Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5WiXYK8n4LXFMlZihHl7Xtm3Ook.roa
File:                     5WiXYK8n4LXFMlZihHl7Xtm3Ook.roa (raw, json)
Hash identifier:          t4ktp23JJfbEmOQp7Fk1L6d8Z9CSNRF/0v4FDNmyFW0=
Subject key identifier:   E5:68:97:60:AF:27:E0:B5:C5:32:56:62:84:79:7B:5E:D9:B7:3A:89
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018CC3B6B6825FC205A6A6A0AB5402367AD3
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5WiXYK8n4LXFMlZihHl7Xtm3Ook.roa
Signing time:             Mon 01 Jan 2024 06:29:40 +0000
ROA not before:           Mon 01 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213324
IP address blocks:        2a07:3500:1a50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b6:82:5f:c2:05:a6:a6:a0:ab:54:02:36:7a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  1 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5689760af27e0b5c532566284797b5ed9b73a89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d7:8f:43:cd:9a:58:5d:9a:6e:a2:5a:0b:bc:
                    59:2e:6d:72:1d:0a:49:a9:ca:57:10:9b:84:45:f5:
                    f0:51:b3:4c:8b:2c:7e:a4:2d:72:26:39:92:5e:a2:
                    b1:b0:c2:a2:64:c2:c1:c9:11:74:dc:40:6a:b5:38:
                    a9:80:fe:58:55:93:d0:23:0a:58:da:7b:f0:c8:52:
                    8f:e8:4a:61:d7:0f:a3:e4:5e:36:e8:75:0d:0c:f9:
                    aa:37:d4:f9:2c:d2:b1:97:bb:b9:08:39:c5:12:1a:
                    fe:f1:bb:f3:fc:e8:1d:55:fe:15:38:42:6f:f4:0d:
                    0f:1b:4a:f4:df:2d:df:07:29:83:81:79:9e:13:68:
                    7f:bc:b6:04:91:83:42:da:65:aa:f1:0c:22:b1:3d:
                    41:b3:e4:82:ae:20:54:38:94:76:ce:19:4e:86:6d:
                    f6:27:cc:e9:2a:20:b2:02:41:e6:ac:94:d5:7a:78:
                    a3:7b:78:af:19:92:e4:43:7c:ed:7d:ae:ab:b5:4b:
                    d9:1c:db:38:4e:45:72:2a:ad:ee:16:56:c7:2f:91:
                    45:a4:e7:5c:2a:60:62:2e:e7:be:4d:2d:56:39:39:
                    66:ec:7d:eb:e8:41:9c:3d:85:db:7b:62:10:90:e3:
                    ec:bd:dd:76:c6:9d:4f:65:11:b7:71:d1:79:68:f8:
                    9b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:68:97:60:AF:27:E0:B5:C5:32:56:62:84:79:7B:5E:D9:B7:3A:89
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5WiXYK8n4LXFMlZihHl7Xtm3Ook.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:1a50::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:ad:26:62:7d:69:00:fc:81:20:1d:79:f4:57:81:d3:d0:a0:
         54:6c:e5:d2:4e:fe:3a:fa:1a:a2:62:76:b1:50:54:71:ba:a2:
         9e:d9:3e:b6:fe:d3:bb:3f:bf:b2:27:d3:d1:b3:26:c6:14:d5:
         28:ec:7c:48:ee:27:dd:3f:54:bc:44:f3:f0:09:6b:71:b9:70:
         a3:cb:be:a9:0a:b5:8f:5a:46:55:5a:b5:62:f9:18:00:98:0d:
         6d:44:c1:40:9d:6b:8c:76:cb:68:00:c5:71:53:2c:48:cd:56:
         3d:65:f4:60:b4:07:e5:b8:db:9e:94:1d:eb:db:b7:3e:0d:c6:
         36:26:12:f2:5a:ea:07:10:b6:21:7d:b2:df:39:c6:d9:c3:bf:
         03:22:28:bd:2a:fb:9b:08:6a:8f:e3:30:a1:eb:88:15:40:d4:
         cf:31:33:66:bd:4a:30:b0:01:33:a6:a3:1c:63:00:8a:58:dd:
         69:e3:5a:da:9c:a2:ab:32:fb:97:06:6e:8e:eb:b6:72:cf:97:
         8d:68:04:14:f5:c1:a7:b8:a0:1a:87:f1:cc:0b:ab:db:d0:f6:
         4c:d0:1d:fa:da:19:f3:d3:4f:e9:99:6c:ed:26:f2:cb:9d:ef:
         9f:73:5b:8e:0d:af:e6:60:59:9f:44:f8:59:7e:05:53:af:37:
         46:0e:ab:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtraCX8IFpqagq1QCNnrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY4OTc2MGFmMjdlMGI1YzUzMjU2NjI4NDc5N2I1ZWQ5YjczYTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptePQ82aWF2abqJaC7xZLm1yHQpJ
qcpXEJuERfXwUbNMiyx+pC1yJjmSXqKxsMKiZMLByRF03EBqtTipgP5YVZPQIwpY
2nvwyFKP6Eph1w+j5F426HUNDPmqN9T5LNKxl7u5CDnFEhr+8bvz/OgdVf4VOEJv
9A0PG0r03y3fBymDgXmeE2h/vLYEkYNC2mWq8QwisT1Bs+SCriBUOJR2zhlOhm32
J8zpKiCyAkHmrJTVenije3ivGZLkQ3ztfa6rtUvZHNs4TkVyKq3uFlbHL5FFpOdc
KmBiLue+TS1WOTlm7H3r6EGcPYXbe2IQkOPsvd12xp1PZRG3cdF5aPibQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOVol2CvJ+C1xTJWYoR5e17ZtzqJMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvNVdpWFlLOG40TFhGTWxaaWhIbDdYdG0zT29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABpQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCmrSZifWkA/IEgHXn0V4HT0KBUbOXSTv46+hqi
YnaxUFRxuqKe2T62/tO7P7+yJ9PRsybGFNUo7HxI7ifdP1S8RPPwCWtxuXCjy76p
CrWPWkZVWrVi+RgAmA1tRMFAnWuMdstoAMVxUyxIzVY9ZfRgtAfluNuelB3r27c+
DcY2JhLyWuoHELYhfbLfOcbZw78DIii9KvubCGqP4zCh64gVQNTPMTNmvUowsAEz
pqMcYwCKWN1p41ranKKrMvuXBm6O67Zyz5eNaAQU9cGnuKAah/HMC6vb0PZM0B36
2hnz00/pmWztJvLLne+fc1uODa/mYFmfRPhZfgVTrzdGDqtx
-----END CERTIFICATE-----