Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/H67MDVO_sduWLnTrzdkwCeYk4jE.roa
File:                     H67MDVO_sduWLnTrzdkwCeYk4jE.roa (raw, json)
Hash identifier:          SB+XPDn89ame3uSsP3zxAMo+UL5fIFRLypghxapXndg=
Subject key identifier:   1F:AE:CC:0D:53:BF:B1:DB:96:2E:74:EB:CD:D9:30:09:E6:24:E2:31
Certificate issuer:       /CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
Certificate serial:       018CC6B85F66A5A857D7D3D8F426BBFBEFB1
Authority key identifier: 57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/H67MDVO_sduWLnTrzdkwCeYk4jE.roa
Signing time:             Mon 01 Jan 2024 20:30:20 +0000
ROA not before:           Mon 01 Jan 2024 20:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204901
IP address blocks:        2a10:a642:aa00::/40 maxlen: 48
                          2a10:a642:aa00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:5f:66:a5:a8:57:d7:d3:d8:f4:26:bb:fb:ef:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
        Validity
            Not Before: Jan  1 20:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1faecc0d53bfb1db962e74ebcdd93009e624e231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:fb:e3:f5:eb:2b:13:e3:d0:eb:e8:f9:f2:a3:
                    21:0d:52:08:29:1e:3a:76:a5:a0:2e:cd:82:0e:31:
                    e9:c0:26:cd:bc:33:33:43:0d:26:9b:a7:ab:83:75:
                    99:f8:b1:90:7f:62:ab:a9:e8:83:f3:17:5b:09:06:
                    cb:6d:4f:e2:e9:f1:10:80:d5:3b:13:61:3a:af:f8:
                    1d:a2:d8:92:4b:c5:a2:11:32:92:12:ea:6c:51:cd:
                    06:d6:11:14:82:1b:42:a2:50:b7:2e:14:71:72:59:
                    d3:8a:f3:c7:9a:fc:81:ee:ab:34:03:34:15:f1:a1:
                    79:04:cf:78:08:a6:01:71:06:a6:82:f6:30:81:10:
                    88:97:50:cb:0f:b4:b3:6c:78:2d:8b:79:7f:5f:fa:
                    04:f1:74:90:2a:da:6b:e3:3d:28:bc:54:89:4b:72:
                    4f:54:ac:a3:26:c0:b2:25:b1:d6:ad:f5:5d:36:4f:
                    eb:24:95:93:00:ce:3c:c0:3c:1b:37:34:61:c3:0e:
                    95:4d:0f:d2:3c:65:e5:49:c1:d6:5c:f9:82:ff:7e:
                    c1:f4:b5:75:e5:fa:82:3c:8b:ad:98:5a:04:83:83:
                    98:d2:b3:fb:33:18:35:c1:03:58:46:77:b1:32:c4:
                    68:6a:d5:b7:ac:f4:db:6e:7b:97:a5:a3:10:dd:ec:
                    99:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AE:CC:0D:53:BF:B1:DB:96:2E:74:EB:CD:D9:30:09:E6:24:E2:31
            X509v3 Authority Key Identifier:
                keyid:57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/H67MDVO_sduWLnTrzdkwCeYk4jE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a642:aa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c4:4a:3d:13:01:9f:53:65:cc:a9:6b:7a:f8:8d:f5:3c:d2:4f:
         8f:74:0c:03:64:09:31:5f:bf:ad:82:ff:57:af:74:0b:fa:92:
         fd:a2:9c:91:0e:17:59:19:51:35:e1:c6:44:53:30:ef:5f:57:
         f9:59:40:1e:57:f9:f1:9c:60:75:71:f3:31:a9:24:03:ea:08:
         c4:ab:f6:ae:21:40:80:13:e1:6a:74:52:b8:5c:76:eb:a0:fa:
         99:c7:31:fc:e2:cf:41:8f:7f:8e:bd:ba:59:82:e5:3a:22:7d:
         de:bb:04:22:41:c3:3b:7d:f3:8d:59:25:d7:49:90:48:d2:be:
         85:eb:c5:8c:b8:07:e7:0e:28:b3:13:22:a6:74:01:c1:30:13:
         99:52:28:c9:2c:4c:18:90:15:eb:76:6d:50:bb:68:af:bf:f7:
         65:97:26:15:7d:a5:3c:25:6c:bc:09:bb:d3:9f:ec:35:72:2b:
         a9:c2:37:e6:dc:cd:5a:aa:06:fc:b1:1c:24:99:28:47:97:22:
         e7:a0:7b:df:2a:aa:cc:06:9f:b6:63:e9:3c:40:9a:07:ff:3a:
         53:69:06:65:ac:b6:01:bf:a8:ed:de:fb:cd:64:35:44:dc:91:
         b7:b4:4c:f2:2d:5b:67:d1:99:47:c8:c3:a2:66:fb:6a:f2:ec:
         f5:1e:f0:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuF9mpahX19PY9Ca7+++xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzZkOWEwYjU1YmQ0OTVhMWJlM2M1YzAzZmEyNTFkM2Rl
OGI4YzUwHhcNMjQwMTAxMjAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFlY2MwZDUzYmZiMWRiOTYyZTc0ZWJjZGQ5MzAwOWU2MjRlMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fvj9esrE+PQ6+j58qMhDVIIKR46
dqWgLs2CDjHpwCbNvDMzQw0mm6erg3WZ+LGQf2KrqeiD8xdbCQbLbU/i6fEQgNU7
E2E6r/gdotiSS8WiETKSEupsUc0G1hEUghtColC3LhRxclnTivPHmvyB7qs0AzQV
8aF5BM94CKYBcQamgvYwgRCIl1DLD7SzbHgti3l/X/oE8XSQKtpr4z0ovFSJS3JP
VKyjJsCyJbHWrfVdNk/rJJWTAM48wDwbNzRhww6VTQ/SPGXlScHWXPmC/37B9LV1
5fqCPIutmFoEg4OY0rP7Mxg1wQNYRnexMsRoatW3rPTbbnuXpaMQ3eyZsQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFB+uzA1Tv7Hbli50683ZMAnmJOIxMB8GA1UdIwQY
MBaAFFd22aC1W9SVob48XAP6JR096LjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUt
YzBiYTJmM2ZjNzJhLzEvSDY3TURWT19zZHVXTG5Ucnpka3dDZVlrNGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUtYzBiYTJmM2ZjNzJh
LzEvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhCmQqow
DQYJKoZIhvcNAQELBQADggEBAMRKPRMBn1NlzKlreviN9TzST490DANkCTFfv62C
/1evdAv6kv2inJEOF1kZUTXhxkRTMO9fV/lZQB5X+fGcYHVx8zGpJAPqCMSr9q4h
QIAT4Wp0Urhcduug+pnHMfziz0GPf469ulmC5Toifd67BCJBwzt9841ZJddJkEjS
voXrxYy4B+cOKLMTIqZ0AcEwE5lSKMksTBiQFet2bVC7aK+/92WXJhV9pTwlbLwJ
u9Of7DVyK6nCN+bczVqqBvyxHCSZKEeXIuege98qqswGn7Zj6TxAmgf/OlNpBmWs
tgG/qO3e+81kNUTckbe0TPItW2fRmUfIw6Jm+2ry7PUe8FM=
-----END CERTIFICATE-----