Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/d5YQdX7VjxCr8qqx0eoPO0CaNjI.roa
File:                     d5YQdX7VjxCr8qqx0eoPO0CaNjI.roa (raw, json)
Hash identifier:          VTslx8uzWGJas73uF2Yy7NjtJZvzifgzjEtxmAVEa3Q=
Subject key identifier:   77:96:10:75:7E:D5:8F:10:AB:F2:AA:B1:D1:EA:0F:3B:40:9A:36:32
Certificate issuer:       /CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
Certificate serial:       018CC86F5B6EFC492DE60895AF6BBE340903
Authority key identifier: 73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/d5YQdX7VjxCr8qqx0eoPO0CaNjI.roa
Signing time:             Tue 02 Jan 2024 04:29:50 +0000
ROA not before:           Tue 02 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211593
IP address blocks:        2a0b:b600:3c05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5b:6e:fc:49:2d:e6:08:95:af:6b:be:34:09:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f986c7705bd808c1b02ebd754fbfa91807e9b6
        Validity
            Not Before: Jan  2 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=779610757ed58f10abf2aab1d1ea0f3b409a3632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:8d:98:72:98:f5:e3:2c:1f:75:68:9a:e3:04:
                    0e:eb:8c:6c:60:c2:8b:7a:f9:8e:20:00:9d:b3:6e:
                    fa:26:39:67:a2:8f:87:aa:a1:97:45:1e:32:9b:67:
                    ae:83:6a:0a:0b:bd:84:03:ce:50:00:dc:c2:83:54:
                    56:ea:e4:ba:43:4f:aa:94:2d:1b:78:20:f7:fd:81:
                    e1:cc:4c:09:21:a5:01:0b:e3:6b:25:09:39:c8:83:
                    ac:43:af:48:d8:c4:07:00:ae:07:e8:a1:c2:30:7f:
                    0b:7f:30:03:02:7d:46:ac:14:4e:c8:20:79:5b:a3:
                    50:70:3e:85:52:a4:22:25:31:10:9a:b1:f9:e3:59:
                    18:e9:93:9d:40:de:33:3e:a0:54:25:d2:6d:71:b0:
                    68:ce:24:cf:4a:3a:b2:e9:f3:f1:9b:2e:61:13:74:
                    f7:95:4e:fb:69:77:0e:ef:57:54:ba:b8:ba:92:61:
                    9d:ab:53:15:2a:41:7a:39:d7:78:1a:ae:8c:be:50:
                    fa:43:31:43:f9:c0:5d:90:61:83:76:35:c9:8d:4c:
                    1a:b2:01:85:c6:a0:f2:bd:c2:4b:bc:a6:6d:74:e8:
                    88:c8:4f:3c:02:78:93:09:7a:ae:95:6d:58:19:54:
                    9d:10:44:c4:07:fa:15:c4:f0:0d:00:4a:8b:be:af:
                    11:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:96:10:75:7E:D5:8F:10:AB:F2:AA:B1:D1:EA:0F:3B:40:9A:36:32
            X509v3 Authority Key Identifier:
                keyid:73:F9:86:C7:70:5B:D8:08:C1:B0:2E:BD:75:4F:BF:A9:18:07:E9:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_mGx3Bb2AjBsC69dU-_qRgH6bY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/d5YQdX7VjxCr8qqx0eoPO0CaNjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/db1aca-2659-42a3-a631-9a1295f02f2e/1/c_mGx3Bb2AjBsC69dU-_qRgH6bY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b600:3c05::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:68:3e:c6:5a:e9:51:05:1e:fa:1b:cc:3a:86:74:d5:59:83:
         74:45:87:51:45:be:cd:29:94:3d:45:c8:ed:b8:79:41:ee:20:
         91:73:6e:43:82:eb:ce:00:46:fa:f2:65:61:75:5c:72:3f:70:
         a5:13:70:32:40:03:8b:29:57:9e:a4:1f:7e:53:88:9a:1e:00:
         91:58:8a:6c:4b:50:dd:09:5e:db:05:6e:15:d9:d2:40:3a:d2:
         f2:98:3f:f1:0d:79:2d:d9:d8:57:d0:83:65:65:19:5f:a4:a5:
         0a:c7:0e:a3:86:92:99:74:f6:31:07:09:66:fd:bb:47:cc:1e:
         71:29:c3:b2:ca:cf:0f:05:8e:43:4b:5c:f8:81:79:e0:14:d8:
         46:36:84:90:99:4b:e5:da:14:67:3d:0f:57:38:67:c4:78:3f:
         65:45:36:47:f2:8f:9e:b3:53:73:51:92:b2:7f:7a:c4:85:f7:
         43:1a:b0:e2:ed:3a:e8:b3:1d:2d:ff:89:02:bc:9d:1a:55:c0:
         f2:cc:93:5b:0d:1c:99:7d:c0:2c:f4:25:70:3b:2e:4e:04:4a:
         7e:6e:69:d3:38:65:a4:32:68:32:95:58:e7:6b:94:5a:a3:e4:
         98:b7:86:ac:da:b7:27:07:45:97:a3:28:6e:f9:86:5c:d0:67:
         ca:68:71:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb1tu/Ekt5giVr2u+NAkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjk4NmM3NzA1YmQ4MDhjMWIwMmViZDc1NGZiZmE5MTgw
N2U5YjYwHhcNMjQwMTAyMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Nzk2MTA3NTdlZDU4ZjEwYWJmMmFhYjFkMWVhMGYzYjQwOWEzNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8o2Ycpj14ywfdWia4wQO64xsYMKL
evmOIACds276Jjlnoo+HqqGXRR4ym2eug2oKC72EA85QANzCg1RW6uS6Q0+qlC0b
eCD3/YHhzEwJIaUBC+NrJQk5yIOsQ69I2MQHAK4H6KHCMH8LfzADAn1GrBROyCB5
W6NQcD6FUqQiJTEQmrH541kY6ZOdQN4zPqBUJdJtcbBoziTPSjqy6fPxmy5hE3T3
lU77aXcO71dUuri6kmGdq1MVKkF6Odd4Gq6MvlD6QzFD+cBdkGGDdjXJjUwasgGF
xqDyvcJLvKZtdOiIyE88AniTCXqulW1YGVSdEETEB/oVxPANAEqLvq8R5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHeWEHV+1Y8Qq/KqsdHqDztAmjYyMB8GA1UdIwQY
MBaAFHP5hsdwW9gIwbAuvXVPv6kYB+m2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEt
OWExMjk1ZjAyZjJlLzEvZDVZUWRYN1ZqeENyOHFxeDBlb1BPMENhTmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kYjFhY2EtMjY1OS00MmEzLWE2MzEtOWExMjk1ZjAyZjJl
LzEvY19tR3gzQmIyQWpCc0M2OWRVLV9xUmdINmJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgu2ADwF
MA0GCSqGSIb3DQEBCwUAA4IBAQCYaD7GWulRBR76G8w6hnTVWYN0RYdRRb7NKZQ9
RcjtuHlB7iCRc25DguvOAEb68mVhdVxyP3ClE3AyQAOLKVeepB9+U4iaHgCRWIps
S1DdCV7bBW4V2dJAOtLymD/xDXkt2dhX0INlZRlfpKUKxw6jhpKZdPYxBwlm/btH
zB5xKcOyys8PBY5DS1z4gXngFNhGNoSQmUvl2hRnPQ9XOGfEeD9lRTZH8o+es1Nz
UZKyf3rEhfdDGrDi7Trosx0t/4kCvJ0aVcDyzJNbDRyZfcAs9CVwOy5OBEp+bmnT
OGWkMmgylVjna5Rao+SYt4as2rcnB0WXoyhu+YZc0GfKaHHS
-----END CERTIFICATE-----