Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/Unk3Iuw9eBGDYnylzZmKadRs7gI.roa
File:                     Unk3Iuw9eBGDYnylzZmKadRs7gI.roa (raw, json)
Hash identifier:          IxvVMxNHLbMexzMLehCeyg2aMyK886Yt+5Qle8Ylhbg=
Subject key identifier:   52:79:37:22:EC:3D:78:11:83:62:7C:A5:CD:99:8A:69:D4:6C:EE:02
Certificate issuer:       /CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
Certificate serial:       018CC6B85FAEB224573C35D1AE6CE5CC8F5D
Authority key identifier: 57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/Unk3Iuw9eBGDYnylzZmKadRs7gI.roa
Signing time:             Mon 01 Jan 2024 20:30:21 +0000
ROA not before:           Mon 01 Jan 2024 20:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209861
IP address blocks:        2a10:a642:ad00::/40 maxlen: 40
                          2a10:a642:aa00::/40 maxlen: 48
                          2a10:a642:aa00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:5f:ae:b2:24:57:3c:35:d1:ae:6c:e5:cc:8f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
        Validity
            Not Before: Jan  1 20:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52793722ec3d781183627ca5cd998a69d46cee02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a7:3e:e1:cb:a3:c8:67:9c:a5:93:72:83:b4:
                    56:14:91:21:5e:b8:37:7e:8b:6b:3d:8b:bd:6e:4b:
                    af:a9:03:4b:62:68:5c:72:05:eb:28:6c:e8:e2:08:
                    c8:84:75:06:f6:15:eb:14:4f:fc:b7:8e:53:fb:76:
                    03:a4:a8:0f:8f:dd:4f:3f:9b:da:4b:a9:36:c9:0a:
                    0a:6c:43:eb:db:95:99:0f:17:73:1e:6d:15:d9:b3:
                    cd:9f:82:64:b4:6e:c7:9f:1c:b3:e6:97:e2:76:3a:
                    bb:84:5e:bb:58:71:e1:0f:01:f3:87:16:7c:ce:a5:
                    49:ce:f9:4b:8b:fe:14:e2:c8:f6:70:e6:ce:70:8f:
                    f4:eb:85:2f:38:aa:1a:de:96:80:3a:e4:9f:48:74:
                    d1:6f:5b:a5:c2:e7:b2:bd:c7:c9:ec:4d:18:45:cf:
                    9a:b7:31:07:d2:4c:69:cf:45:c1:44:0d:41:46:21:
                    da:4a:74:42:91:2c:8b:c8:9e:72:eb:ed:e4:c0:25:
                    36:78:db:12:4c:86:4e:2f:82:62:2b:e1:a7:7e:b3:
                    5b:86:ae:96:a4:b4:f8:b6:79:8d:25:cf:80:5f:65:
                    d2:81:6e:c2:33:a0:89:6c:1e:e5:a5:45:56:aa:1d:
                    f7:d0:f7:b5:f3:b4:61:3a:7c:da:f2:71:c0:48:54:
                    30:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:79:37:22:EC:3D:78:11:83:62:7C:A5:CD:99:8A:69:D4:6C:EE:02
            X509v3 Authority Key Identifier:
                keyid:57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/Unk3Iuw9eBGDYnylzZmKadRs7gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a642:aa00::/40
                  2a10:a642:ad00::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:d1:05:e0:68:c3:ec:10:39:4f:60:86:a0:bc:f2:14:9e:87:
         a5:f8:f1:41:65:f8:c6:68:e8:43:18:8b:d8:ed:af:17:de:f2:
         b1:9f:b9:0f:47:75:14:b5:94:68:2e:37:ff:a1:20:f5:9c:f0:
         28:3c:22:8d:05:29:06:20:41:b2:17:cf:f9:a7:c8:88:37:ae:
         a4:83:e3:65:65:d8:55:14:e9:c0:b1:c0:ea:30:46:61:13:07:
         60:08:18:07:d5:46:49:16:5b:6a:a4:7e:81:26:4a:76:77:1f:
         47:b9:49:a9:ab:c2:20:72:ea:cc:f0:64:68:bb:5f:86:6d:d5:
         a5:fe:8e:f1:bb:a4:08:10:92:26:bc:bd:01:c7:c9:48:73:c8:
         a1:e0:c0:39:c7:ef:c9:37:05:98:d8:33:fa:55:1e:83:42:ff:
         ce:0b:f4:6a:98:1e:a9:83:bd:5d:57:c9:0f:c4:cb:9f:a3:0e:
         62:70:96:0e:3b:dd:05:d3:78:2a:63:67:f2:35:97:82:81:03:
         d2:d1:5b:a2:1a:eb:47:d0:a7:32:4a:62:cf:36:f7:5c:d9:cd:
         22:09:45:35:e3:a4:3f:db:9c:2f:46:af:2f:5d:44:33:fd:fa:
         2d:04:a5:45:9a:b0:a3:da:2b:01:a6:0f:bb:0a:41:e4:42:a4:
         7f:2e:a0:d9
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzGuF+usiRXPDXRrmzlzI9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzZkOWEwYjU1YmQ0OTVhMWJlM2M1YzAzZmEyNTFkM2Rl
OGI4YzUwHhcNMjQwMTAxMjAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjc5MzcyMmVjM2Q3ODExODM2MjdjYTVjZDk5OGE2OWQ0NmNlZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqc+4cujyGecpZNyg7RWFJEhXrg3
fotrPYu9bkuvqQNLYmhccgXrKGzo4gjIhHUG9hXrFE/8t45T+3YDpKgPj91PP5va
S6k2yQoKbEPr25WZDxdzHm0V2bPNn4JktG7Hnxyz5pfidjq7hF67WHHhDwHzhxZ8
zqVJzvlLi/4U4sj2cObOcI/064UvOKoa3paAOuSfSHTRb1ulwueyvcfJ7E0YRc+a
tzEH0kxpz0XBRA1BRiHaSnRCkSyLyJ5y6+3kwCU2eNsSTIZOL4JiK+GnfrNbhq6W
pLT4tnmNJc+AX2XSgW7CM6CJbB7lpUVWqh330Pe187RhOnza8nHASFQwBQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFFJ5NyLsPXgRg2J8pc2ZimnUbO4CMB8GA1UdIwQY
MBaAFFd22aC1W9SVob48XAP6JR096LjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUt
YzBiYTJmM2ZjNzJhLzEvVW5rM0l1dzllQkdEWW55bHpabUthZFJzN2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUtYzBiYTJmM2ZjNzJh
LzEvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhCmQqoD
BgAqEKZCrTANBgkqhkiG9w0BAQsFAAOCAQEAMdEF4GjD7BA5T2CGoLzyFJ6Hpfjx
QWX4xmjoQxiL2O2vF97ysZ+5D0d1FLWUaC43/6Eg9ZzwKDwijQUpBiBBshfP+afI
iDeupIPjZWXYVRTpwLHA6jBGYRMHYAgYB9VGSRZbaqR+gSZKdncfR7lJqavCIHLq
zPBkaLtfhm3Vpf6O8bukCBCSJry9AcfJSHPIoeDAOcfvyTcFmNgz+lUeg0L/zgv0
apgeqYO9XVfJD8TLn6MOYnCWDjvdBdN4KmNn8jWXgoED0tFbohrrR9CnMkpizzb3
XNnNIglFNeOkP9ucL0avL11EM/36LQSlRZqwo9orAaYPuwpB5EKkfy6g2Q==
-----END CERTIFICATE-----