Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xtxKCZNZNWhiIGcbdc037-48SNw.roa
File:                     xtxKCZNZNWhiIGcbdc037-48SNw.roa (raw, json)
Hash identifier:          uTPHT0+T+LQNp5EirizPkqxezbZjw4A1h5Nd9yDG0lA=
Subject key identifier:   C6:DC:4A:09:93:59:35:68:62:20:67:1B:75:CD:37:EF:EE:3C:48:DC
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       018CC794E17CB46B45F3A92FE7996FDCC1E7
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xtxKCZNZNWhiIGcbdc037-48SNw.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51699
IP address blocks:        2a05:4741:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e1:7c:b4:6b:45:f3:a9:2f:e7:99:6f:dc:c1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6dc4a09935935686220671b75cd37efee3c48dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1c:36:bf:c2:28:e8:1e:5d:6a:2a:74:d8:5e:
                    80:d2:4e:fb:e2:3d:70:b4:9f:64:02:51:aa:9d:27:
                    af:e4:47:07:1c:79:bc:7c:d3:c7:20:7d:58:ae:22:
                    04:c3:1d:08:55:92:bc:d2:ae:23:21:d7:d0:33:72:
                    8a:56:40:22:25:c7:00:7d:5a:25:19:0e:e2:a2:54:
                    57:6d:22:33:dd:3f:db:f4:06:cd:68:a6:a0:3a:cb:
                    24:ea:bb:80:29:cd:17:88:63:23:72:cf:b9:ba:24:
                    ed:64:60:da:ea:df:f0:69:09:82:03:42:7c:e6:d5:
                    83:79:17:18:d3:b1:0b:6f:ea:10:4c:e7:a9:20:ee:
                    ed:6f:74:1a:a5:2b:38:fa:23:f3:f8:f7:72:26:ca:
                    8d:3d:a2:09:b0:b1:fe:61:0f:1f:cd:85:3d:51:44:
                    2a:cc:83:e6:b0:30:81:21:95:3c:90:a6:6c:28:48:
                    39:96:05:e5:f1:4e:5b:d6:c9:00:79:21:83:40:f6:
                    e0:c6:81:d3:b0:d0:2d:4c:b5:52:27:b6:30:0e:5a:
                    96:99:b2:cb:39:d2:53:13:b1:9f:df:73:50:1a:8b:
                    2d:69:a9:d8:80:fc:12:93:c6:34:99:70:68:7b:d7:
                    a9:43:2e:aa:16:52:9f:5a:69:ff:75:8c:3e:70:e2:
                    b5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DC:4A:09:93:59:35:68:62:20:67:1B:75:CD:37:EF:EE:3C:48:DC
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/xtxKCZNZNWhiIGcbdc037-48SNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:62:b8:bf:09:c2:d0:c4:f4:0e:e3:7a:22:a0:32:bb:22:6e:
         98:a0:43:d2:8d:79:ab:c2:68:24:f1:9a:12:f6:37:b2:59:00:
         a7:7d:53:8e:13:80:79:99:97:3d:87:3f:7e:5b:fc:d1:b8:30:
         4d:90:3e:7c:8b:a5:68:d7:85:61:68:f0:24:fb:a4:27:73:26:
         95:17:7f:c5:6b:e7:15:a0:eb:79:ca:fa:2f:47:b9:bb:c7:fb:
         62:f5:e1:3f:d3:5d:87:e5:a9:10:ba:b5:a5:b7:04:5c:54:36:
         cd:7f:4b:ab:58:a0:68:db:bc:95:ea:cf:e8:cb:5d:3b:7c:20:
         67:cc:9c:30:3f:90:5b:64:d5:cc:2f:a7:a6:5c:4c:7b:21:67:
         cd:61:ed:50:8f:72:92:70:81:6b:f7:8a:e9:b6:e5:9b:f5:66:
         7d:22:eb:7b:6e:e4:0d:47:71:8f:27:05:e6:09:ab:ef:4b:25:
         80:48:40:dd:a0:2d:9a:57:0f:5d:04:8b:1d:52:20:cb:23:01:
         a8:e4:40:cd:dc:2b:fb:58:2b:af:4d:cb:3f:68:8a:5d:73:28:
         c5:18:d3:cb:92:74:05:aa:44:30:df:cd:e1:8a:97:e7:3c:01:
         05:c7:5f:7d:cc:f8:d1:f9:e3:ec:76:0c:33:66:7e:4a:2b:ce:
         08:8c:7a:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlOF8tGtF86kv55lv3MHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmRjNGEwOTkzNTkzNTY4NjIyMDY3MWI3NWNkMzdlZmVlM2M0OGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBw2v8Io6B5daip02F6A0k774j1w
tJ9kAlGqnSev5EcHHHm8fNPHIH1YriIEwx0IVZK80q4jIdfQM3KKVkAiJccAfVol
GQ7iolRXbSIz3T/b9AbNaKagOssk6ruAKc0XiGMjcs+5uiTtZGDa6t/waQmCA0J8
5tWDeRcY07ELb+oQTOepIO7tb3QapSs4+iPz+PdyJsqNPaIJsLH+YQ8fzYU9UUQq
zIPmsDCBIZU8kKZsKEg5lgXl8U5b1skAeSGDQPbgxoHTsNAtTLVSJ7YwDlqWmbLL
OdJTE7Gf33NQGostaanYgPwSk8Y0mXBoe9epQy6qFlKfWmn/dYw+cOK1vwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMbcSgmTWTVoYiBnG3XNN+/uPEjcMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEveHR4S0NaTlpOV2hpSUdjYmRjMDM3LTQ4U053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVHQQAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBJYri/CcLQxPQO43oioDK7Im6YoEPSjXmrwmgk
8ZoS9jeyWQCnfVOOE4B5mZc9hz9+W/zRuDBNkD58i6Vo14VhaPAk+6QncyaVF3/F
a+cVoOt5yvovR7m7x/ti9eE/012H5akQurWltwRcVDbNf0urWKBo27yV6s/oy107
fCBnzJwwP5BbZNXML6emXEx7IWfNYe1Qj3KScIFr94rptuWb9WZ9Iut7buQNR3GP
JwXmCavvSyWASEDdoC2aVw9dBIsdUiDLIwGo5EDN3Cv7WCuvTcs/aIpdcyjFGNPL
knQFqkQw383hipfnPAEFx199zPjR+ePsdgwzZn5KK84IjHoS
-----END CERTIFICATE-----