Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/b5cwtUAVF3v9w9-dLdIeVJT7usY.roa
File:                     b5cwtUAVF3v9w9-dLdIeVJT7usY.roa (raw, json)
Hash identifier:          7rZmCurzmVtozB4XH0vlEAzScD5W+dAZ99rmzOCfRp4=
Subject key identifier:   6F:97:30:B5:40:15:17:7B:FD:C3:DF:9D:2D:D2:1E:54:94:FB:BA:C6
Certificate issuer:       /CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
Certificate serial:       018F3D84966F474BAD8DF1C888FAC086F9B8
Authority key identifier: DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/b5cwtUAVF3v9w9-dLdIeVJT7usY.roa
Signing time:             Fri 03 May 2024 08:14:10 +0000
ROA not before:           Fri 03 May 2024 08:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210896
IP address blocks:        2a0c:d540:1111::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:84:96:6f:47:4b:ad:8d:f1:c8:88:fa:c0:86:f9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
        Validity
            Not Before: May  3 08:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f9730b54015177bfdc3df9d2dd21e5494fbbac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0f:8f:a9:5f:22:c9:3c:7f:2f:68:69:52:49:
                    f9:71:a5:b9:af:69:b6:f9:59:50:7d:ca:b2:f4:45:
                    24:e5:13:91:47:22:fc:ae:91:ce:ec:a1:13:82:ff:
                    a8:a3:9e:f3:20:6f:50:0a:dc:8a:cf:f2:b0:f2:e3:
                    81:03:fd:5c:8d:b6:b2:9f:98:f2:ff:52:2c:b4:09:
                    97:80:07:33:82:5c:1f:84:c7:98:cc:7a:8f:51:ab:
                    cf:64:1c:84:83:15:40:3f:a2:ec:33:1a:2a:74:a6:
                    15:fd:9d:84:9e:3a:be:ef:30:00:ea:df:da:9c:1d:
                    38:4f:6c:bc:b4:5c:56:af:38:d5:46:f0:65:5a:e3:
                    87:4e:12:83:12:32:f9:c5:7e:e2:c6:b6:d2:83:61:
                    34:a8:17:32:09:d2:f1:1f:ea:ec:87:96:2c:92:76:
                    47:cd:e2:a0:f2:45:bb:ee:00:a5:5a:72:13:6d:09:
                    1f:fd:c9:23:be:3c:9f:86:dd:08:6f:9a:25:6d:0b:
                    1b:82:d2:0f:1e:6e:18:09:f5:63:38:74:fa:1f:48:
                    db:2d:c9:8a:24:25:ec:46:b1:5f:47:d2:1a:bf:c1:
                    38:36:54:a0:8b:f6:98:a6:81:f7:5f:c5:b8:cd:0f:
                    5e:d9:53:55:e9:5d:d4:ac:5f:cb:52:af:26:b1:24:
                    2c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:97:30:B5:40:15:17:7B:FD:C3:DF:9D:2D:D2:1E:54:94:FB:BA:C6
            X509v3 Authority Key Identifier:
                keyid:DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/b5cwtUAVF3v9w9-dLdIeVJT7usY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d540:1111::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:7d:c4:b5:7c:45:a0:7a:52:14:89:0d:d4:a1:08:50:dd:3d:
         bf:5c:d3:81:b9:57:a1:3e:a1:df:f7:a5:7e:3e:be:79:7c:7e:
         92:66:87:cd:73:84:c0:71:69:f9:38:24:85:27:3a:89:95:e3:
         a6:f6:55:f5:44:fb:cd:c5:fc:20:b7:a3:0e:10:4e:21:f6:15:
         86:86:df:77:eb:ba:a2:48:74:e0:6f:61:56:b3:7d:ea:16:be:
         33:59:3f:93:9c:79:b2:d9:3a:6e:e0:51:1d:99:8b:d9:bb:98:
         ab:81:27:55:87:77:e0:13:47:23:74:b7:7b:50:72:a6:dd:e3:
         3f:1d:cd:37:f5:6e:d8:db:53:44:82:79:08:0e:37:82:3b:37:
         be:8f:7a:24:12:66:4e:94:95:8b:1a:7a:0e:91:bc:5b:9c:dc:
         4b:46:c4:88:98:7d:c3:50:19:1c:98:11:e2:a9:95:b9:76:6f:
         29:6b:1e:c0:7e:41:73:fd:a1:1f:d4:25:d8:b0:98:5b:e9:72:
         7f:d9:e8:68:ab:a1:c8:fd:04:d6:d2:53:59:a2:95:ae:ea:00:
         b6:42:60:26:9a:18:4c:2f:d6:5c:67:f2:77:e8:77:43:3f:ba:
         79:3b:3b:3b:3b:63:8e:7d:52:47:30:bf:c6:0d:f7:2b:95:75:
         ea:25:70:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY89hJZvR0utjfHIiPrAhvm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMmMxNWNmNzJmY2RiODU5NmI3YzY0ODliMTVhNmI3MjBj
MTRlYjUwHhcNMjQwNTAzMDgxNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjk3MzBiNTQwMTUxNzdiZmRjM2RmOWQyZGQyMWU1NDk0ZmJiYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQ+PqV8iyTx/L2hpUkn5caW5r2m2
+VlQfcqy9EUk5RORRyL8rpHO7KETgv+oo57zIG9QCtyKz/Kw8uOBA/1cjbayn5jy
/1IstAmXgAczglwfhMeYzHqPUavPZByEgxVAP6LsMxoqdKYV/Z2Enjq+7zAA6t/a
nB04T2y8tFxWrzjVRvBlWuOHThKDEjL5xX7ixrbSg2E0qBcyCdLxH+rsh5YsknZH
zeKg8kW77gClWnITbQkf/ckjvjyfht0Ib5olbQsbgtIPHm4YCfVjOHT6H0jbLcmK
JCXsRrFfR9Iav8E4NlSgi/aYpoH3X8W4zQ9e2VNV6V3UrF/LUq8msSQszQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG+XMLVAFRd7/cPfnS3SHlSU+7rGMB8GA1UdIwQY
MBaAFN8sFc9y/NuFlrfGSJsVprcgwU61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUt
ZjE4NTNkMTBlNjEwLzEvYjVjd3RVQVZGM3Y5dzktZExkSWVWSlQ3dXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUtZjE4NTNkMTBlNjEw
LzEvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgzVQBER
MA0GCSqGSIb3DQEBCwUAA4IBAQClfcS1fEWgelIUiQ3UoQhQ3T2/XNOBuVehPqHf
96V+Pr55fH6SZofNc4TAcWn5OCSFJzqJleOm9lX1RPvNxfwgt6MOEE4h9hWGht93
67qiSHTgb2FWs33qFr4zWT+TnHmy2Tpu4FEdmYvZu5irgSdVh3fgE0cjdLd7UHKm
3eM/Hc039W7Y21NEgnkIDjeCOze+j3okEmZOlJWLGnoOkbxbnNxLRsSImH3DUBkc
mBHiqZW5dm8pax7AfkFz/aEf1CXYsJhb6XJ/2ehoq6HI/QTW0lNZopWu6gC2QmAm
mhhML9ZcZ/J36HdDP7p5Ozs7O2OOfVJHML/GDfcrlXXqJXC4
-----END CERTIFICATE-----