Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/sG5v3QToSp4e6XnTi96eY71JJ3w.roa
File:                     sG5v3QToSp4e6XnTi96eY71JJ3w.roa (raw, json)
Hash identifier:          y6AOaSElGSQwdz9WmjRsS6sHegRkYmIno38BxRv4rgc=
Subject key identifier:   B0:6E:6F:DD:04:E8:4A:9E:1E:E9:79:D3:8B:DE:9E:63:BD:49:27:7C
Certificate issuer:       /CN=5c32a925c55f1d4e6e40c10f4e8e019b483c1d50
Certificate serial:       0190B3363BC8492A048125F50EE78BD8B97B
Authority key identifier: 5C:32:A9:25:C5:5F:1D:4E:6E:40:C1:0F:4E:8E:01:9B:48:3C:1D:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/sG5v3QToSp4e6XnTi96eY71JJ3w.roa
Signing time:             Sun 14 Jul 2024 21:46:34 +0000
ROA not before:           Sun 14 Jul 2024 21:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        2a0c:1141::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b3:36:3b:c8:49:2a:04:81:25:f5:0e:e7:8b:d8:b9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c32a925c55f1d4e6e40c10f4e8e019b483c1d50
        Validity
            Not Before: Jul 14 21:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b06e6fdd04e84a9e1ee979d38bde9e63bd49277c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ff:ba:30:44:55:bf:ad:eb:ce:ed:ef:f4:c8:
                    0c:5a:d7:e6:c9:c7:7e:a4:3c:eb:4a:3e:9c:cd:9a:
                    5e:f1:3e:a2:93:c6:04:cd:d6:c9:98:2d:0f:c2:d9:
                    7b:86:1f:a4:08:6e:e7:2d:8d:70:73:62:4a:4f:5f:
                    c8:ee:8d:a1:52:a3:e3:4b:8f:2a:08:e2:41:a3:bf:
                    ab:8c:41:84:11:9d:05:f1:97:2d:74:86:13:55:08:
                    08:db:05:c7:34:31:fc:04:3d:d0:24:76:56:06:85:
                    e3:74:01:7c:99:de:ed:03:d6:80:15:55:6a:a3:37:
                    a0:80:1c:9d:d0:99:e9:1e:ab:23:10:c2:6a:28:96:
                    20:0a:af:f4:7b:54:c4:03:03:7c:96:07:d2:9d:02:
                    75:b0:26:93:c4:23:fd:24:07:b8:32:7c:0f:21:37:
                    c4:69:e8:ae:3b:84:ab:73:10:78:6c:5c:90:d5:ac:
                    87:4f:48:1e:4b:65:9f:20:e3:13:70:61:6b:86:b8:
                    f6:57:7b:5f:94:30:c3:df:54:fb:3c:83:6b:52:bb:
                    67:24:7e:09:0b:8e:7a:7d:c4:e7:60:1b:16:82:64:
                    86:d7:c4:59:45:af:21:4b:91:67:a8:87:ff:4c:da:
                    e8:02:0d:2f:af:07:e0:43:c1:e3:1a:24:47:1e:79:
                    7b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:6E:6F:DD:04:E8:4A:9E:1E:E9:79:D3:8B:DE:9E:63:BD:49:27:7C
            X509v3 Authority Key Identifier:
                keyid:5C:32:A9:25:C5:5F:1D:4E:6E:40:C1:0F:4E:8E:01:9B:48:3C:1D:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/sG5v3QToSp4e6XnTi96eY71JJ3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:1141::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:0e:38:e7:ca:c1:95:c0:9c:fe:73:ef:e4:10:72:94:16:75:
         2b:89:e0:7e:71:95:73:0a:fb:ef:87:93:1a:2d:19:2d:36:bf:
         fb:0a:d2:c2:4e:1b:98:36:df:30:18:bb:23:63:b5:40:68:af:
         b7:19:5d:62:a9:58:5b:bf:eb:a6:57:61:6a:68:23:52:e9:93:
         0b:27:e6:2b:b0:b8:28:c5:cf:36:d1:ee:10:22:bf:b4:cd:da:
         50:4a:b3:e2:58:28:da:0a:68:7e:9f:67:b4:a1:16:cb:21:a8:
         32:a5:d4:c3:27:08:2e:8a:61:ee:d8:79:d7:c6:ea:51:4c:91:
         95:dd:4b:45:6a:a8:ad:05:ba:b3:fa:c9:13:a6:61:d1:ea:6c:
         df:91:b7:56:53:3d:86:35:f7:17:67:58:86:d7:c7:51:b2:42:
         bf:bf:e1:18:b3:61:19:24:e3:6c:ae:2a:6e:d2:3a:ef:2b:cf:
         b5:91:de:51:7e:ef:fe:f0:fa:49:99:8c:1d:ad:6d:bd:f5:3d:
         ce:14:fc:40:76:3e:e1:ae:63:84:08:57:7c:92:ac:fe:58:62:
         59:83:08:83:36:00:9b:64:a8:a4:b7:57:ab:e8:a9:fc:43:3f:
         8c:fe:67:dc:4a:f5:12:15:46:cb:38:33:9b:9c:91:47:05:44:
         ba:61:86:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCzNjvISSoEgSX1DueL2Ll7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMzJhOTI1YzU1ZjFkNGU2ZTQwYzEwZjRlOGUwMTliNDgz
YzFkNTAwHhcNMjQwNzE0MjE0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDZlNmZkZDA0ZTg0YTllMWVlOTc5ZDM4YmRlOWU2M2JkNDkyNzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf+6MERVv63rzu3v9MgMWtfmycd+
pDzrSj6czZpe8T6ik8YEzdbJmC0Pwtl7hh+kCG7nLY1wc2JKT1/I7o2hUqPjS48q
COJBo7+rjEGEEZ0F8ZctdIYTVQgI2wXHNDH8BD3QJHZWBoXjdAF8md7tA9aAFVVq
ozeggByd0JnpHqsjEMJqKJYgCq/0e1TEAwN8lgfSnQJ1sCaTxCP9JAe4MnwPITfE
aeiuO4SrcxB4bFyQ1ayHT0geS2WfIOMTcGFrhrj2V3tflDDD31T7PINrUrtnJH4J
C456fcTnYBsWgmSG18RZRa8hS5FnqIf/TNroAg0vrwfgQ8HjGiRHHnl7HwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLBub90E6EqeHul504venmO9SSd8MB8GA1UdIwQY
MBaAFFwyqSXFXx1ObkDBD06OAZtIPB1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERLcEpjVmZIVTV1UU1FUFRvNEJtMGc4SFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kM2M4ZjctZmY4ZC00MmI4LWE3NjIt
NDUzNzc0MThmYmIyLzEvc0c1djNRVG9TcDRlNlhuVGk5NmVZNzFKSjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kM2M4ZjctZmY4ZC00MmI4LWE3NjItNDUzNzc0MThmYmIy
LzEvWERLcEpjVmZIVTV1UU1FUFRvNEJtMGc4SFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwRQTAN
BgkqhkiG9w0BAQsFAAOCAQEApA4458rBlcCc/nPv5BBylBZ1K4ngfnGVcwr774eT
Gi0ZLTa/+wrSwk4bmDbfMBi7I2O1QGivtxldYqlYW7/rpldhamgjUumTCyfmK7C4
KMXPNtHuECK/tM3aUEqz4lgo2gpofp9ntKEWyyGoMqXUwycILoph7th518bqUUyR
ld1LRWqorQW6s/rJE6Zh0eps35G3VlM9hjX3F2dYhtfHUbJCv7/hGLNhGSTjbK4q
btI67yvPtZHeUX7v/vD6SZmMHa1tvfU9zhT8QHY+4a5jhAhXfJKs/lhiWYMIgzYA
m2SopLdXq+ip/EM/jP5n3Er1EhVGyzgzm5yRRwVEumGGkA==
-----END CERTIFICATE-----