Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/i516MN2rvoVdusUs53I5Gif-KyM.roa
File:                     i516MN2rvoVdusUs53I5Gif-KyM.roa (raw, json)
Hash identifier:          ijvXj0V18YSdYizz3bwVCv0XMHFEEO9kUxgUOXOgXfc=
Subject key identifier:   8B:9D:7A:30:DD:AB:BE:85:5D:BA:C5:2C:E7:72:39:1A:27:FE:2B:23
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018DCB7EA90656A3F3B6D4C1D4FCEA1A39EC
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/i516MN2rvoVdusUs53I5Gif-KyM.roa
Signing time:             Wed 21 Feb 2024 11:48:12 +0000
ROA not before:           Wed 21 Feb 2024 11:48:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12608
IP address blocks:        2a09:5300::/29 maxlen: 29
                          2a0d:8340::/29 maxlen: 29
                          2a0f:7b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:7e:a9:06:56:a3:f3:b6:d4:c1:d4:fc:ea:1a:39:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Feb 21 11:48:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b9d7a30ddabbe855dbac52ce772391a27fe2b23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d3:fe:ee:02:57:be:81:95:61:46:8e:44:a0:
                    8d:c9:62:e8:db:5c:de:57:71:0d:b7:e8:75:3a:50:
                    7e:ce:d6:e5:c0:3f:40:ae:77:66:aa:ef:93:d2:2f:
                    fe:c6:ad:43:5a:a7:63:9c:01:f3:7e:20:0d:9f:0d:
                    4b:42:73:d7:84:03:79:1c:c7:78:ef:f2:4a:61:b6:
                    47:32:d4:6a:80:47:c1:01:f4:f4:5f:c8:91:07:1c:
                    76:6a:f6:bd:a5:53:a6:b5:7a:e4:6a:e5:cb:3c:39:
                    41:ff:42:03:ae:54:27:68:9b:07:88:f5:e8:3e:d9:
                    0e:38:8e:15:7c:37:a7:eb:f9:9c:89:f9:8f:48:b4:
                    64:c2:59:ed:52:7c:84:20:70:89:a1:5a:50:94:13:
                    b6:f8:90:c4:e9:ce:44:11:9b:b0:59:aa:5f:b8:a4:
                    e1:1f:f7:c8:94:0d:63:b6:f9:ef:33:32:6e:3c:b5:
                    5a:69:97:1c:ef:71:9b:35:d5:f4:06:f5:c3:e1:1d:
                    11:3d:c3:33:3d:91:37:22:f5:c3:41:bb:91:71:0d:
                    20:02:21:11:f3:34:86:13:8c:56:db:32:34:f8:37:
                    07:60:3e:c4:e9:94:74:d0:bd:1f:83:ec:d3:ef:69:
                    df:89:d8:33:d9:ac:3c:cc:a2:6c:a1:0f:24:e3:d2:
                    db:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:9D:7A:30:DD:AB:BE:85:5D:BA:C5:2C:E7:72:39:1A:27:FE:2B:23
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/i516MN2rvoVdusUs53I5Gif-KyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:5300::/29
                  2a0d:8340::/29
                  2a0f:7b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:54:52:13:10:c5:b8:9f:cb:b2:f3:36:8c:ab:e5:19:e0:d1:
         21:20:ad:bb:d2:08:b4:76:a7:f3:a3:f3:4d:39:4b:56:78:d7:
         6b:80:df:e7:49:28:5f:b3:00:2f:69:63:3c:34:e8:44:59:85:
         57:34:26:39:c4:ab:7f:67:03:2e:5c:05:bc:bc:e1:b2:48:13:
         b7:9d:ab:53:0a:96:d1:e2:03:1f:72:96:d0:51:f5:c0:6d:54:
         2d:d0:69:0a:65:b9:09:ae:79:41:04:2b:3e:e7:54:7a:43:d3:
         83:a3:23:bd:57:ac:40:90:e7:8f:27:5b:c4:f2:a3:47:4a:91:
         37:78:13:80:24:be:cd:82:5b:92:2a:e7:30:5a:82:95:24:3b:
         bf:58:94:ec:da:c2:c8:30:2a:14:86:72:48:11:34:6f:43:84:
         fa:f2:ed:e0:a4:2c:4f:b9:0f:17:d0:fe:08:36:ed:7f:38:b2:
         1f:fe:cc:e2:8b:da:46:1a:1d:88:cb:6c:7b:d0:6f:87:4c:3a:
         81:cc:04:47:61:5d:ed:f9:c6:a5:68:16:45:33:7c:a1:7f:ec:
         9f:59:f7:7f:3d:bf:44:1e:16:86:3a:d7:bb:f0:00:a0:f8:a0:
         90:98:e8:07:5e:78:7a:7c:c2:d0:b5:fe:10:80:ac:c2:fd:4f:
         27:b2:29:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3LfqkGVqPzttTB1PzqGjnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMjIxMTE0ODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjlkN2EzMGRkYWJiZTg1NWRiYWM1MmNlNzcyMzkxYTI3ZmUyYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNP+7gJXvoGVYUaORKCNyWLo21ze
V3ENt+h1OlB+ztblwD9Arndmqu+T0i/+xq1DWqdjnAHzfiANnw1LQnPXhAN5HMd4
7/JKYbZHMtRqgEfBAfT0X8iRBxx2ava9pVOmtXrkauXLPDlB/0IDrlQnaJsHiPXo
PtkOOI4VfDen6/mcifmPSLRkwlntUnyEIHCJoVpQlBO2+JDE6c5EEZuwWapfuKTh
H/fIlA1jtvnvMzJuPLVaaZcc73GbNdX0BvXD4R0RPcMzPZE3IvXDQbuRcQ0gAiER
8zSGE4xW2zI0+DcHYD7E6ZR00L0fg+zT72nfidgz2aw8zKJsoQ8k49LbhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIudejDdq76FXbrFLOdyORon/isjMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvaTUxNk1OMnJ2b1ZkdXNVczUzSTVHaWYtS3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKglTAAMF
AyoNg0ADBQMqD3uAMA0GCSqGSIb3DQEBCwUAA4IBAQCXVFITEMW4n8uy8zaMq+UZ
4NEhIK270gi0dqfzo/NNOUtWeNdrgN/nSShfswAvaWM8NOhEWYVXNCY5xKt/ZwMu
XAW8vOGySBO3natTCpbR4gMfcpbQUfXAbVQt0GkKZbkJrnlBBCs+51R6Q9ODoyO9
V6xAkOePJ1vE8qNHSpE3eBOAJL7NgluSKucwWoKVJDu/WJTs2sLIMCoUhnJIETRv
Q4T68u3gpCxPuQ8X0P4INu1/OLIf/szii9pGGh2Iy2x70G+HTDqBzARHYV3t+cal
aBZFM3yhf+yfWfd/Pb9EHhaGOte78ACg+KCQmOgHXnh6fMLQtf4QgKzC/U8nsikM
-----END CERTIFICATE-----