Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/k1IGWaEG30ks5Zuvl7_wMyNdmkQ.roa
File:                     k1IGWaEG30ks5Zuvl7_wMyNdmkQ.roa (raw, json)
Hash identifier:          Pb8c5XwnDD9amytTtjJU/ifT6X7680m6pWwEl/ZT0Pg=
Subject key identifier:   93:52:06:59:A1:06:DF:49:2C:E5:9B:AF:97:BF:F0:33:23:5D:9A:44
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       018CC49305DD8FA9221DA4DC1B380FFAB1A1
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/k1IGWaEG30ks5Zuvl7_wMyNdmkQ.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2094
IP address blocks:        2001:660:3203::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:05:dd:8f:a9:22:1d:a4:dc:1b:38:0f:fa:b1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93520659a106df492ce59baf97bff033235d9a44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cd:a8:24:ba:95:53:6f:cb:45:4c:dc:9d:fd:
                    d0:df:5e:a4:eb:79:4e:6e:bb:56:1c:a5:60:48:43:
                    f6:db:44:2e:15:83:8c:3e:22:8c:42:87:ad:98:fa:
                    f8:31:99:98:59:36:30:9b:a8:a7:0b:93:f0:6d:61:
                    02:07:69:ea:11:ac:07:7d:3c:3f:c9:4a:d0:d3:e4:
                    ad:2c:95:7a:da:ac:3d:26:01:54:34:f5:6b:8b:3d:
                    a9:b9:bb:f3:22:0e:e0:6c:60:34:a4:71:71:da:47:
                    5e:51:4f:15:cc:ea:5d:c9:16:63:02:32:87:86:8c:
                    79:fe:a7:fe:56:4b:27:b7:70:5b:1f:18:65:83:95:
                    04:9c:79:12:96:8a:ea:cc:92:29:44:eb:e2:e8:df:
                    23:dd:7f:64:cf:f5:74:76:2d:b5:85:8e:b2:6b:4a:
                    27:d4:0f:1e:b3:a4:98:72:b8:04:77:fb:39:85:bd:
                    cc:c0:f1:f9:1b:c5:c2:2a:43:22:ea:ac:a9:10:d5:
                    c7:bf:5e:0a:ad:c3:37:56:96:34:d3:ab:4b:aa:3c:
                    84:af:aa:3e:34:7e:96:0e:dc:bb:82:0f:fd:e1:10:
                    72:7e:9c:5c:8f:6f:5d:2a:6b:61:ba:b8:ef:62:13:
                    76:a1:c9:8c:20:6a:05:25:29:40:25:c2:50:32:5e:
                    55:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:52:06:59:A1:06:DF:49:2C:E5:9B:AF:97:BF:F0:33:23:5D:9A:44
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/k1IGWaEG30ks5Zuvl7_wMyNdmkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:660:3203::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:3f:48:3b:dc:37:e5:23:6a:9d:28:eb:ae:d6:9c:82:4d:99:
         51:0d:b0:76:26:0e:84:ed:41:8e:3f:a2:e3:04:08:5c:d4:50:
         97:d0:9c:65:14:e8:01:bd:c7:5a:57:1b:7d:2c:6c:5b:e1:fb:
         ca:ca:4a:c3:b9:12:de:57:82:5e:cf:ce:c8:cd:ac:9d:0d:4c:
         65:d4:14:a3:cb:14:14:53:2f:42:bd:47:bf:01:3b:43:43:80:
         45:c7:4b:d3:3f:53:97:bf:73:33:3d:5b:d3:c5:1e:63:42:7d:
         8f:f8:9c:64:56:5e:3b:e6:3e:f0:66:45:0e:87:46:df:b9:be:
         44:0f:26:08:4e:5b:c2:7d:ef:cd:e5:f5:9c:fe:27:13:ed:84:
         22:8c:17:76:23:b2:c4:b1:23:6f:2a:f7:4b:33:dc:37:66:5a:
         c1:67:3a:c3:e7:dc:a2:72:a8:36:e9:01:77:6b:86:c5:07:ef:
         14:9b:bd:a1:83:ad:4b:e2:7b:6e:91:f7:14:30:f9:a7:ee:9b:
         2a:69:65:b4:44:c3:78:03:b4:f2:c0:55:d7:54:c2:b3:8d:8c:
         21:00:e0:cd:35:b3:62:99:10:c5:8c:6a:1d:18:05:01:b1:15:
         03:6a:38:03:c7:31:92:c9:cd:ea:24:f2:d0:67:2f:c8:60:06:
         99:25:9e:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkwXdj6kiHaTcGzgP+rGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzUyMDY1OWExMDZkZjQ5MmNlNTliYWY5N2JmZjAzMzIzNWQ5YTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM2oJLqVU2/LRUzcnf3Q316k63lO
brtWHKVgSEP220QuFYOMPiKMQoetmPr4MZmYWTYwm6inC5PwbWECB2nqEawHfTw/
yUrQ0+StLJV62qw9JgFUNPVriz2pubvzIg7gbGA0pHFx2kdeUU8VzOpdyRZjAjKH
hox5/qf+Vksnt3BbHxhlg5UEnHkSlorqzJIpROvi6N8j3X9kz/V0di21hY6ya0on
1A8es6SYcrgEd/s5hb3MwPH5G8XCKkMi6qypENXHv14KrcM3VpY006tLqjyEr6o+
NH6WDty7gg/94RByfpxcj29dKmthurjvYhN2ocmMIGoFJSlAJcJQMl5VmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJNSBlmhBt9JLOWbr5e/8DMjXZpEMB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvazFJR1dhRUczMGtzNVp1dmw3X3dNeU5kbWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGYDID
MA0GCSqGSIb3DQEBCwUAA4IBAQAUP0g73DflI2qdKOuu1pyCTZlRDbB2Jg6E7UGO
P6LjBAhc1FCX0JxlFOgBvcdaVxt9LGxb4fvKykrDuRLeV4Jez87IzaydDUxl1BSj
yxQUUy9CvUe/ATtDQ4BFx0vTP1OXv3MzPVvTxR5jQn2P+JxkVl475j7wZkUOh0bf
ub5EDyYITlvCfe/N5fWc/icT7YQijBd2I7LEsSNvKvdLM9w3ZlrBZzrD59yicqg2
6QF3a4bFB+8Um72hg61L4ntukfcUMPmn7psqaWW0RMN4A7TywFXXVMKzjYwhAODN
NbNimRDFjGodGAUBsRUDajgDxzGSyc3qJPLQZy/IYAaZJZ6v
-----END CERTIFICATE-----