Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/6tWiJdFWQ3Y2HJrlgU2aBlnrAM0.roa
File:                     6tWiJdFWQ3Y2HJrlgU2aBlnrAM0.roa (raw, json)
Hash identifier:          eNg2BVuEhuWeohzsOiVz21dvtijl+jIwpCkNEEOtufY=
Subject key identifier:   EA:D5:A2:25:D1:56:43:76:36:1C:9A:E5:81:4D:9A:06:59:EB:00:CD
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE8E4D054778536BA75D9C1987169
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/6tWiJdFWQ3Y2HJrlgU2aBlnrAM0.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205632
IP address blocks:        5.1.71.0/24 maxlen: 32
                          2a07:6fc0:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e8:e4:d0:54:77:85:36:ba:75:d9:c1:98:71:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ead5a225d1564376361c9ae5814d9a0659eb00cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:78:88:92:5a:fa:d0:39:85:f2:5f:a5:4a:f4:
                    d5:3f:1b:c9:b0:f0:8e:41:8f:e2:83:1b:55:e1:57:
                    e9:5d:1f:1f:19:f8:ee:1c:cb:b1:22:61:e9:41:61:
                    b9:83:b1:ae:fa:a8:18:9a:b8:7e:ca:46:5f:4e:16:
                    9e:63:cd:ba:20:8d:6c:7e:68:b9:b6:d9:cf:1c:34:
                    c0:d4:2b:b7:93:da:30:38:8c:6c:7c:a0:43:f2:e0:
                    f3:62:37:de:d2:ec:a9:f5:e7:86:16:08:15:38:2a:
                    f6:eb:22:3a:f8:6d:24:a9:63:4d:e4:a9:5b:81:69:
                    96:0d:2e:21:d7:9f:17:ea:ae:df:83:5e:92:da:97:
                    10:d2:9f:d2:45:97:95:e1:41:e9:d6:c6:af:d3:1b:
                    c2:c1:b8:dd:62:37:7b:dd:3b:28:f9:0d:0a:54:71:
                    16:dc:6e:be:4d:db:f1:26:9a:fa:b3:78:0e:14:9a:
                    05:b3:5a:d4:74:18:44:7a:f0:df:6c:46:97:0d:75:
                    41:1f:57:04:fe:21:48:22:7c:90:d1:dc:03:56:e3:
                    fd:0d:a0:58:06:4b:49:9f:21:e4:d6:d2:00:c3:12:
                    f1:54:3e:7e:ab:79:db:bc:85:79:ab:68:d7:0c:90:
                    23:f2:68:10:3a:a1:89:82:57:f3:ba:df:be:2c:46:
                    d0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D5:A2:25:D1:56:43:76:36:1C:9A:E5:81:4D:9A:06:59:EB:00:CD
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/6tWiJdFWQ3Y2HJrlgU2aBlnrAM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.71.0/24
                IPv6:
                  2a07:6fc0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:6d:f9:c9:35:82:a4:99:d8:6a:7a:b2:79:5c:70:74:54:61:
         2a:f4:57:65:a5:4a:6e:42:60:c1:76:87:07:ad:bd:77:0a:0f:
         84:cf:19:5c:2a:40:1f:d5:9b:3c:b5:d0:40:3e:68:6d:fb:93:
         b0:e8:64:e0:98:4f:53:6b:e6:cc:9d:c6:4f:9f:30:cb:bd:03:
         50:39:a0:42:4f:ba:0b:02:22:69:4f:36:ae:45:f9:5a:1e:1d:
         60:ab:2c:ef:76:f4:31:b2:52:8b:22:1c:14:34:af:01:d0:ed:
         ea:87:b8:dd:d3:0e:cd:89:2c:62:fe:ab:e6:ee:41:2c:b7:ba:
         6a:d2:b9:0d:93:92:53:a9:f4:33:47:78:5b:04:42:03:e8:89:
         79:a6:de:de:4f:fb:19:94:95:55:ca:4d:40:55:b8:fa:86:f7:
         73:d3:4a:2a:8b:91:47:93:05:43:cf:55:8c:b3:5d:17:61:19:
         a2:04:26:b5:31:cf:be:dc:64:02:23:cf:37:09:aa:21:20:d7:
         93:0f:31:77:92:de:f8:96:c1:ac:e8:c1:d5:21:03:96:8d:cf:
         7e:a8:da:bd:e0:09:ca:cf:9e:0b:14:af:c2:de:98:e7:1d:41:
         2a:ee:82:f1:27:a3:b2:27:2b:dc:c7:14:94:a1:a8:b9:cf:fb:
         43:5b:5e:5b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSujk0FR3hTa6ddnBmHFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQ1YTIyNWQxNTY0Mzc2MzYxYzlhZTU4MTRkOWEwNjU5ZWIwMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXiIklr60DmF8l+lSvTVPxvJsPCO
QY/igxtV4VfpXR8fGfjuHMuxImHpQWG5g7Gu+qgYmrh+ykZfThaeY826II1sfmi5
ttnPHDTA1Cu3k9owOIxsfKBD8uDzYjfe0uyp9eeGFggVOCr26yI6+G0kqWNN5Klb
gWmWDS4h158X6q7fg16S2pcQ0p/SRZeV4UHp1sav0xvCwbjdYjd73Tso+Q0KVHEW
3G6+TdvxJpr6s3gOFJoFs1rUdBhEevDfbEaXDXVBH1cE/iFIInyQ0dwDVuP9DaBY
BktJnyHk1tIAwxLxVD5+q3nbvIV5q2jXDJAj8mgQOqGJglfzut++LEbQ9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOrVoiXRVkN2Nhya5YFNmgZZ6wDNMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvNnRXaUpkRldRM1kySEpybGdVMmFCbG5yQU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABQFHMA8E
AgACMAkDBwAqB2/AAAQwDQYJKoZIhvcNAQELBQADggEBAHpt+ck1gqSZ2Gp6snlc
cHRUYSr0V2WlSm5CYMF2hwetvXcKD4TPGVwqQB/Vmzy10EA+aG37k7DoZOCYT1Nr
5sydxk+fMMu9A1A5oEJPugsCImlPNq5F+VoeHWCrLO929DGyUosiHBQ0rwHQ7eqH
uN3TDs2JLGL+q+buQSy3umrSuQ2TklOp9DNHeFsEQgPoiXmm3t5P+xmUlVXKTUBV
uPqG93PTSiqLkUeTBUPPVYyzXRdhGaIEJrUxz77cZAIjzzcJqiEg15MPMXeS3viW
wazowdUhA5aNz36o2r3gCcrPngsUr8LemOcdQSrugvEno7InK9zHFJShqLnP+0Nb
Xls=
-----END CERTIFICATE-----