Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/cXyUZhKjnZAoxAETJmAhu1I7AGQ.roa
File:                     cXyUZhKjnZAoxAETJmAhu1I7AGQ.roa (raw, json)
Hash identifier:          o+/1NCayrEs8vBRbUZnPpUOrBN96xk8ORFHAJ+ovOks=
Subject key identifier:   71:7C:94:66:12:A3:9D:90:28:C4:01:13:26:60:21:BB:52:3B:00:64
Certificate issuer:       /CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
Certificate serial:       018CC3B674B5AF85856C8D8071475B129196
Authority key identifier: 83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/cXyUZhKjnZAoxAETJmAhu1I7AGQ.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35663
IP address blocks:        2001:1620:2015::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:74:b5:af:85:85:6c:8d:80:71:47:5b:12:91:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83479514959397c5e3fa76e1ea495e8e1f6c319b
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717c946612a39d9028c40113266021bb523b0064
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:44:a2:7b:bb:6b:08:74:60:4f:5b:15:58:56:
                    7a:2b:70:0a:86:84:68:89:44:99:55:94:78:49:2f:
                    d8:94:c4:09:28:6e:de:bf:38:a1:00:ef:a1:62:46:
                    f3:0a:21:de:3d:ad:f4:c3:a8:41:f4:3a:a5:fa:60:
                    3d:63:f1:fe:09:15:47:45:0e:f1:21:e3:2a:f9:18:
                    34:d7:89:01:ea:29:4f:7a:56:21:0f:ec:42:5f:1b:
                    f6:05:be:27:4a:f4:00:1c:18:e8:5e:6b:1e:a3:be:
                    3c:b2:b1:d8:c3:f5:d3:6c:11:de:bc:e9:d9:62:3a:
                    e4:18:95:3d:4b:e7:e4:cc:72:c1:89:11:41:0c:58:
                    56:f9:ea:2c:84:66:70:9e:40:3b:c4:59:fd:d1:96:
                    15:a9:1c:54:38:6b:3e:f6:ab:1d:13:1c:ad:ed:2c:
                    fb:92:d8:54:69:35:35:74:f6:6f:88:24:7f:9b:b6:
                    59:26:75:1d:4f:a8:10:03:c4:e5:49:c1:43:4a:af:
                    d6:34:4b:ba:e0:67:82:6a:5f:60:69:ae:36:64:ba:
                    1e:85:9b:19:ec:5e:0e:6b:66:9f:11:b3:b9:c2:ed:
                    ac:d4:57:c1:db:16:ca:fe:10:a6:5c:69:f4:2e:c6:
                    14:c3:50:28:ab:ea:b6:fa:08:e2:64:ac:b5:a3:1c:
                    d9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7C:94:66:12:A3:9D:90:28:C4:01:13:26:60:21:BB:52:3B:00:64
            X509v3 Authority Key Identifier:
                keyid:83:47:95:14:95:93:97:C5:E3:FA:76:E1:EA:49:5E:8E:1F:6C:31:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0eVFJWTl8Xj-nbh6klejh9sMZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/cXyUZhKjnZAoxAETJmAhu1I7AGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/e09181-2643-414c-8fbe-1e5e430dd711/1/g0eVFJWTl8Xj-nbh6klejh9sMZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1620:2015::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:60:d8:7d:01:66:20:47:02:cf:1f:15:fa:29:4a:46:1a:2c:
         67:73:c5:53:5a:c0:b3:82:4f:37:06:ad:34:3d:57:5f:4c:fa:
         d7:38:2c:c4:64:02:52:74:23:66:9a:29:63:fc:00:c3:7c:2c:
         47:7f:f1:0f:8e:d4:42:fa:36:6b:26:e8:f1:18:f4:cc:c7:e6:
         30:14:09:bd:de:1e:8e:57:73:56:8d:89:97:73:03:47:ae:54:
         f4:2b:97:7e:e8:74:3c:93:77:b9:3f:06:61:5d:ac:af:96:bf:
         3f:6c:87:6e:18:28:7f:b2:e3:9d:5e:7c:60:8d:dc:98:b4:90:
         f6:5b:97:e0:a7:e8:36:c5:95:86:d1:3a:0c:be:64:b9:ea:bf:
         2a:2f:50:36:cf:cc:a3:e2:e2:36:51:4d:d0:4b:2d:87:61:f3:
         6a:93:da:99:20:4a:2c:5e:9b:6b:5d:17:9a:ad:4d:af:26:0c:
         fd:3a:1b:84:3e:0d:31:5b:78:03:be:ba:3a:62:78:2d:32:80:
         83:89:4a:31:71:1f:4b:0f:8e:8e:18:e7:93:ae:59:10:f0:76:
         10:b6:36:dc:24:de:17:07:d7:4c:d7:c7:01:fd:d6:0d:6d:f4:
         36:8d:74:28:26:7e:09:e0:5e:0a:d3:6b:16:26:34:e6:8b:2f:
         19:56:09:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtnS1r4WFbI2AcUdbEpGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDc5NTE0OTU5Mzk3YzVlM2ZhNzZlMWVhNDk1ZThlMWY2
YzMxOWIwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTdjOTQ2NjEyYTM5ZDkwMjhjNDAxMTMyNjYwMjFiYjUyM2IwMDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0Sie7trCHRgT1sVWFZ6K3AKhoRo
iUSZVZR4SS/YlMQJKG7evzihAO+hYkbzCiHePa30w6hB9Dql+mA9Y/H+CRVHRQ7x
IeMq+Rg014kB6ilPelYhD+xCXxv2Bb4nSvQAHBjoXmseo748srHYw/XTbBHevOnZ
YjrkGJU9S+fkzHLBiRFBDFhW+eoshGZwnkA7xFn90ZYVqRxUOGs+9qsdExyt7Sz7
kthUaTU1dPZviCR/m7ZZJnUdT6gQA8TlScFDSq/WNEu64GeCal9gaa42ZLoehZsZ
7F4Oa2afEbO5wu2s1FfB2xbK/hCmXGn0LsYUw1Aoq+q2+gjiZKy1oxzZtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHF8lGYSo52QKMQBEyZgIbtSOwBkMB8GA1UdIwQY
MBaAFINHlRSVk5fF4/p24epJXo4fbDGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUt
MWU1ZTQzMGRkNzExLzEvY1h5VVpoS2puWkFveEFFVEptQWh1MUk3QUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lMDkxODEtMjY0My00MTRjLThmYmUtMWU1ZTQzMGRkNzEx
LzEvZzBlVkZKV1RsOFhqLW5iaDZrbGVqaDlzTVpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEWICAV
MA0GCSqGSIb3DQEBCwUAA4IBAQBqYNh9AWYgRwLPHxX6KUpGGixnc8VTWsCzgk83
Bq00PVdfTPrXOCzEZAJSdCNmmilj/ADDfCxHf/EPjtRC+jZrJujxGPTMx+YwFAm9
3h6OV3NWjYmXcwNHrlT0K5d+6HQ8k3e5PwZhXayvlr8/bIduGCh/suOdXnxgjdyY
tJD2W5fgp+g2xZWG0ToMvmS56r8qL1A2z8yj4uI2UU3QSy2HYfNqk9qZIEosXptr
XRearU2vJgz9OhuEPg0xW3gDvro6YngtMoCDiUoxcR9LD46OGOeTrlkQ8HYQtjbc
JN4XB9dM18cB/dYNbfQ2jXQoJn4J4F4K02sWJjTmiy8ZVgmG
-----END CERTIFICATE-----