Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/5VW7XiMymLBKQO0xQhn2gnci04c.roa
File:                     5VW7XiMymLBKQO0xQhn2gnci04c.roa (raw, json)
Hash identifier:          PBaFW72y1rzcA5nhOAjwHc2xyOzOEzoI6tRyds6ECmg=
Subject key identifier:   E5:55:BB:5E:23:32:98:B0:4A:40:ED:31:42:19:F6:82:77:22:D3:87
Certificate issuer:       /CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
Certificate serial:       018CCA2A57AEEA1D3764CC31771CE1E04DA1
Authority key identifier: 2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/5VW7XiMymLBKQO0xQhn2gnci04c.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        2a13:6fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:ae:ea:1d:37:64:cc:31:77:1c:e1:e0:4d:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e555bb5e233298b04a40ed314219f6827722d387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5a:52:f4:36:35:76:48:f2:90:25:51:2e:0d:
                    d7:a9:73:a0:f4:32:4b:20:6f:9a:6f:6a:fa:ee:09:
                    21:64:98:65:c7:ec:f4:c1:98:3d:65:b5:39:31:dc:
                    17:a0:01:26:a3:9c:50:03:d3:da:0d:a4:28:a4:e6:
                    b0:05:4e:f4:2e:b2:d5:58:44:45:97:65:80:ed:bc:
                    ac:5b:af:6c:3b:d0:48:23:ce:27:af:44:8b:77:58:
                    ad:c0:17:3d:91:b6:46:49:86:d9:66:26:ba:e7:9d:
                    b5:1b:8f:20:d8:c7:55:c9:35:1e:c6:0a:f3:d3:8b:
                    6a:41:0f:09:58:24:d2:ae:7f:ed:11:98:b6:f0:72:
                    c2:69:e1:dd:e8:45:d8:77:87:a8:cc:cf:f6:6c:14:
                    b0:4b:a0:c2:f7:b0:43:d6:be:dc:d2:6e:29:cb:9d:
                    d2:e5:54:39:d0:72:42:85:1e:fb:e1:4d:95:c5:a8:
                    6d:c6:65:0a:f2:12:39:53:2b:a1:8e:a2:fa:de:ac:
                    00:08:e0:12:3e:80:4b:48:45:4a:ac:1c:04:e2:b2:
                    b9:e8:b0:17:c4:95:3b:c2:87:db:c8:00:47:d4:a1:
                    f6:af:14:a6:b7:b2:80:98:07:9f:55:aa:0c:71:ec:
                    d0:ed:f1:ca:8a:ed:09:41:d7:4c:a7:88:6b:a7:de:
                    82:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:55:BB:5E:23:32:98:B0:4A:40:ED:31:42:19:F6:82:77:22:D3:87
            X509v3 Authority Key Identifier:
                keyid:2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/5VW7XiMymLBKQO0xQhn2gnci04c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:3c:35:62:94:86:ac:bc:58:df:24:ac:9b:e2:38:82:8f:61:
         87:e4:3e:5d:3e:26:01:f9:df:75:59:5c:1d:9e:d8:a2:86:be:
         ab:cc:39:44:e4:49:c2:10:57:d2:dc:97:ac:b8:ca:b2:63:54:
         46:a8:98:71:c2:a5:d6:63:2b:a0:f0:e9:76:0e:9b:c0:14:e9:
         09:2f:8d:b3:de:2f:9b:19:2b:3e:a4:0b:9e:45:38:3e:b5:b8:
         d1:78:39:10:9f:79:2f:ab:15:ee:9a:d9:e7:57:b8:2d:04:0c:
         a5:c5:96:ac:55:34:a5:74:56:a5:1c:cd:0c:b7:b3:e8:37:66:
         1f:a2:00:29:1f:ae:d2:74:dc:9a:4b:a7:51:6f:26:6b:43:ac:
         a5:f1:56:b0:8c:8a:38:87:45:ac:b1:86:b7:77:40:77:47:f8:
         3a:ba:6d:77:88:f2:db:34:07:dc:ec:06:fc:33:c9:50:21:2c:
         86:0a:c6:a5:6f:c5:ab:67:9f:6e:bf:83:82:62:77:45:73:ef:
         97:a3:cc:86:5f:8c:d8:f7:d2:cd:9d:a5:2c:3b:b5:73:90:ac:
         23:2a:f0:f6:ef:64:88:e5:92:fb:f9:2a:a2:14:0f:57:cd:26:
         71:dc:22:1e:1e:1d:a3:51:fd:23:38:a9:4c:e8:a8:62:26:46:
         17:14:39:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKleu6h03ZMwxdxzh4E2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQxNDJiNWI2YTUyOThkNmI4ZmE1ODQ1ZjI5ODc4Y2Zl
YmJjNTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTU1YmI1ZTIzMzI5OGIwNGE0MGVkMzE0MjE5ZjY4Mjc3MjJkMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVpS9DY1dkjykCVRLg3XqXOg9DJL
IG+ab2r67gkhZJhlx+z0wZg9ZbU5MdwXoAEmo5xQA9PaDaQopOawBU70LrLVWERF
l2WA7bysW69sO9BII84nr0SLd1itwBc9kbZGSYbZZia65521G48g2MdVyTUexgrz
04tqQQ8JWCTSrn/tEZi28HLCaeHd6EXYd4eozM/2bBSwS6DC97BD1r7c0m4py53S
5VQ50HJChR774U2VxahtxmUK8hI5UyuhjqL63qwACOASPoBLSEVKrBwE4rK56LAX
xJU7wofbyABH1KH2rxSmt7KAmAefVaoMcezQ7fHKiu0JQddMp4hrp96CMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOVVu14jMpiwSkDtMUIZ9oJ3ItOHMB8GA1UdIwQY
MBaAFCttFCtbalKY1rj6WEXymHjP67xUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUt
OGJlZmVlNDllZDRkLzEvNVZXN1hpTXltTEJLUU8weFFobjJnbmNpMDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUtOGJlZmVlNDllZDRk
LzEvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNvwDAN
BgkqhkiG9w0BAQsFAAOCAQEAKDw1YpSGrLxY3ySsm+I4go9hh+Q+XT4mAfnfdVlc
HZ7Yooa+q8w5RORJwhBX0tyXrLjKsmNURqiYccKl1mMroPDpdg6bwBTpCS+Ns94v
mxkrPqQLnkU4PrW40Xg5EJ95L6sV7prZ51e4LQQMpcWWrFU0pXRWpRzNDLez6Ddm
H6IAKR+u0nTcmkunUW8ma0OspfFWsIyKOIdFrLGGt3dAd0f4Orptd4jy2zQH3OwG
/DPJUCEshgrGpW/Fq2efbr+DgmJ3RXPvl6PMhl+M2PfSzZ2lLDu1c5CsIyrw9u9k
iOWS+/kqohQPV80mcdwiHh4do1H9IzipTOioYiZGFxQ5yw==
-----END CERTIFICATE-----