Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5-u1Wy3zT9LdZ-_yCeSqFca10H8.roa
File:                     5-u1Wy3zT9LdZ-_yCeSqFca10H8.roa (raw, json)
Hash identifier:          o9IJD3P5op5PEPi0GYeI0w0z3pnGjbt0vgyjxP1xuPY=
Subject key identifier:   E7:EB:B5:5B:2D:F3:4F:D2:DD:67:EF:F2:09:E4:AA:15:C6:B5:D0:7F
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018E6C142C3411630D777FEB145267393407
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5-u1Wy3zT9LdZ-_yCeSqFca10H8.roa
Signing time:             Sat 23 Mar 2024 16:10:45 +0000
ROA not before:           Sat 23 Mar 2024 16:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0e:5384::/32 maxlen: 32
                          2a0e:8085::/32 maxlen: 32
                          2a0e:ccc6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6c:14:2c:34:11:63:0d:77:7f:eb:14:52:67:39:34:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Mar 23 16:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7ebb55b2df34fd2dd67eff209e4aa15c6b5d07f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8f:75:cf:4b:5f:a1:7e:e2:7c:3b:d5:1a:8e:
                    ff:82:a5:f1:a0:dc:14:42:e7:58:79:6b:28:c6:74:
                    91:f9:4c:d0:91:8e:0c:bb:49:e1:37:06:3c:83:a0:
                    f9:00:6b:60:b4:96:86:3d:f2:a6:15:d3:d0:9b:f4:
                    7a:eb:70:56:f4:91:6a:fe:f6:f6:6d:d2:e2:22:11:
                    b6:fc:b2:04:6e:fa:17:31:bd:09:f1:1b:9f:42:51:
                    54:fc:82:4e:15:98:f2:3b:ad:16:f2:1a:0f:7d:8e:
                    5a:50:94:cb:09:0f:78:e4:d1:d6:77:ea:41:e7:e2:
                    14:fa:ad:60:a3:2b:02:02:50:52:bc:a3:85:7e:f0:
                    70:90:1d:b9:97:21:13:16:6e:4e:10:d5:92:1f:23:
                    bb:1f:5a:19:2c:02:4e:f8:56:2e:50:bc:e2:0d:58:
                    2c:ea:09:43:53:d7:58:fa:37:9f:88:c8:6d:af:bc:
                    9f:4f:19:3a:df:10:7b:05:13:ce:43:6f:3f:c1:3a:
                    8e:30:f1:3f:6a:de:ed:c6:5f:a6:ee:ac:e2:8a:09:
                    3b:c2:e7:77:94:c4:41:24:3e:57:18:22:82:be:d2:
                    b7:d0:89:4b:c2:9a:48:72:05:cc:3d:73:60:54:46:
                    8f:9b:fb:1a:a6:a6:b8:a1:e4:7f:22:a1:77:ab:94:
                    b0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:EB:B5:5B:2D:F3:4F:D2:DD:67:EF:F2:09:E4:AA:15:C6:B5:D0:7F
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5-u1Wy3zT9LdZ-_yCeSqFca10H8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5384::/32
                  2a0e:8085::/32
                  2a0e:ccc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:98:f7:ed:23:ff:9b:f1:cf:3c:d3:ac:d9:e0:85:14:f9:a6:
         5a:53:8f:bd:ec:f4:e7:a4:92:d6:58:78:79:cc:26:c5:68:8d:
         df:24:62:11:64:9c:14:c5:95:85:a4:c2:ff:4f:41:d2:4b:2b:
         d6:e8:d8:90:c1:2e:12:f3:c2:c5:a2:ec:94:ec:d9:04:46:7e:
         bc:7f:d2:9d:bc:af:5c:01:52:7c:4d:d5:9c:f8:81:96:21:2e:
         1a:11:fb:c6:d4:41:53:28:bd:40:65:91:67:9d:ca:17:10:ea:
         ec:3b:08:4f:65:c9:67:d9:b1:3c:e7:9d:f7:fc:08:c3:82:32:
         20:58:02:e1:ee:07:8c:07:f2:43:37:37:2c:7a:29:12:70:5e:
         04:b7:ca:eb:1c:4c:39:61:67:a1:57:a5:69:9b:66:fd:5c:48:
         f3:58:60:0e:8b:e5:6b:a6:67:39:0d:6d:80:f7:4c:10:00:76:
         cb:97:dc:e3:ac:3f:6b:6c:b3:6a:29:03:39:a5:77:4d:83:1c:
         0c:21:64:55:cb:25:a0:3a:91:ea:a7:78:fa:22:23:6d:df:ed:
         17:1b:95:85:cf:be:07:e0:68:97:06:39:4e:cd:f6:d2:70:0e:
         8c:d1:5a:95:6b:95:42:07:3d:c3:62:e7:38:90:48:f2:b6:06:
         80:93:62:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5sFCw0EWMNd3/rFFJnOTQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMzIzMTYxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ViYjU1YjJkZjM0ZmQyZGQ2N2VmZjIwOWU0YWExNWM2YjVkMDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I91z0tfoX7ifDvVGo7/gqXxoNwU
QudYeWsoxnSR+UzQkY4Mu0nhNwY8g6D5AGtgtJaGPfKmFdPQm/R663BW9JFq/vb2
bdLiIhG2/LIEbvoXMb0J8RufQlFU/IJOFZjyO60W8hoPfY5aUJTLCQ945NHWd+pB
5+IU+q1goysCAlBSvKOFfvBwkB25lyETFm5OENWSHyO7H1oZLAJO+FYuULziDVgs
6glDU9dY+jefiMhtr7yfTxk63xB7BRPOQ28/wTqOMPE/at7txl+m7qziigk7wud3
lMRBJD5XGCKCvtK30IlLwppIcgXMPXNgVEaPm/sapqa4oeR/IqF3q5SwFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOfrtVst80/S3Wfv8gnkqhXGtdB/MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvNS11MVd5M3pUOUxkWi1feUNlU3FGY2ExMEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg5ThAMF
ACoOgIUDBQAqDszGMA0GCSqGSIb3DQEBCwUAA4IBAQAzmPftI/+b8c8806zZ4IUU
+aZaU4+97PTnpJLWWHh5zCbFaI3fJGIRZJwUxZWFpML/T0HSSyvW6NiQwS4S88LF
ouyU7NkERn68f9KdvK9cAVJ8TdWc+IGWIS4aEfvG1EFTKL1AZZFnncoXEOrsOwhP
Zcln2bE85533/AjDgjIgWALh7geMB/JDNzcseikScF4Et8rrHEw5YWehV6Vpm2b9
XEjzWGAOi+Vrpmc5DW2A90wQAHbLl9zjrD9rbLNqKQM5pXdNgxwMIWRVyyWgOpHq
p3j6IiNt3+0XG5WFz74H4GiXBjlOzfbScA6M0VqVa5VCBz3DYuc4kEjytgaAk2LA
-----END CERTIFICATE-----