Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/5OX6R-At2h1_HT-N-6-tRGgw38c.roa
File:                     5OX6R-At2h1_HT-N-6-tRGgw38c.roa (raw, json)
Hash identifier:          YMbGkA2MZU4sQTUFLExdOlIIV0qWhf5p8d4pQ7wC0GI=
Subject key identifier:   E4:E5:FA:47:E0:2D:DA:1D:7F:1D:3F:8D:FB:AF:AD:44:68:30:DF:C7
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       018CC7933C2BE1FB9C283F9F0982E9CB5586
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/5OX6R-At2h1_HT-N-6-tRGgw38c.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44050
IP address blocks:        2a02:c6c1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3c:2b:e1:fb:9c:28:3f:9f:09:82:e9:cb:55:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4e5fa47e02dda1d7f1d3f8dfbafad446830dfc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0f:ca:1a:1b:bf:91:02:f5:25:27:24:d2:92:
                    d9:0b:d0:65:26:cf:1d:8e:ae:1a:81:af:91:4f:af:
                    ac:9f:b1:ea:89:19:34:fd:9c:2b:67:af:5b:8f:ca:
                    15:39:2c:57:f6:f2:69:71:e7:f8:82:35:7f:bf:e0:
                    ba:22:7e:56:81:0d:c1:c2:d5:db:eb:9f:2b:10:de:
                    22:1f:6f:af:34:aa:26:b3:a1:46:64:3b:14:fa:a0:
                    e4:83:f8:fa:4f:4c:6f:76:21:4c:a2:df:fe:c8:bf:
                    ee:2f:8d:8f:c5:84:8a:d8:9b:58:53:ee:a1:8d:8c:
                    64:a6:06:79:b8:16:04:a2:a2:77:d6:1f:71:2e:68:
                    bd:ee:57:fe:b9:00:c8:50:31:83:86:40:b4:d5:67:
                    cf:0e:7c:85:17:31:1d:c0:06:6d:2a:75:94:e0:4a:
                    03:3a:fc:fa:00:df:33:89:54:d1:87:91:3f:2a:29:
                    d5:10:7e:e1:ff:f3:5b:03:0a:ae:35:5b:ef:80:19:
                    da:d5:0b:d0:42:fa:7f:ad:43:dd:9c:be:cb:fb:7d:
                    8d:5a:f7:ef:b3:9f:b9:76:b3:e3:8d:0b:9e:e9:1e:
                    f4:78:bf:95:a3:44:86:fb:fb:f9:7c:ab:64:58:0b:
                    ab:37:88:d8:4a:93:fa:9c:88:f3:00:9e:29:30:9a:
                    b9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E5:FA:47:E0:2D:DA:1D:7F:1D:3F:8D:FB:AF:AD:44:68:30:DF:C7
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/5OX6R-At2h1_HT-N-6-tRGgw38c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c6c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         db:4d:14:40:d1:3e:9e:fa:e0:99:6a:d4:68:7a:f0:24:45:8e:
         8a:1a:1d:e4:8e:82:06:3c:ee:26:22:ca:d3:86:c8:ab:55:57:
         94:e9:5c:c5:24:86:d6:41:c9:49:ff:78:00:b2:42:09:24:23:
         7e:65:c3:30:e4:0e:38:68:4a:d6:00:f4:1e:9b:06:1f:38:bb:
         fa:65:65:06:95:a7:bd:f8:53:3c:14:fb:df:5d:b3:a3:07:45:
         af:26:97:74:bb:f7:61:2d:b6:da:c3:e9:a9:72:6f:07:85:57:
         6d:39:a8:70:ae:a9:2e:31:84:8f:9a:b3:f6:5d:e0:0d:51:5c:
         cc:fb:d7:3b:ff:bb:cd:4c:d6:fd:3e:9e:e8:30:3e:c5:ea:5b:
         cc:5b:84:e7:31:ed:07:0c:23:e3:06:d8:f8:26:45:d5:bf:20:
         93:b8:d8:02:85:d6:30:9a:5c:97:4c:b5:3a:24:eb:51:dc:e4:
         1e:54:32:7a:93:2f:d7:c4:8d:eb:a2:82:f0:3a:39:99:e1:d0:
         de:dc:1c:58:57:04:fa:c1:9b:34:76:00:2c:86:98:31:69:53:
         90:66:23:2e:93:02:4b:00:be:34:1b:45:25:14:c0:51:15:68:
         6a:02:94:49:1a:f3:7a:19:56:1d:26:12:a3:fc:39:d8:15:16:
         47:e1:2b:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHkzwr4fucKD+fCYLpy1WGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGU1ZmE0N2UwMmRkYTFkN2YxZDNmOGRmYmFmYWQ0NDY4MzBkZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmw/KGhu/kQL1JSck0pLZC9BlJs8d
jq4aga+RT6+sn7HqiRk0/ZwrZ69bj8oVOSxX9vJpcef4gjV/v+C6In5WgQ3BwtXb
658rEN4iH2+vNKoms6FGZDsU+qDkg/j6T0xvdiFMot/+yL/uL42PxYSK2JtYU+6h
jYxkpgZ5uBYEoqJ31h9xLmi97lf+uQDIUDGDhkC01WfPDnyFFzEdwAZtKnWU4EoD
Ovz6AN8ziVTRh5E/KinVEH7h//NbAwquNVvvgBna1QvQQvp/rUPdnL7L+32NWvfv
s5+5drPjjQue6R70eL+Vo0SG+/v5fKtkWAurN4jYSpP6nIjzAJ4pMJq51wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOTl+kfgLdodfx0/jfuvrURoMN/HMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvNU9YNlItQXQyaDFfSFQtTi02LXRSR2d3MzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLGwQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDbTRRA0T6e+uCZatRoevAkRY6KGh3kjoIGPO4m
IsrThsirVVeU6VzFJIbWQclJ/3gAskIJJCN+ZcMw5A44aErWAPQemwYfOLv6ZWUG
lae9+FM8FPvfXbOjB0WvJpd0u/dhLbbaw+mpcm8HhVdtOahwrqkuMYSPmrP2XeAN
UVzM+9c7/7vNTNb9Pp7oMD7F6lvMW4TnMe0HDCPjBtj4JkXVvyCTuNgChdYwmlyX
TLU6JOtR3OQeVDJ6ky/XxI3rooLwOjmZ4dDe3BxYVwT6wZs0dgAshpgxaVOQZiMu
kwJLAL40G0UlFMBRFWhqApRJGvN6GVYdJhKj/DnYFRZH4Sst
-----END CERTIFICATE-----