQLfJoFLNiOWt
DPW3VPCgsxW08vFNfmbMOiib8owDsVy7JTjtW5Udk+f8TCKMWa32nGAWND4X98k7
ED7tqPIHdz5gdALHYMqwGMfB36eY3SW/ZnH5ZT/E94MiELEQroehF1/WmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOb5ua4vaAeugxfNF4mztVdMDak1MB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvNXZtNXJpOW9CNjZERjgwWGliTzFWMHdOcVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwvBjAN
BgkqhkiG9w0BAQsFAAOCAQEACQZxhD1z4ihdS5XAANIDvWnBir3GDfz/FrrYfXHA
6RyXnsxi7bkJyL3XCiXGF8w6Z7G0Vub08Tt2V3WtWvn5nAPnkLRmOi2Yz5aB6tpW
2qTL2jC+rke+f/UCOs8S4CWcy6OfTToqn4NnfGCExjCTJHoO1tfvLHB4oFUt1CEC
BZq39YRnX5D6T6kD1OD+XwZBWbMUBJ03A4FEos5cv1L+zwocrtssHsohJO+UCjnq
WKxm2vC7fo59CQgYZcsrVEIVO0MrAWFvMBytbS9iDsr9odUswlA6igQyAYh0FnU+
nCWpcPjVXIfczaieXpphpop37cIbnPDvHE8AIYkQxQ66kQ==
-----END CERTIFICATE-----