Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/XJ8zYy2FdJD5fNl45gFAkXw7bs8.roa
File:                     XJ8zYy2FdJD5fNl45gFAkXw7bs8.roa (raw, json)
Hash identifier:          hzGK8yRmoTHGE1CP6Rx8EJUJDB+/Ns8tOiZnhjk2ztk=
Subject key identifier:   5C:9F:33:63:2D:85:74:90:F9:7C:D9:78:E6:01:40:91:7C:3B:6E:CF
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       018CC4923D40A4BC42F0306503A9664EB1DB
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/XJ8zYy2FdJD5fNl45gFAkXw7bs8.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209527
IP address blocks:        2a0c:d041::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3d:40:a4:bc:42:f0:30:65:03:a9:66:4e:b1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c9f33632d857490f97cd978e60140917c3b6ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3d:f4:27:0b:b1:be:c5:cb:fa:5d:c6:b0:e8:
                    6e:01:9e:c6:e2:13:68:c1:5e:06:ef:a3:99:5f:7f:
                    44:5f:00:3c:32:e8:88:13:e1:a9:a7:00:5c:8e:f7:
                    82:7b:c0:87:cd:92:9c:a8:6e:0f:f2:57:6c:d9:e9:
                    3b:02:84:8d:ab:bf:86:45:33:a0:a9:0a:f9:b6:85:
                    1f:28:6a:b8:8c:8e:ae:8e:d7:3f:54:9f:5f:83:fd:
                    04:55:32:25:8a:c7:83:a3:29:c4:78:6f:2b:53:aa:
                    3e:fe:8a:43:d1:66:86:95:6b:2e:e4:39:e2:62:60:
                    75:65:be:69:39:54:40:8b:75:f2:be:0d:30:cb:53:
                    7e:fd:91:37:c1:0b:30:87:88:a5:5a:b2:4a:5e:a3:
                    16:e8:0b:54:e8:b0:4c:8f:e9:a0:6c:cf:7d:e0:23:
                    71:ef:6c:8e:e0:b8:a3:02:fa:30:a6:ed:cf:b1:07:
                    18:b5:c4:a8:4d:8a:e5:66:d9:f9:f8:57:f2:2a:d6:
                    e1:b1:2d:88:c7:e2:9f:29:62:56:da:d8:eb:d5:25:
                    b2:0f:80:05:fb:a1:88:25:5b:af:e4:16:1a:f9:7b:
                    de:ef:0c:09:6d:2c:7d:aa:f1:98:b2:d7:aa:0a:a8:
                    b5:ff:5e:af:86:be:59:55:76:22:c7:bc:c4:b3:66:
                    fc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:9F:33:63:2D:85:74:90:F9:7C:D9:78:E6:01:40:91:7C:3B:6E:CF
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/XJ8zYy2FdJD5fNl45gFAkXw7bs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d041::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:65:33:ea:37:29:98:e3:3e:86:0a:8b:cb:e1:2e:26:9d:bf:
         5d:b0:b2:40:f6:ea:32:f8:06:7d:d7:b9:56:3f:36:d1:8e:ad:
         e2:e6:d8:da:21:03:36:22:26:89:31:2c:44:53:80:c6:b9:5a:
         8d:bc:41:70:59:c4:57:90:9d:1a:76:2a:68:69:26:48:5a:34:
         74:68:14:5d:e8:17:66:11:83:4a:2d:e7:24:df:0a:27:93:33:
         f1:53:33:60:fc:87:08:46:dc:a8:26:3d:9a:7c:4c:33:0e:99:
         6b:a2:9d:29:dd:98:6a:1e:49:9b:db:a3:ce:50:8c:b3:17:84:
         2c:03:de:4d:72:fe:69:46:b4:e4:d3:50:8e:fc:8a:06:d5:0d:
         c5:e5:fb:bb:ae:ac:03:fc:70:63:f2:50:15:df:7a:de:df:7c:
         04:9f:20:ae:90:37:f9:53:3e:b1:12:53:6b:58:85:43:22:0c:
         4d:64:95:fe:9d:14:83:d5:a3:b3:b5:a6:42:0f:06:10:e5:ae:
         cf:e9:89:f8:5d:4c:4a:9c:dc:9d:6a:15:a5:07:0f:0d:1e:88:
         24:e0:03:c7:a8:74:99:f0:f9:33:15:a9:72:e4:0c:b0:68:cf:
         98:9e:fa:c5:26:2f:97:05:b5:8c:13:7d:a2:f9:b3:97:94:59:
         fc:be:f3:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkj1ApLxC8DBlA6lmTrHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzlmMzM2MzJkODU3NDkwZjk3Y2Q5NzhlNjAxNDA5MTdjM2I2ZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2T30JwuxvsXL+l3GsOhuAZ7G4hNo
wV4G76OZX39EXwA8MuiIE+GppwBcjveCe8CHzZKcqG4P8lds2ek7AoSNq7+GRTOg
qQr5toUfKGq4jI6ujtc/VJ9fg/0EVTIliseDoynEeG8rU6o+/opD0WaGlWsu5Dni
YmB1Zb5pOVRAi3Xyvg0wy1N+/ZE3wQswh4ilWrJKXqMW6AtU6LBMj+mgbM994CNx
72yO4LijAvowpu3PsQcYtcSoTYrlZtn5+FfyKtbhsS2Ix+KfKWJW2tjr1SWyD4AF
+6GIJVuv5BYa+Xve7wwJbSx9qvGYsteqCqi1/16vhr5ZVXYix7zEs2b8XQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFyfM2MthXSQ+XzZeOYBQJF8O27PMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvWEo4ell5MkZkSkQ1Zk5sNDVnRkFrWHc3YnM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgzQQTAN
BgkqhkiG9w0BAQsFAAOCAQEAnmUz6jcpmOM+hgqLy+EuJp2/XbCyQPbqMvgGfde5
Vj820Y6t4ubY2iEDNiImiTEsRFOAxrlajbxBcFnEV5CdGnYqaGkmSFo0dGgUXegX
ZhGDSi3nJN8KJ5Mz8VMzYPyHCEbcqCY9mnxMMw6Za6KdKd2Yah5Jm9ujzlCMsxeE
LAPeTXL+aUa05NNQjvyKBtUNxeX7u66sA/xwY/JQFd963t98BJ8grpA3+VM+sRJT
a1iFQyIMTWSV/p0Ug9Wjs7WmQg8GEOWuz+mJ+F1MSpzcnWoVpQcPDR6IJOADx6h0
mfD5MxWpcuQMsGjPmJ76xSYvlwW1jBN9ovmzl5RZ/L7zJw==
-----END CERTIFICATE-----