Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/kukeNTj5tknRhc5wLvKdURuZK1U.roa
File:                     kukeNTj5tknRhc5wLvKdURuZK1U.roa (raw, json)
Hash identifier:          0afJ7ss3ef2BNlLya6D5sc7SDvuS3kKjsvE8LOlxRwU=
Subject key identifier:   92:E9:1E:35:38:F9:B6:49:D1:85:CE:70:2E:F2:9D:51:1B:99:2B:55
Certificate issuer:       /CN=e777bc8e3ec250ce85fb90913c2c49051043ebc5
Certificate serial:       018CC80181BEEFD3BA6F9D52421AC29BA9FF
Authority key identifier: E7:77:BC:8E:3E:C2:50:CE:85:FB:90:91:3C:2C:49:05:10:43:EB:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/kukeNTj5tknRhc5wLvKdURuZK1U.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35365
IP address blocks:        2a0c:6580:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:81:be:ef:d3:ba:6f:9d:52:42:1a:c2:9b:a9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e777bc8e3ec250ce85fb90913c2c49051043ebc5
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92e91e3538f9b649d185ce702ef29d511b992b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ae:3d:b1:98:2f:02:59:c5:ab:4d:0e:d9:32:
                    c0:5c:e2:86:f5:1a:1e:b9:aa:1b:f9:b1:e1:0c:1a:
                    a8:80:75:f4:b6:e5:eb:5f:b6:60:c5:9b:86:bc:f4:
                    4c:4e:1b:c6:85:6f:f2:3c:fe:6e:e2:a9:dc:08:60:
                    86:ed:a7:0a:de:35:8f:39:91:7c:dd:c1:b1:6a:f3:
                    0b:dd:50:ab:34:d0:c5:20:ad:4c:98:aa:11:a1:86:
                    cc:15:d7:6d:90:16:1d:4f:70:44:2c:1e:72:a1:a0:
                    f9:94:0b:8e:33:35:ad:2d:cd:3a:18:53:47:ff:29:
                    0d:65:ca:a2:17:cd:0b:49:50:3d:85:ae:c7:b6:03:
                    8f:b5:67:2e:0b:8c:56:4a:e6:15:fe:5b:67:42:0f:
                    c8:37:7c:74:ab:7c:b5:fd:17:cb:a0:cf:09:cc:7e:
                    67:ff:31:9e:e7:b8:a2:8b:52:38:b1:f0:6b:13:63:
                    b1:26:3a:5f:b1:71:67:d9:6b:1c:e7:e2:f4:07:ce:
                    8a:a2:82:b5:cb:cb:68:ac:bc:52:57:6c:0b:48:cc:
                    fd:5d:a1:9b:67:34:a7:8b:8d:09:9f:f9:9f:dd:87:
                    57:7f:01:b8:1f:aa:95:25:58:1c:d7:95:4f:24:15:
                    1f:fc:4b:32:57:31:0e:bc:f5:02:15:24:22:e2:08:
                    77:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E9:1E:35:38:F9:B6:49:D1:85:CE:70:2E:F2:9D:51:1B:99:2B:55
            X509v3 Authority Key Identifier:
                keyid:E7:77:BC:8E:3E:C2:50:CE:85:FB:90:91:3C:2C:49:05:10:43:EB:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/kukeNTj5tknRhc5wLvKdURuZK1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:6580:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:d2:c3:2c:30:76:28:a7:ae:18:17:f8:ef:28:b7:e8:e1:18:
         f2:00:21:0b:be:ed:ca:da:29:d9:b9:ff:55:2d:26:57:c0:76:
         0c:f3:70:c0:67:87:dc:29:11:d9:cd:53:75:96:72:3b:e0:51:
         e0:2c:30:d7:05:25:83:36:08:57:68:e3:6a:5f:af:aa:50:6f:
         34:7f:c8:bc:bc:7d:9f:3b:91:71:d1:b6:2d:52:34:b8:f9:c3:
         25:92:a6:f4:70:1a:fc:8d:6f:5b:bb:32:48:47:11:6c:74:97:
         ca:8e:52:41:77:4d:47:ba:7f:eb:33:8b:5b:46:c3:a6:48:7a:
         8d:df:36:ed:a3:d6:de:31:6e:6b:62:2e:cb:b5:2e:eb:9a:96:
         1e:9f:07:be:e8:6a:5e:06:d2:2f:0b:41:f2:4d:d5:c0:ed:8a:
         14:21:97:de:22:a9:82:b3:d5:94:41:90:e5:f7:90:46:f0:72:
         f8:32:65:dc:88:ae:57:2d:22:ad:25:ff:7b:7e:58:7e:22:b7:
         d0:80:9d:44:db:f7:2b:ba:a5:74:ad:01:8d:46:72:8c:0f:11:
         d7:3f:ac:33:7a:3b:bd:5d:7a:01:5e:77:db:fa:85:b6:2e:38:
         4d:51:94:d1:b1:e4:70:78:2d:60:47:aa:16:40:aa:b0:0c:53:
         dd:bf:ee:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYG+79O6b51SQhrCm6n/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NzdiYzhlM2VjMjUwY2U4NWZiOTA5MTNjMmM0OTA1MTA0
M2ViYzUwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU5MWUzNTM4ZjliNjQ5ZDE4NWNlNzAyZWYyOWQ1MTFiOTkyYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAja49sZgvAlnFq00O2TLAXOKG9Roe
uaob+bHhDBqogHX0tuXrX7ZgxZuGvPRMThvGhW/yPP5u4qncCGCG7acK3jWPOZF8
3cGxavML3VCrNNDFIK1MmKoRoYbMFddtkBYdT3BELB5yoaD5lAuOMzWtLc06GFNH
/ykNZcqiF80LSVA9ha7HtgOPtWcuC4xWSuYV/ltnQg/IN3x0q3y1/RfLoM8JzH5n
/zGe57iii1I4sfBrE2OxJjpfsXFn2Wsc5+L0B86KooK1y8torLxSV2wLSMz9XaGb
ZzSni40Jn/mf3YdXfwG4H6qVJVgc15VPJBUf/EsyVzEOvPUCFSQi4gh3bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJLpHjU4+bZJ0YXOcC7ynVEbmStVMB8GA1UdIwQY
MBaAFOd3vI4+wlDOhfuQkTwsSQUQQ+vFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTNlOGpqN0NVTTZGLTVDUlBDeEpCUkJENjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zMTljN2ItMjhjNi00OWEzLWFjMWIt
ZmFlMGU1ZDJlZWJmLzEva3VrZU5UajV0a25SaGM1d0x2S2RVUnVaSzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zMTljN2ItMjhjNi00OWEzLWFjMWItZmFlMGU1ZDJlZWJm
LzEvNTNlOGpqN0NVTTZGLTVDUlBDeEpCUkJENjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgxlgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCY0sMsMHYop64YF/jvKLfo4RjyACELvu3K2inZ
uf9VLSZXwHYM83DAZ4fcKRHZzVN1lnI74FHgLDDXBSWDNghXaONqX6+qUG80f8i8
vH2fO5Fx0bYtUjS4+cMlkqb0cBr8jW9buzJIRxFsdJfKjlJBd01Hun/rM4tbRsOm
SHqN3zbto9beMW5rYi7LtS7rmpYenwe+6GpeBtIvC0HyTdXA7YoUIZfeIqmCs9WU
QZDl95BG8HL4MmXciK5XLSKtJf97flh+IrfQgJ1E2/cruqV0rQGNRnKMDxHXP6wz
eju9XXoBXnfb+oW2LjhNUZTRseRweC1gR6oWQKqwDFPdv+48
-----END CERTIFICATE-----