Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/LkKGmjIrQHVyfVZaU0Bemwd2jAc.roa
File:                     LkKGmjIrQHVyfVZaU0Bemwd2jAc.roa (raw, json)
Hash identifier:          wPAxzITYVqc1DXs1jR9MTjj6YbVHQUXtWS/Ru/2oBuQ=
Subject key identifier:   2E:42:86:9A:32:2B:40:75:72:7D:56:5A:53:40:5E:9B:07:76:8C:07
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC7565326891C990CE8BE79E66F4FE
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/LkKGmjIrQHVyfVZaU0Bemwd2jAc.roa
Signing time:             Tue 02 Jan 2024 10:33:40 +0000
ROA not before:           Tue 02 Jan 2024 10:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213273
IP address blocks:        2a0d:f407:1006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:75:65:32:68:91:c9:90:ce:8b:e7:9e:66:f4:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e42869a322b4075727d565a53405e9b07768c07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:57:b2:d0:7f:5d:8f:ea:bb:f2:2c:ba:fa:44:
                    d3:15:37:50:ac:30:f3:79:c8:1a:7b:ce:fb:37:0f:
                    66:f0:c6:61:35:bb:3c:13:b8:8b:fa:bf:a4:b4:06:
                    b1:6a:c5:b6:f4:b6:7a:1d:e0:7d:dc:41:9b:d5:41:
                    d0:13:6a:22:60:31:12:51:da:47:23:21:d3:8f:49:
                    76:64:b7:31:33:d2:04:75:82:e7:ff:fb:f3:da:e2:
                    1a:6b:24:c6:21:5e:aa:e6:3d:7d:74:d0:f3:20:68:
                    5b:b7:4a:c3:e8:a5:74:54:88:02:d7:a3:ec:6e:d0:
                    55:83:14:db:0a:38:21:22:e4:48:f2:d8:80:3f:9f:
                    d5:5f:94:6e:a0:b6:1f:ae:e3:3e:b3:39:17:22:26:
                    c0:8c:38:91:6b:0b:f9:fe:e4:b0:77:a1:4e:15:2c:
                    73:97:9b:27:3d:c7:eb:eb:90:14:cf:98:47:6e:a6:
                    fd:ad:d5:d1:e4:5a:db:db:d9:74:db:fa:72:d7:13:
                    25:8f:65:08:06:f7:06:e6:10:b6:56:ab:81:4a:56:
                    a0:67:2b:8c:f1:cb:01:a0:af:0f:81:f7:83:3a:4b:
                    b6:22:5a:28:18:c7:7d:5a:71:03:da:16:ac:c8:cc:
                    3f:55:5a:8f:02:84:44:97:16:57:e2:52:99:41:0d:
                    34:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:42:86:9A:32:2B:40:75:72:7D:56:5A:53:40:5E:9B:07:76:8C:07
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/LkKGmjIrQHVyfVZaU0Bemwd2jAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1006::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:4a:fb:f4:be:e4:1c:51:40:1a:53:b1:fb:73:55:93:ae:22:
         12:5d:11:24:10:88:37:c6:4d:39:28:32:a7:09:4b:af:98:d1:
         4d:f9:b8:67:b2:a6:d5:8e:3e:aa:7b:09:11:18:23:f9:0f:27:
         15:e9:72:26:da:82:bb:83:98:79:52:c4:bb:d2:30:02:f9:7c:
         a9:09:24:e4:e3:80:ae:6b:1c:8d:f4:5a:2d:b3:f7:78:42:11:
         a3:4c:90:91:24:4e:3d:41:46:a3:04:82:57:f9:11:f0:d1:51:
         25:c1:23:ab:54:65:2e:2e:a7:64:49:7d:03:20:60:68:d5:7e:
         59:aa:9a:04:63:7e:1a:2d:29:b4:9e:68:33:06:1e:fb:54:58:
         1c:7c:92:33:9a:91:91:00:84:04:50:65:7d:0b:96:06:c4:73:
         b8:89:15:05:34:af:0c:f9:bd:1a:4f:fd:5f:c3:68:9c:c0:f1:
         56:2c:89:54:79:e6:18:96:ff:97:9b:cf:30:bb:26:c4:c9:79:
         f6:4b:2a:0f:92:d1:b4:64:53:21:af:2f:a0:06:97:87:43:64:
         1a:ff:9d:ec:56:10:47:3b:cb:d0:4e:39:0a:1a:72:fc:41:08:
         ea:26:a2:03:c3:bf:a4:86:ce:97:40:7d:f4:9f:3d:66:2f:83:
         27:12:84:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvHVlMmiRyZDOi+eeZvT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQyODY5YTMyMmI0MDc1NzI3ZDU2NWE1MzQwNWU5YjA3NzY4YzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVey0H9dj+q78iy6+kTTFTdQrDDz
ecgae877Nw9m8MZhNbs8E7iL+r+ktAaxasW29LZ6HeB93EGb1UHQE2oiYDESUdpH
IyHTj0l2ZLcxM9IEdYLn//vz2uIaayTGIV6q5j19dNDzIGhbt0rD6KV0VIgC16Ps
btBVgxTbCjghIuRI8tiAP5/VX5RuoLYfruM+szkXIibAjDiRawv5/uSwd6FOFSxz
l5snPcfr65AUz5hHbqb9rdXR5Frb29l02/py1xMlj2UIBvcG5hC2VquBSlagZyuM
8csBoK8PgfeDOku2IlooGMd9WnED2hasyMw/VVqPAoRElxZX4lKZQQ00lwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC5ChpoyK0B1cn1WWlNAXpsHdowHMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvTGtLR21qSXJRSFZ5ZlZaYVUwQmVtd2QyakFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxAG
MA0GCSqGSIb3DQEBCwUAA4IBAQCHSvv0vuQcUUAaU7H7c1WTriISXREkEIg3xk05
KDKnCUuvmNFN+bhnsqbVjj6qewkRGCP5DycV6XIm2oK7g5h5UsS70jAC+XypCSTk
44CuaxyN9Fots/d4QhGjTJCRJE49QUajBIJX+RHw0VElwSOrVGUuLqdkSX0DIGBo
1X5ZqpoEY34aLSm0nmgzBh77VFgcfJIzmpGRAIQEUGV9C5YGxHO4iRUFNK8M+b0a
T/1fw2icwPFWLIlUeeYYlv+Xm88wuybEyXn2SyoPktG0ZFMhry+gBpeHQ2Qa/53s
VhBHO8vQTjkKGnL8QQjqJqIDw7+khs6XQH30nz1mL4MnEoSv
-----END CERTIFICATE-----