Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/KlpD8rmkt8b71LHvJ2KQm4tMIRQ.roa
File:                     KlpD8rmkt8b71LHvJ2KQm4tMIRQ.roa (raw, json)
Hash identifier:          otYrkh4AoxGIwVcJrTTDNHKujkLZVkzJEfmpOINGEKA=
Subject key identifier:   2A:5A:43:F2:B9:A4:B7:C6:FB:D4:B1:EF:27:62:90:9B:8B:4C:21:14
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0192A755E58E072C807F1C327A510B22C3D0
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/KlpD8rmkt8b71LHvJ2KQm4tMIRQ.roa
Signing time:             Sun 20 Oct 2024 00:31:17 +0000
ROA not before:           Sun 20 Oct 2024 00:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59993
IP address blocks:        2a0d:2585::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a7:55:e5:8e:07:2c:80:7f:1c:32:7a:51:0b:22:c3:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Oct 20 00:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a5a43f2b9a4b7c6fbd4b1ef2762909b8b4c2114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a3:ac:82:de:a6:ed:62:4b:4c:e2:3f:9f:ba:
                    5e:f6:5f:ce:ae:a5:9b:f7:7b:1d:aa:ab:8b:2c:f0:
                    7b:f6:c2:17:54:a8:2d:c2:e9:92:2c:a3:73:0f:cb:
                    39:fb:ff:78:98:38:2f:be:d8:23:92:85:92:fe:bc:
                    1b:6b:48:29:f1:ce:9b:09:38:a9:ae:fe:55:3f:f6:
                    a7:f8:2e:b4:fa:8d:52:b8:7c:d9:d3:a4:0d:2c:2e:
                    94:76:8b:50:a7:1a:e7:10:a5:6a:28:c4:32:17:28:
                    d7:02:f2:ce:b4:5c:2c:ff:94:f9:75:9e:98:92:cb:
                    b6:44:48:61:36:36:25:d8:db:4d:0c:ce:d8:8e:29:
                    df:f7:dd:74:0f:a1:16:77:ac:5a:1a:99:d7:53:55:
                    c5:40:55:9d:11:16:23:d2:16:14:23:66:76:79:da:
                    f4:f9:04:a4:6e:d0:ed:69:70:b5:0a:c9:a4:c1:85:
                    8e:de:08:de:f9:fd:fb:72:ff:a9:db:db:f2:2f:53:
                    01:be:8f:55:66:bf:81:dc:61:b4:c8:cb:cf:26:71:
                    ca:65:f9:11:e1:57:6b:62:9d:e9:41:74:54:d0:26:
                    a0:be:10:ab:68:26:f6:e7:cc:7c:56:1e:c9:df:02:
                    e3:ae:27:66:b1:30:93:3d:4a:1d:d1:5e:99:31:dd:
                    df:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5A:43:F2:B9:A4:B7:C6:FB:D4:B1:EF:27:62:90:9B:8B:4C:21:14
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/KlpD8rmkt8b71LHvJ2KQm4tMIRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2585::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:d9:0d:8b:2c:57:49:8c:71:6b:2b:b9:16:d8:c6:db:0b:16:
         51:65:0f:3c:ae:d3:fa:08:a4:e3:0d:5f:4e:64:b9:35:86:3e:
         a3:54:f8:7b:95:63:78:55:e2:40:97:1e:af:eb:af:37:c4:3d:
         d3:fd:5f:5d:25:d7:6d:99:4f:f3:74:1f:27:2a:0c:67:65:2f:
         e1:cf:19:d5:a7:9f:dd:ed:e9:15:73:99:15:f0:67:33:77:6f:
         0f:c6:dc:9d:92:3f:74:99:99:1e:bb:f6:6d:ed:fc:88:ee:97:
         3d:10:6c:a2:5a:9e:7d:11:76:22:57:24:ce:5e:ac:6d:a4:c2:
         cc:1e:6c:6d:90:25:0d:cf:1e:99:ab:4e:f8:b8:a9:68:8b:8f:
         5e:11:fe:8d:b2:a7:8e:7e:e5:30:3c:aa:99:4a:59:2d:1a:ad:
         a2:34:a4:25:c7:9a:8e:28:a7:d5:b4:96:97:ad:1b:e8:73:eb:
         7d:d1:86:77:a8:44:67:10:1b:00:2e:db:05:ff:d5:15:1d:de:
         7c:20:6e:25:69:ee:40:b6:1d:68:b1:f4:64:a4:50:87:a8:69:
         9e:a9:f9:f6:33:76:0f:8f:b3:f0:ec:d6:2e:34:7c:7e:44:f8:
         db:93:56:ad:66:13:de:04:94:ff:25:2d:32:ad:4e:77:79:9e:
         0b:bf:f3:5b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKnVeWOByyAfxwyelELIsPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQxMDIwMDAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTVhNDNmMmI5YTRiN2M2ZmJkNGIxZWYyNzYyOTA5YjhiNGMyMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqOsgt6m7WJLTOI/n7pe9l/OrqWb
93sdqquLLPB79sIXVKgtwumSLKNzD8s5+/94mDgvvtgjkoWS/rwba0gp8c6bCTip
rv5VP/an+C60+o1SuHzZ06QNLC6UdotQpxrnEKVqKMQyFyjXAvLOtFws/5T5dZ6Y
ksu2REhhNjYl2NtNDM7Yjinf9910D6EWd6xaGpnXU1XFQFWdERYj0hYUI2Z2edr0
+QSkbtDtaXC1CsmkwYWO3gje+f37cv+p29vyL1MBvo9VZr+B3GG0yMvPJnHKZfkR
4VdrYp3pQXRU0CagvhCraCb258x8Vh7J3wLjridmsTCTPUod0V6ZMd3fDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCpaQ/K5pLfG+9Sx7ydikJuLTCEUMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvS2xwRDhybWt0OGI3MUxIdkoyS1FtNHRNSVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0lhTAN
BgkqhkiG9w0BAQsFAAOCAQEAB9kNiyxXSYxxayu5FtjG2wsWUWUPPK7T+gik4w1f
TmS5NYY+o1T4e5VjeFXiQJcer+uvN8Q90/1fXSXXbZlP83QfJyoMZ2Uv4c8Z1aef
3e3pFXOZFfBnM3dvD8bcnZI/dJmZHrv2be38iO6XPRBsolqefRF2Ilckzl6sbaTC
zB5sbZAlDc8ematO+LipaIuPXhH+jbKnjn7lMDyqmUpZLRqtojSkJceajiin1bSW
l60b6HPrfdGGd6hEZxAbAC7bBf/VFR3efCBuJWnuQLYdaLH0ZKRQh6hpnqn59jN2
D4+z8OzWLjR8fkT425NWrWYT3gSU/yUtMq1Od3meC7/zWw==
-----END CERTIFICATE-----