Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/rkAjSoRQYvHDBQwHMULLhg8pJxE.roa
File:                     rkAjSoRQYvHDBQwHMULLhg8pJxE.roa (raw, json)
Hash identifier:          McAHsriYAZ2050uQZUJSDML333trjc4+xfmEnyiqqeM=
Subject key identifier:   AE:40:23:4A:84:50:62:F1:C3:05:0C:07:31:42:CB:86:0F:29:27:11
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DEEDD2AE137270DE287548F74711
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/rkAjSoRQYvHDBQwHMULLhg8pJxE.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205610
IP address blocks:        2a0d:c7c7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:de:ed:d2:ae:13:72:70:de:28:75:48:f7:47:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae40234a845062f1c3050c073142cb860f292711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2a:7f:09:3b:b9:43:bf:c5:9e:ce:5a:12:90:
                    4c:7f:ea:5d:5b:c5:5f:92:45:3b:61:3a:a3:68:38:
                    ac:52:d4:4e:5c:e6:18:73:38:6a:71:c5:9d:76:d6:
                    73:07:51:23:1e:fc:aa:ec:a4:4c:0b:b9:0f:55:a2:
                    1d:e3:2e:5d:aa:e9:62:0d:a4:6f:16:1a:1a:3d:1d:
                    b7:d7:c5:2b:b2:33:ff:03:a3:6f:b1:56:8d:54:05:
                    66:a9:cb:5a:00:41:7e:f7:f4:68:40:a1:d2:68:68:
                    85:b0:3a:6e:6c:ee:cf:b4:0d:bf:32:5a:79:2a:8c:
                    82:08:1a:f7:d7:ea:3b:00:a0:ed:19:89:b8:9c:d7:
                    fe:08:50:32:b7:0a:e3:c7:31:03:57:d0:e1:8f:c0:
                    e9:7c:49:4c:e8:80:53:7f:40:19:c8:e1:2a:cb:ab:
                    92:b8:7e:22:d5:2c:db:c0:94:e4:9e:07:61:7f:30:
                    3a:28:c3:ff:ac:f4:44:2e:ec:fb:5a:a2:1b:b1:97:
                    e6:b5:55:69:20:ed:23:ef:5a:52:88:3b:1e:7f:4a:
                    53:15:fa:f4:89:23:fb:c7:36:8d:e0:d3:84:68:4b:
                    02:3c:9a:b8:c1:5e:bb:cc:65:6f:d9:f1:ac:d0:f2:
                    fa:ad:de:b9:f6:b9:c3:36:2c:54:3d:71:05:42:e6:
                    09:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:40:23:4A:84:50:62:F1:C3:05:0C:07:31:42:CB:86:0F:29:27:11
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/rkAjSoRQYvHDBQwHMULLhg8pJxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:c7c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:40:66:a2:1c:de:cd:43:35:72:3a:57:49:97:15:15:da:aa:
         8f:3c:d2:1e:b2:6a:84:d7:0f:ca:6c:7b:f0:6d:0e:94:73:c3:
         12:ce:21:5a:7a:da:a5:90:e4:f2:6d:a9:7d:a9:53:d3:07:28:
         1b:47:5d:ae:42:2c:6f:41:1f:a4:c0:b7:3f:b0:f8:31:ff:75:
         e0:86:78:73:e4:bb:d0:ae:e1:0c:f1:6b:1f:5c:7d:dd:31:f9:
         1e:65:99:af:23:41:ec:ac:33:92:2f:54:95:bd:75:e5:a6:99:
         43:98:bd:da:db:3e:39:ab:84:e2:e4:e7:36:8c:fd:3a:b2:74:
         bc:79:1e:e6:0d:48:61:88:3d:fb:cb:37:34:53:9e:a6:93:6d:
         c2:d6:5c:cf:a4:06:e6:ba:6f:4d:84:ab:6d:b2:1c:72:34:1f:
         94:58:7e:b1:4a:8d:f9:ed:64:4f:8c:f9:83:9b:53:ec:03:8b:
         dc:09:96:9d:18:3d:8d:2c:27:a4:05:3d:dd:06:ec:81:25:95:
         82:48:d8:22:18:7e:0b:8d:76:01:ba:3a:71:11:58:ec:1a:99:
         da:c9:45:31:b1:1f:da:a0:db:14:0a:de:82:05:10:cd:5e:53:
         7c:0a:3e:e5:ee:af:c4:20:1d:8f:ed:08:56:83:e9:84:22:0f:
         22:33:2c:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAd7t0q4TcnDeKHVI90cRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTQwMjM0YTg0NTA2MmYxYzMwNTBjMDczMTQyY2I4NjBmMjkyNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSp/CTu5Q7/Fns5aEpBMf+pdW8Vf
kkU7YTqjaDisUtROXOYYczhqccWddtZzB1EjHvyq7KRMC7kPVaId4y5dquliDaRv
FhoaPR2318UrsjP/A6NvsVaNVAVmqctaAEF+9/RoQKHSaGiFsDpubO7PtA2/Mlp5
KoyCCBr31+o7AKDtGYm4nNf+CFAytwrjxzEDV9Dhj8DpfElM6IBTf0AZyOEqy6uS
uH4i1SzbwJTkngdhfzA6KMP/rPRELuz7WqIbsZfmtVVpIO0j71pSiDsef0pTFfr0
iSP7xzaN4NOEaEsCPJq4wV67zGVv2fGs0PL6rd659rnDNixUPXEFQuYJEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK5AI0qEUGLxwwUMBzFCy4YPKScRMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvcmtBalNvUlFZdkhEQlF3SE1VTExoZzhwSnhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg3HxzAN
BgkqhkiG9w0BAQsFAAOCAQEAdkBmohzezUM1cjpXSZcVFdqqjzzSHrJqhNcPymx7
8G0OlHPDEs4hWnrapZDk8m2pfalT0wcoG0ddrkIsb0EfpMC3P7D4Mf914IZ4c+S7
0K7hDPFrH1x93TH5HmWZryNB7Kwzki9Ulb115aaZQ5i92ts+OauE4uTnNoz9OrJ0
vHke5g1IYYg9+8s3NFOeppNtwtZcz6QG5rpvTYSrbbIccjQflFh+sUqN+e1kT4z5
g5tT7AOL3AmWnRg9jSwnpAU93QbsgSWVgkjYIhh+C412Abo6cRFY7BqZ2slFMbEf
2qDbFAreggUQzV5TfAo+5e6vxCAdj+0IVoPphCIPIjMs3A==
-----END CERTIFICATE-----