Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nKW2zwZz6vvH_FAbrFUAfXGOn8o.roa
File:                     nKW2zwZz6vvH_FAbrFUAfXGOn8o.roa (raw, json)
Hash identifier:          l77nfiOE4V4ciOEpkp+s7W9zcLHQbi9KyhlUes94y/Q=
Subject key identifier:   9C:A5:B6:CF:06:73:EA:FB:C7:FC:50:1B:AC:55:00:7D:71:8E:9F:CA
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018E603673AB39599A0CC115469069954F4D
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nKW2zwZz6vvH_FAbrFUAfXGOn8o.roa
Signing time:             Thu 21 Mar 2024 08:52:45 +0000
ROA not before:           Thu 21 Mar 2024 08:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0e:ccc4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:36:73:ab:39:59:9a:0c:c1:15:46:90:69:95:4f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Mar 21 08:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ca5b6cf0673eafbc7fc501bac55007d718e9fca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7b:2d:6c:ed:a0:f7:97:f0:b4:75:4e:3a:c5:
                    dd:71:17:5d:8d:44:09:a1:20:c0:48:cb:a9:9e:74:
                    d5:33:3f:6b:44:b9:a0:9d:a7:9a:1e:0e:8f:a5:66:
                    dd:62:be:1c:54:d1:7c:52:be:96:4b:cc:4a:45:b4:
                    9b:09:35:75:2f:40:f7:91:57:d5:c0:7f:a4:a0:9b:
                    93:2c:53:6e:df:6c:11:d0:d1:35:be:34:f4:ea:48:
                    52:8f:41:f6:c3:17:3a:a3:f8:e4:15:f1:cf:f6:c1:
                    26:f9:e8:23:73:38:3c:a9:46:2a:08:bb:8d:f8:71:
                    7c:e9:e0:0e:9f:ad:42:a8:34:1e:a6:40:ee:8e:85:
                    d9:a5:70:6f:ae:a1:62:bc:88:6d:d6:bd:a5:8e:b4:
                    4f:1e:3f:c8:c6:69:51:79:55:33:d2:7c:52:4c:c1:
                    dc:32:c9:f0:e2:1c:04:b2:77:9d:3b:21:6e:b8:ab:
                    aa:91:f9:a2:b3:59:46:06:90:79:38:0c:90:cc:9c:
                    31:55:bc:83:6a:15:9e:32:c2:1f:e5:e6:37:7e:30:
                    ca:6e:96:29:f4:43:34:5e:1c:25:ce:4d:76:65:c4:
                    35:4f:ea:4d:44:21:77:41:e9:41:5e:20:fc:a7:87:
                    d1:70:ea:91:c3:4a:88:ec:f8:9a:61:8d:81:e9:3d:
                    d0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A5:B6:CF:06:73:EA:FB:C7:FC:50:1B:AC:55:00:7D:71:8E:9F:CA
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/nKW2zwZz6vvH_FAbrFUAfXGOn8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:ccc4::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:ec:96:0d:e9:19:13:b7:97:29:1c:ef:e2:dd:99:d0:ae:ef:
         ed:f7:05:32:0f:6e:a9:9b:52:ff:7c:47:a0:87:b8:91:7d:53:
         2a:c9:ea:52:73:2d:25:da:16:5a:7a:e5:99:fe:75:2e:a3:f1:
         9b:25:79:b3:cf:fe:8d:df:41:84:78:41:48:f5:ad:eb:ad:da:
         1a:25:58:90:d1:e5:24:fc:c6:a5:29:61:6e:6f:7e:de:6c:a6:
         9f:77:7e:d8:3e:12:5d:25:22:62:80:b1:18:c0:ae:60:83:cb:
         95:02:91:69:96:50:d6:dd:06:b6:ac:dc:6e:37:ba:f9:4a:77:
         68:8d:8c:9d:3c:2f:70:80:c4:be:c8:ef:96:cd:1e:7e:98:24:
         cb:8a:f2:bd:29:02:5b:1e:11:25:35:9b:f7:0e:ed:30:2c:bc:
         8e:86:b7:2e:cc:03:54:8a:bc:d7:d7:f1:ad:59:6f:76:11:dd:
         c1:42:3b:3f:1d:63:20:57:4e:60:f2:8e:3c:2b:91:10:03:21:
         19:05:06:dd:de:43:32:9f:aa:50:77:18:12:3a:10:3c:07:01:
         3d:e8:a3:8e:28:d7:9d:ee:7d:8b:7b:a3:0c:31:8f:f1:0f:12:
         24:89:54:d9:f8:d6:b7:3e:7c:17:d2:3c:0d:32:ee:b6:ec:f8:
         3e:80:94:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5gNnOrOVmaDMEVRpBplU9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMzIxMDg1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E1YjZjZjA2NzNlYWZiYzdmYzUwMWJhYzU1MDA3ZDcxOGU5ZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHstbO2g95fwtHVOOsXdcRddjUQJ
oSDASMupnnTVMz9rRLmgnaeaHg6PpWbdYr4cVNF8Ur6WS8xKRbSbCTV1L0D3kVfV
wH+koJuTLFNu32wR0NE1vjT06khSj0H2wxc6o/jkFfHP9sEm+egjczg8qUYqCLuN
+HF86eAOn61CqDQepkDujoXZpXBvrqFivIht1r2ljrRPHj/IxmlReVUz0nxSTMHc
Msnw4hwEsnedOyFuuKuqkfmis1lGBpB5OAyQzJwxVbyDahWeMsIf5eY3fjDKbpYp
9EM0Xhwlzk12ZcQ1T+pNRCF3QelBXiD8p4fRcOqRw0qI7PiaYY2B6T3Q4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJylts8Gc+r7x/xQG6xVAH1xjp/KMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvbktXMnp3Wno2dnZIX0ZBYnJGVUFmWEdPbjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7MxDAN
BgkqhkiG9w0BAQsFAAOCAQEAleyWDekZE7eXKRzv4t2Z0K7v7fcFMg9uqZtS/3xH
oIe4kX1TKsnqUnMtJdoWWnrlmf51LqPxmyV5s8/+jd9BhHhBSPWt663aGiVYkNHl
JPzGpSlhbm9+3mymn3d+2D4SXSUiYoCxGMCuYIPLlQKRaZZQ1t0Gtqzcbje6+Up3
aI2MnTwvcIDEvsjvls0efpgky4ryvSkCWx4RJTWb9w7tMCy8joa3LswDVIq819fx
rVlvdhHdwUI7Px1jIFdOYPKOPCuREAMhGQUG3d5DMp+qUHcYEjoQPAcBPeijjijX
ne59i3ujDDGP8Q8SJIlU2fjWtz58F9I8DTLutuz4PoCUtA==
-----END CERTIFICATE-----