Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/rEX_Ax4mdbPNLjoq2voqK2DB-S0.roa
File:                     rEX_Ax4mdbPNLjoq2voqK2DB-S0.roa (raw, json)
Hash identifier:          k+qAL/CtkD9b2vH7cBQ/eqhlOZGB0CwgpA7WK4gdqEE=
Subject key identifier:   AC:45:FF:03:1E:26:75:B3:CD:2E:3A:2A:DA:FA:2A:2B:60:C1:F9:2D
Certificate issuer:       /CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
Certificate serial:       018CC6B86070A3F38CC1038F5B63582AC94D
Authority key identifier: 57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/rEX_Ax4mdbPNLjoq2voqK2DB-S0.roa
Signing time:             Mon 01 Jan 2024 20:30:21 +0000
ROA not before:           Mon 01 Jan 2024 20:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211767
IP address blocks:        2a10:a642::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:60:70:a3:f3:8c:c1:03:8f:5b:63:58:2a:c9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
        Validity
            Not Before: Jan  1 20:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac45ff031e2675b3cd2e3a2adafa2a2b60c1f92d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:44:98:3d:14:e5:54:19:79:f2:25:85:a6:53:
                    b4:40:d7:a1:4c:2d:9d:ab:40:75:ce:68:16:86:f0:
                    a2:89:b4:37:17:af:20:70:d9:78:f0:fa:0e:2a:48:
                    fe:44:b2:e8:6e:1d:32:53:9c:d7:a9:52:0c:c8:fb:
                    0e:f8:55:30:52:9a:0e:67:00:88:05:8e:02:d6:c7:
                    ff:2e:8f:51:1c:98:82:6f:15:d6:be:e0:8f:c3:44:
                    af:b6:09:0e:8a:03:76:02:ad:92:fc:df:8e:68:bd:
                    ad:c6:e5:46:85:d7:b8:cf:17:99:11:44:e0:b1:fd:
                    8d:90:bb:8f:7c:76:b7:9d:20:c7:44:a4:52:fc:71:
                    5d:9e:36:bc:ef:60:cb:13:7c:4c:eb:45:f5:5f:53:
                    65:b5:33:6d:30:c2:02:d8:8c:e1:c6:45:76:d4:3e:
                    0a:54:b1:16:41:bd:8d:94:07:20:a3:61:bb:ce:4f:
                    5e:87:2d:e9:ff:79:d6:bd:3d:06:03:00:2d:ec:9b:
                    05:8e:e2:11:c3:c0:ce:41:33:b4:95:a3:2d:53:de:
                    09:29:f0:d6:c9:25:f1:ad:98:68:6e:7f:0c:bb:0b:
                    81:33:5c:28:2d:99:56:ed:3c:8f:4b:55:84:29:2a:
                    fe:30:4f:cc:f6:10:08:ce:dc:f7:2c:41:28:53:4c:
                    db:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:45:FF:03:1E:26:75:B3:CD:2E:3A:2A:DA:FA:2A:2B:60:C1:F9:2D
            X509v3 Authority Key Identifier:
                keyid:57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/rEX_Ax4mdbPNLjoq2voqK2DB-S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a642::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:65:d1:78:ce:bb:94:68:af:e1:2a:ad:8c:06:54:97:39:04:
         43:a2:0c:0b:d7:f1:c7:99:99:6f:07:7b:38:b4:fb:c6:50:29:
         87:a9:07:4d:9e:c9:16:ab:30:8f:e5:48:fb:96:38:38:5f:cc:
         de:48:b1:61:15:ef:a7:82:ad:db:40:85:d5:51:a3:e1:61:95:
         9f:97:23:5b:13:10:e1:31:2a:02:eb:8e:02:b2:51:de:90:ed:
         09:19:86:1c:0e:a1:2e:23:f5:03:60:e1:6a:ce:f4:a5:42:4d:
         be:06:17:89:5d:d3:e3:53:c0:5a:b4:e3:0d:f3:02:5f:8c:e5:
         fe:6d:82:e3:69:fc:29:24:ac:24:d8:67:0a:4b:2e:50:da:7c:
         35:3a:47:15:1a:55:c0:d6:6b:f5:85:20:4a:7e:60:91:be:38:
         71:aa:b3:ad:30:29:de:9d:20:df:53:43:b4:e1:03:2a:54:08:
         d5:21:58:21:fd:3b:95:9f:7f:ce:00:a1:81:22:24:0c:a8:9c:
         49:71:60:f5:88:70:bf:0b:52:eb:09:70:2e:5a:e1:d8:93:8b:
         8f:a9:13:83:5a:4d:f3:9e:10:15:0b:9b:cb:68:06:fc:aa:39:
         5a:13:02:94:af:a1:a9:55:c4:e1:ed:50:a7:1f:78:20:fc:a2:
         e7:53:40:dd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGuGBwo/OMwQOPW2NYKslNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzZkOWEwYjU1YmQ0OTVhMWJlM2M1YzAzZmEyNTFkM2Rl
OGI4YzUwHhcNMjQwMTAxMjAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ1ZmYwMzFlMjY3NWIzY2QyZTNhMmFkYWZhMmEyYjYwYzFmOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwESYPRTlVBl58iWFplO0QNehTC2d
q0B1zmgWhvCiibQ3F68gcNl48PoOKkj+RLLobh0yU5zXqVIMyPsO+FUwUpoOZwCI
BY4C1sf/Lo9RHJiCbxXWvuCPw0SvtgkOigN2Aq2S/N+OaL2txuVGhde4zxeZEUTg
sf2NkLuPfHa3nSDHRKRS/HFdnja872DLE3xM60X1X1NltTNtMMIC2IzhxkV21D4K
VLEWQb2NlAcgo2G7zk9ehy3p/3nWvT0GAwAt7JsFjuIRw8DOQTO0laMtU94JKfDW
ySXxrZhobn8MuwuBM1woLZlW7TyPS1WEKSr+ME/M9hAIztz3LEEoU0zb1QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKxF/wMeJnWzzS46Ktr6KitgwfktMB8GA1UdIwQY
MBaAFFd22aC1W9SVob48XAP6JR096LjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUt
YzBiYTJmM2ZjNzJhLzEvckVYX0F4NG1kYlBOTGpvcTJ2b3FLMkRCLVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUtYzBiYTJmM2ZjNzJh
LzEvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhCmQgAw
DQYJKoZIhvcNAQELBQADggEBAExl0XjOu5Ror+EqrYwGVJc5BEOiDAvX8ceZmW8H
ezi0+8ZQKYepB02eyRarMI/lSPuWODhfzN5IsWEV76eCrdtAhdVRo+FhlZ+XI1sT
EOExKgLrjgKyUd6Q7QkZhhwOoS4j9QNg4WrO9KVCTb4GF4ld0+NTwFq04w3zAl+M
5f5tguNp/CkkrCTYZwpLLlDafDU6RxUaVcDWa/WFIEp+YJG+OHGqs60wKd6dIN9T
Q7ThAypUCNUhWCH9O5Wff84AoYEiJAyonElxYPWIcL8LUusJcC5a4diTi4+pE4Na
TfOeEBULm8toBvyqOVoTApSvoalVxOHtUKcfeCD8oudTQN0=
-----END CERTIFICATE-----