Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/V2nVj9UOEvQ_iydKdgmm4qiUO2I.roa
File:                     V2nVj9UOEvQ_iydKdgmm4qiUO2I.roa (raw, json)
Hash identifier:          CS3Uk6k3nMh5ZkzhYYQcRfvWT1A8FGJ/dpFjynB6hQQ=
Subject key identifier:   57:69:D5:8F:D5:0E:12:F4:3F:8B:27:4A:76:09:A6:E2:A8:94:3B:62
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018F05BC2A39C4771E0ECBA19CD383BCF497
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/V2nVj9UOEvQ_iydKdgmm4qiUO2I.roa
Signing time:             Mon 22 Apr 2024 12:16:08 +0000
ROA not before:           Mon 22 Apr 2024 12:16:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a0c:4185::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:bc:2a:39:c4:77:1e:0e:cb:a1:9c:d3:83:bc:f4:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr 22 12:16:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5769d58fd50e12f43f8b274a7609a6e2a8943b62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:56:2c:f5:13:a2:01:e2:ac:b3:05:a8:a2:3d:
                    98:e2:9d:c8:9d:fc:86:68:8a:b7:6e:82:69:13:68:
                    01:8f:f7:73:74:a7:af:66:5a:b5:fe:f5:67:2c:6b:
                    bb:62:ca:32:6c:5a:e2:f3:2d:9e:c5:a4:5b:3d:f6:
                    f2:23:67:b4:07:e0:50:d9:56:4e:59:d3:87:b8:53:
                    8d:74:88:18:e3:a6:2b:2d:e4:15:47:54:6b:a6:61:
                    bd:96:84:72:a2:81:3f:64:30:12:28:f5:ae:ff:d1:
                    e6:f8:b2:ca:8c:7f:43:a3:79:10:22:84:36:ae:7d:
                    b2:67:c2:a4:35:d4:ca:ad:ca:9a:c1:84:d2:27:10:
                    d5:f5:92:3c:5f:4f:8e:43:98:88:3b:24:a2:8e:82:
                    0e:8d:b7:e1:0a:d8:8f:3e:ae:db:c0:10:5f:7e:92:
                    de:38:0b:c9:16:a5:d4:dc:73:85:52:67:84:33:bd:
                    de:72:e2:39:ef:e8:f5:3f:da:c9:cd:42:9d:77:3f:
                    e4:b9:9b:c2:87:3c:b6:d0:6a:eb:85:5c:dc:f5:aa:
                    3e:30:67:03:8d:55:43:19:3a:3c:1b:11:92:d2:03:
                    cb:d0:9d:52:89:dd:9c:75:f6:4b:18:e6:3a:3f:ff:
                    3d:b5:1e:9d:53:b0:82:ae:b1:6d:36:10:9b:69:ba:
                    b8:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:69:D5:8F:D5:0E:12:F4:3F:8B:27:4A:76:09:A6:E2:A8:94:3B:62
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/V2nVj9UOEvQ_iydKdgmm4qiUO2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4185::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:8d:f2:ff:77:87:1d:a8:cb:75:93:5b:ed:53:f3:99:a6:5c:
         12:c3:92:12:95:01:4b:42:3b:52:39:68:95:c6:22:0b:25:fa:
         b9:74:f3:c3:ab:76:34:55:2b:1c:eb:f7:fa:4b:89:f7:31:73:
         23:52:f2:7b:bb:6e:59:75:b3:db:40:db:c1:8e:8d:f1:57:62:
         ed:d0:72:e0:a5:70:e0:65:5c:e9:17:35:30:a7:0c:b7:e5:2b:
         d9:8a:c8:9a:3f:ba:14:13:42:9d:ef:1a:03:18:68:dc:b9:80:
         22:4f:54:2f:00:60:d2:03:2a:09:ce:07:c9:dd:8f:8d:94:45:
         6b:0c:2b:2f:76:ab:99:fc:62:3f:42:87:d2:9f:60:69:ce:81:
         da:60:27:2f:75:00:f3:6b:e4:2b:3a:80:73:23:ce:9f:76:b9:
         bd:c6:d0:79:96:6a:ea:a5:15:24:ee:8b:a2:53:98:74:ba:be:
         17:0a:ac:77:4c:99:39:c3:c0:fd:e0:6b:be:47:89:7a:37:1d:
         76:35:5e:b1:58:65:ce:79:13:a3:a1:31:10:af:7e:2c:92:3a:
         5a:a9:31:84:1d:d2:d6:87:1f:44:a5:10:d0:3d:1e:ce:df:23:
         b9:8a:3b:af:ca:77:36:d3:40:5d:1f:30:4a:d7:cc:a1:ee:c8:
         f6:3f:0f:b0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8FvCo5xHceDsuhnNODvPSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwNDIyMTIxNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzY5ZDU4ZmQ1MGUxMmY0M2Y4YjI3NGE3NjA5YTZlMmE4OTQzYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVYs9ROiAeKsswWooj2Y4p3InfyG
aIq3boJpE2gBj/dzdKevZlq1/vVnLGu7YsoybFri8y2exaRbPfbyI2e0B+BQ2VZO
WdOHuFONdIgY46YrLeQVR1RrpmG9loRyooE/ZDASKPWu/9Hm+LLKjH9Do3kQIoQ2
rn2yZ8KkNdTKrcqawYTSJxDV9ZI8X0+OQ5iIOySijoIOjbfhCtiPPq7bwBBffpLe
OAvJFqXU3HOFUmeEM73ecuI57+j1P9rJzUKddz/kuZvChzy20GrrhVzc9ao+MGcD
jVVDGTo8GxGS0gPL0J1Sid2cdfZLGOY6P/89tR6dU7CCrrFtNhCbabq4gQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFdp1Y/VDhL0P4snSnYJpuKolDtiMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVjJuVmo5VU9FdlFfaXlkS2RnbW00cWlVTzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgxBhTAN
BgkqhkiG9w0BAQsFAAOCAQEABI3y/3eHHajLdZNb7VPzmaZcEsOSEpUBS0I7Ujlo
lcYiCyX6uXTzw6t2NFUrHOv3+kuJ9zFzI1Lye7tuWXWz20DbwY6N8Vdi7dBy4KVw
4GVc6Rc1MKcMt+Ur2YrImj+6FBNCne8aAxho3LmAIk9ULwBg0gMqCc4Hyd2PjZRF
awwrL3armfxiP0KH0p9gac6B2mAnL3UA82vkKzqAcyPOn3a5vcbQeZZq6qUVJO6L
olOYdLq+Fwqsd0yZOcPA/eBrvkeJejcddjVesVhlznkTo6ExEK9+LJI6WqkxhB3S
1ocfRKUQ0D0ezt8juYo7r8p3NtNAXR8wStfMoe7I9j8PsA==
-----END CERTIFICATE-----