Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/xaBpymlkRYOAbp3xbuTjP-xBIkg.roa
File:                     xaBpymlkRYOAbp3xbuTjP-xBIkg.roa (raw, json)
Hash identifier:          qWGguHRZEX3sBBtn8xmnopwe5cf6EFFbnLPZ2U51J4c=
Subject key identifier:   C5:A0:69:CA:69:64:45:83:80:6E:9D:F1:6E:E4:E3:3F:EC:41:22:48
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       018CC9BA808C604B60BA1FD69D92CE34ADF3
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/xaBpymlkRYOAbp3xbuTjP-xBIkg.roa
Signing time:             Tue 02 Jan 2024 10:31:32 +0000
ROA not before:           Tue 02 Jan 2024 10:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42474
IP address blocks:        2a06:dd01::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:80:8c:60:4b:60:ba:1f:d6:9d:92:ce:34:ad:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Jan  2 10:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5a069ca69644583806e9df16ee4e33fec412248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e3:ee:b6:96:c4:0b:63:ae:0a:ac:c1:02:f5:
                    73:63:96:00:9c:dc:2d:a9:5f:c9:9d:d2:5b:57:33:
                    ea:f4:cf:41:3e:e0:a1:68:b8:41:a6:91:c6:59:6b:
                    71:b6:b8:1e:7e:35:9a:85:d3:8d:ad:04:20:a4:c5:
                    6b:47:93:67:17:4c:29:02:b8:d3:19:7e:3c:75:78:
                    81:d0:3c:bb:93:ad:48:35:70:dc:04:69:49:2b:71:
                    fc:f1:95:61:64:47:d5:53:6e:79:17:d4:c5:c1:b0:
                    6f:17:78:0f:c9:ab:97:3d:82:48:36:4c:bd:87:25:
                    60:9c:19:7d:d7:0f:2f:a0:31:89:d1:d7:c4:27:b9:
                    56:cb:a5:84:35:76:79:bc:0c:23:5f:42:59:61:63:
                    b4:6c:ff:c3:97:7a:7a:08:c0:df:6e:7b:62:43:95:
                    95:e4:43:90:e4:ec:b1:28:5a:ab:26:e6:f4:7d:6a:
                    ec:56:6a:4d:2c:1e:34:f5:c6:cb:13:f8:c5:55:4d:
                    c9:f6:7f:6b:eb:c1:f4:da:c4:51:50:d8:77:b5:00:
                    72:66:78:a1:fb:fa:2c:15:93:b8:6f:f5:0a:51:1a:
                    c3:c1:05:63:79:da:7b:f3:ad:e2:92:ab:77:d8:dc:
                    75:20:01:55:c1:06:0a:42:7c:83:00:f8:11:1a:02:
                    87:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A0:69:CA:69:64:45:83:80:6E:9D:F1:6E:E4:E3:3F:EC:41:22:48
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/xaBpymlkRYOAbp3xbuTjP-xBIkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:dd01::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:c7:61:27:61:e8:17:d5:7e:5e:25:d9:3e:fb:12:3b:a9:78:
         85:94:32:75:e8:c0:94:1b:ce:7c:64:f6:37:0b:c5:54:ec:6d:
         2d:c6:99:31:a1:78:9c:52:bd:32:f0:dc:25:2d:56:4a:ad:d8:
         88:31:08:fc:78:2d:9f:e3:57:aa:9d:16:9a:fd:e2:bb:ca:50:
         a6:c3:c4:9f:af:e3:b6:de:d5:f9:de:68:5e:28:42:70:8a:45:
         a1:de:46:7a:89:e2:fb:62:d7:63:47:53:49:f3:7f:a6:6f:25:
         d3:b2:f6:2b:6d:8a:86:ab:60:4d:82:d8:ca:1d:da:6b:fd:84:
         55:29:20:c4:06:b2:95:11:2c:87:89:70:86:c2:0d:86:ce:68:
         61:63:b5:a0:e0:1b:90:b1:fb:32:0e:2d:10:d9:ce:f3:ea:d1:
         ca:86:aa:7b:a4:c5:aa:7f:7e:c3:24:ec:2d:36:ce:5e:dd:c6:
         19:66:e2:a0:86:21:42:b5:11:6e:ea:cf:d1:9f:48:38:0c:bf:
         4e:22:0c:c2:69:84:e1:52:32:a0:9f:73:ce:84:44:f6:da:6f:
         11:7e:cd:cd:11:49:49:f3:b8:56:17:92:4b:90:9e:59:33:25:
         ba:61:87:c8:7b:8c:23:3b:0f:31:07:b8:ab:91:6f:e4:aa:a2:
         15:2b:a8:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJuoCMYEtguh/WnZLONK3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjQwMTAyMTAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWEwNjljYTY5NjQ0NTgzODA2ZTlkZjE2ZWU0ZTMzZmVjNDEyMjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOPutpbEC2OuCqzBAvVzY5YAnNwt
qV/JndJbVzPq9M9BPuChaLhBppHGWWtxtrgefjWahdONrQQgpMVrR5NnF0wpArjT
GX48dXiB0Dy7k61INXDcBGlJK3H88ZVhZEfVU255F9TFwbBvF3gPyauXPYJINky9
hyVgnBl91w8voDGJ0dfEJ7lWy6WENXZ5vAwjX0JZYWO0bP/Dl3p6CMDfbntiQ5WV
5EOQ5OyxKFqrJub0fWrsVmpNLB409cbLE/jFVU3J9n9r68H02sRRUNh3tQByZnih
+/osFZO4b/UKURrDwQVjedp7863ikqt32Nx1IAFVwQYKQnyDAPgRGgKH9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMWgacppZEWDgG6d8W7k4z/sQSJIMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEveGFCcHltbGtSWU9BYnAzeGJ1VGpQLXhCSWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbdATAN
BgkqhkiG9w0BAQsFAAOCAQEAGsdhJ2HoF9V+XiXZPvsSO6l4hZQydejAlBvOfGT2
NwvFVOxtLcaZMaF4nFK9MvDcJS1WSq3YiDEI/Hgtn+NXqp0Wmv3iu8pQpsPEn6/j
tt7V+d5oXihCcIpFod5Geoni+2LXY0dTSfN/pm8l07L2K22KhqtgTYLYyh3aa/2E
VSkgxAaylREsh4lwhsINhs5oYWO1oOAbkLH7Mg4tENnO8+rRyoaqe6TFqn9+wyTs
LTbOXt3GGWbioIYhQrURburP0Z9IOAy/TiIMwmmE4VIyoJ9zzoRE9tpvEX7NzRFJ
SfO4VheSS5CeWTMlumGHyHuMIzsPMQe4q5Fv5KqiFSuoQg==
-----END CERTIFICATE-----