Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/1-RkX5OHIqkZAwwZrfy_Yw5tGVHQ.roa
File:                     1-RkX5OHIqkZAwwZrfy_Yw5tGVHQ.roa (raw, json)
Hash identifier:          pB2d5UmDbwWH6TUlta/z+rvmCOY6D4LEyE166c9aZrs=
Subject key identifier:   F9:19:17:E4:E1:C8:AA:46:40:C3:06:6B:7F:2F:D8:C3:9B:46:54:74
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018CF5B04C1365AA0CC1ED2D3EB17966B5BD
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/1-RkX5OHIqkZAwwZrfy_Yw5tGVHQ.roa
Signing time:             Wed 10 Jan 2024 23:23:40 +0000
ROA not before:           Wed 10 Jan 2024 23:23:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52041
IP address blocks:        2a0e:4bc1::/32 maxlen: 32
                          2a0e:ccc1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:b0:4c:13:65:aa:0c:c1:ed:2d:3e:b1:79:66:b5:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan 10 23:23:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f91917e4e1c8aa4640c3066b7f2fd8c39b465474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:97:04:53:7d:ee:8c:bc:b8:97:5c:ab:6e:ee:
                    7b:48:ba:db:77:e6:89:c9:47:c0:2f:e3:7d:cf:2a:
                    47:48:32:2d:19:40:a4:5c:4e:a6:00:e4:64:7e:ff:
                    01:f5:5b:77:a5:4f:e3:f3:50:6a:be:7b:60:bb:5d:
                    48:53:6e:17:88:71:e5:ee:67:a2:0a:3d:b9:57:81:
                    0e:e7:4c:00:18:93:61:e2:3d:10:3d:b0:c9:97:cd:
                    2f:f2:84:17:61:aa:0c:03:b5:68:13:8b:1e:d1:14:
                    7e:2f:f1:84:64:da:0b:5b:eb:43:2b:22:7c:d4:bb:
                    45:3f:80:a3:6d:f5:6e:b4:11:07:48:23:56:fc:59:
                    db:7c:28:af:1c:c4:f5:24:5a:95:b5:68:95:a6:cb:
                    a5:95:dd:90:3b:9b:93:e4:ff:63:7b:ec:98:28:a1:
                    42:36:cd:93:85:b8:25:9d:36:2f:76:3d:04:cc:6e:
                    76:e3:9b:53:31:46:70:94:55:ca:3b:b3:f9:84:62:
                    16:24:c9:65:30:1b:aa:3f:92:6e:45:25:84:e4:f6:
                    31:8d:d9:42:e4:13:18:d7:c0:f0:6c:cb:cb:85:fd:
                    5f:a0:a8:4a:a6:f4:db:9e:6e:5c:b8:12:25:44:b0:
                    32:3b:53:99:22:ab:b8:d2:1c:45:40:88:43:a8:3b:
                    98:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:19:17:E4:E1:C8:AA:46:40:C3:06:6B:7F:2F:D8:C3:9B:46:54:74
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/1-RkX5OHIqkZAwwZrfy_Yw5tGVHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc1::/32
                  2a0e:ccc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:f3:07:6d:f3:27:83:aa:4c:73:f1:60:39:7d:cb:79:59:8a:
         50:f8:a5:e3:fb:79:21:83:6c:bd:82:c9:69:aa:f2:11:82:c2:
         fb:69:05:72:0d:d9:00:7a:80:ca:d3:dc:42:95:87:1c:25:25:
         c3:c7:f4:d2:dd:2d:5a:d0:b2:32:75:a6:6a:55:64:6c:0a:b5:
         cc:86:31:1b:37:01:de:06:a1:ef:d0:a4:30:c4:25:3e:b7:c7:
         a3:19:74:fa:30:08:d5:35:7b:e6:e0:14:0a:c2:01:e5:0d:46:
         c4:2e:c4:a1:d6:41:13:06:84:04:69:73:f6:ba:05:82:34:29:
         3d:5b:7d:c1:c6:de:da:cb:c9:af:65:5a:6e:ac:81:ae:a8:03:
         7d:b3:f2:a7:68:af:97:72:83:88:72:74:84:b9:28:e1:b6:bd:
         24:95:ff:e5:c4:31:3c:45:50:2c:26:63:19:cb:97:3b:ab:db:
         29:cb:7a:6f:59:2d:84:94:56:28:1a:ba:b2:8d:4b:2a:37:89:
         60:14:b8:3b:38:f3:c5:5e:53:62:d1:39:93:24:d8:7b:56:23:
         aa:b3:05:88:bf:b0:53:e4:5c:5f:59:95:87:4e:0a:ad:d1:77:
         be:3c:30:3c:73:c2:a7:32:82:8f:9b:e3:77:4e:bf:31:dd:e4:
         c9:50:e7:96
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYz1sEwTZaoMwe0tPrF5ZrW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTEwMjMyMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTE5MTdlNGUxYzhhYTQ2NDBjMzA2NmI3ZjJmZDhjMzliNDY1NDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5cEU33ujLy4l1yrbu57SLrbd+aJ
yUfAL+N9zypHSDItGUCkXE6mAORkfv8B9Vt3pU/j81Bqvntgu11IU24XiHHl7mei
Cj25V4EO50wAGJNh4j0QPbDJl80v8oQXYaoMA7VoE4se0RR+L/GEZNoLW+tDKyJ8
1LtFP4CjbfVutBEHSCNW/FnbfCivHMT1JFqVtWiVpsulld2QO5uT5P9je+yYKKFC
Ns2ThbglnTYvdj0EzG5245tTMUZwlFXKO7P5hGIWJMllMBuqP5JuRSWE5PYxjdlC
5BMY18DwbMvLhf1foKhKpvTbnm5cuBIlRLAyO1OZIqu40hxFQIhDqDuYJQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPkZF+ThyKpGQMMGa38v2MObRlR0MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvMS1Sa1g1T0hJcWtaQXd3WnJmeV9ZdzV0R1ZIUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODAvMzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMz
Yi8xL1hhT1VIQ2ZQNWNJMHhMOGlIc3NxVjVzdDZxcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAIwDgMFACoOS8ED
BQAqDszBMA0GCSqGSIb3DQEBCwUAA4IBAQAf8wdt8yeDqkxz8WA5fct5WYpQ+KXj
+3khg2y9gslpqvIRgsL7aQVyDdkAeoDK09xClYccJSXDx/TS3S1a0LIydaZqVWRs
CrXMhjEbNwHeBqHv0KQwxCU+t8ejGXT6MAjVNXvm4BQKwgHlDUbELsSh1kETBoQE
aXP2ugWCNCk9W33Bxt7ay8mvZVpurIGuqAN9s/KnaK+XcoOIcnSEuSjhtr0klf/l
xDE8RVAsJmMZy5c7q9spy3pvWS2ElFYoGrqyjUsqN4lgFLg7OPPFXlNi0TmTJNh7
ViOqswWIv7BT5FxfWZWHTgqt0Xe+PDA8c8KnMoKPm+N3Tr8x3eTJUOeW
-----END CERTIFICATE-----