Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/sk-J2bl9FP9sIGq-fQ6R1UJSOwQ.roa
File:                     sk-J2bl9FP9sIGq-fQ6R1UJSOwQ.roa (raw, json)
Hash identifier:          cOxOKsYpTElmJkv3L/MlHhNmuV3XsmV42Jm1f6hlpSs=
Subject key identifier:   B2:4F:89:D9:B9:7D:14:FF:6C:20:6A:BE:7D:0E:91:D5:42:52:3B:04
Certificate issuer:       /CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
Certificate serial:       01906E8A095FB5E86D2FAC86EB7784356C1E
Authority key identifier: 5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/sk-J2bl9FP9sIGq-fQ6R1UJSOwQ.roa
Signing time:             Mon 01 Jul 2024 13:44:18 +0000
ROA not before:           Mon 01 Jul 2024 13:44:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a0d:5100::/29 maxlen: 29
                          2a0d:ab00::/29 maxlen: 29
                          2a0d:af00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6e:8a:09:5f:b5:e8:6d:2f:ac:86:eb:77:84:35:6c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
        Validity
            Not Before: Jul  1 13:44:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b24f89d9b97d14ff6c206abe7d0e91d542523b04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:45:b0:5b:d0:b0:f5:10:a6:51:58:f9:87:74:
                    fe:94:11:e2:92:d0:68:98:87:ec:dd:92:9b:85:f1:
                    33:30:29:7f:ef:b7:03:54:43:a5:7d:0c:23:2d:5b:
                    74:bb:06:93:09:48:5e:0c:e3:87:b0:2f:26:50:75:
                    90:c5:6e:11:16:c0:ab:34:1d:8a:02:91:28:dd:4a:
                    1b:b7:43:e1:cd:df:7e:25:97:4b:08:e8:94:8f:a3:
                    f7:64:6e:83:e9:db:cb:80:8c:ad:e7:22:56:1b:86:
                    b3:b9:fd:9d:e4:ca:c7:35:2b:22:95:47:09:86:de:
                    2a:4f:10:14:d4:a9:0b:60:23:f7:22:5b:e5:3a:e7:
                    b5:07:be:db:be:be:fd:8d:3f:76:52:83:41:8a:aa:
                    ef:b4:43:3a:a5:6d:71:f3:8f:6f:33:3e:13:47:7c:
                    88:5f:69:c8:66:6c:a5:15:75:7d:9f:09:dc:8a:80:
                    ba:4d:3f:8d:9f:ae:e9:c8:67:24:be:30:d2:b0:3f:
                    28:19:6a:6e:7f:8e:c1:d0:b8:ab:40:c7:d4:8e:89:
                    a7:b1:85:13:11:80:42:52:55:98:5c:53:61:89:c7:
                    6d:20:83:12:73:5a:d1:7d:f2:81:47:c3:8b:8d:3f:
                    2f:26:37:8e:85:17:f3:1c:14:02:4f:61:11:12:c4:
                    e7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4F:89:D9:B9:7D:14:FF:6C:20:6A:BE:7D:0E:91:D5:42:52:3B:04
            X509v3 Authority Key Identifier:
                keyid:5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/sk-J2bl9FP9sIGq-fQ6R1UJSOwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:5100::/29
                  2a0d:ab00::/29
                  2a0d:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:de:16:15:6d:f3:2b:ec:c6:0c:f1:28:81:b7:59:3f:b0:e0:
         be:9a:2a:23:6a:ca:98:4c:ee:1c:9b:b3:17:0a:a1:e3:ac:dd:
         84:b5:8d:70:08:37:c5:6d:3f:c5:5c:53:4f:1a:6c:5b:23:76:
         a8:e2:70:e6:65:85:17:0a:3d:ca:4b:af:79:b5:fe:3a:fe:64:
         9d:fe:e2:b3:2f:b6:50:5d:9b:c4:dc:c3:be:56:31:ec:ef:bc:
         e6:be:4f:4f:34:ef:1d:4f:11:92:ea:35:64:5e:72:2a:88:eb:
         19:69:bf:33:35:2a:f2:09:fe:f4:f3:36:83:f2:25:fc:37:53:
         7f:06:95:b9:a8:87:c0:15:27:de:73:24:43:e4:d0:be:38:d6:
         45:35:fc:7e:9b:f0:25:b7:f6:c4:47:87:d8:09:8d:d4:9b:70:
         21:4d:b4:95:3f:8f:3c:e1:e5:96:44:45:3b:e0:1c:dd:bd:ef:
         eb:e3:d7:3b:cd:7e:59:e5:f9:82:6e:0a:eb:7e:a5:f4:8f:8a:
         b4:8f:30:3a:9a:96:61:35:8f:12:57:2d:3a:a2:08:5d:45:b9:
         c5:7e:b9:d2:07:d3:43:cd:1e:43:fb:b9:4c:81:a3:0b:2c:89:
         c2:31:55:1c:a2:56:7d:67:4e:9e:d5:dd:2f:9e:a5:cd:a5:c5:
         e8:70:50:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBuiglftehtL6yG63eENWweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjMxYWZjMzZjYjY5NTUwMDdmZTk3ZWQ0YTVlMzE4NWQy
MjcxYmEwHhcNMjQwNzAxMTM0NDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRmODlkOWI5N2QxNGZmNmMyMDZhYmU3ZDBlOTFkNTQyNTIzYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0WwW9Cw9RCmUVj5h3T+lBHiktBo
mIfs3ZKbhfEzMCl/77cDVEOlfQwjLVt0uwaTCUheDOOHsC8mUHWQxW4RFsCrNB2K
ApEo3Uobt0Phzd9+JZdLCOiUj6P3ZG6D6dvLgIyt5yJWG4azuf2d5MrHNSsilUcJ
ht4qTxAU1KkLYCP3IlvlOue1B77bvr79jT92UoNBiqrvtEM6pW1x849vMz4TR3yI
X2nIZmylFXV9nwncioC6TT+Nn67pyGckvjDSsD8oGWpuf47B0LirQMfUjomnsYUT
EYBCUlWYXFNhicdtIIMSc1rRffKBR8OLjT8vJjeOhRfzHBQCT2EREsTn9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLJPidm5fRT/bCBqvn0OkdVCUjsEMB8GA1UdIwQY
MBaAFFzzGvw2y2lVAH/pftSl4xhdInG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQt
NzM2ZDEyODg4Y2E4LzEvc2stSjJibDlGUDlzSUdxLWZRNlIxVUpTT3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQtNzM2ZDEyODg4Y2E4
LzEvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg1RAAMF
AyoNqwADBQMqDa8AMA0GCSqGSIb3DQEBCwUAA4IBAQCL3hYVbfMr7MYM8SiBt1k/
sOC+miojasqYTO4cm7MXCqHjrN2EtY1wCDfFbT/FXFNPGmxbI3ao4nDmZYUXCj3K
S695tf46/mSd/uKzL7ZQXZvE3MO+VjHs77zmvk9PNO8dTxGS6jVkXnIqiOsZab8z
NSryCf708zaD8iX8N1N/BpW5qIfAFSfecyRD5NC+ONZFNfx+m/Alt/bER4fYCY3U
m3AhTbSVP4884eWWREU74Bzdve/r49c7zX5Z5fmCbgrrfqX0j4q0jzA6mpZhNY8S
Vy06oghdRbnFfrnSB9NDzR5D+7lMgaMLLInCMVUcolZ9Z06e1d0vnqXNpcXocFAH
-----END CERTIFICATE-----