Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/Etwwd7WJvWeB7MXHhfT72gULTEw.roa
File:                     Etwwd7WJvWeB7MXHhfT72gULTEw.roa (raw, json)
Hash identifier:          iWfQXgaN/brCVsPHDdIItM5TgLBul9DBLoVqMcau6pg=
Subject key identifier:   12:DC:30:77:B5:89:BD:67:81:EC:C5:C7:85:F4:FB:DA:05:0B:4C:4C
Certificate issuer:       /CN=e81393bdff601462a55591d26acb3d8c923ff26d
Certificate serial:       018CC8013A68DA782BD624503062E1071009
Authority key identifier: E8:13:93:BD:FF:60:14:62:A5:55:91:D2:6A:CB:3D:8C:92:3F:F2:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6BOTvf9gFGKlVZHSass9jJI_8m0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/Etwwd7WJvWeB7MXHhfT72gULTEw.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211922
IP address blocks:        2a10:5fc7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/6BOTvf9gFGKlVZHSass9jJI_8m0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/6BOTvf9gFGKlVZHSass9jJI_8m0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6BOTvf9gFGKlVZHSass9jJI_8m0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3a:68:da:78:2b:d6:24:50:30:62:e1:07:10:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e81393bdff601462a55591d26acb3d8c923ff26d
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12dc3077b589bd6781ecc5c785f4fbda050b4c4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0f:c8:a0:79:e9:71:2a:60:65:08:ee:9f:f3:
                    04:29:55:cb:d5:19:e5:ae:eb:de:e6:24:5e:ee:f4:
                    b0:cf:ed:d0:05:d7:e8:b9:e7:ed:c2:39:c6:50:82:
                    1e:fc:c7:8e:85:f5:7a:58:a4:ad:1b:0e:15:87:5c:
                    9c:4e:3c:ad:af:45:57:f0:3f:be:2b:1c:1b:89:2a:
                    f2:a5:b4:d2:b9:0c:b3:55:fb:9c:bd:5e:ac:95:94:
                    8b:a7:2d:85:61:7d:d2:3c:c1:13:14:4f:5a:b7:41:
                    b0:40:48:c6:e2:f4:07:7a:75:a1:98:a9:42:68:88:
                    08:95:f2:66:9c:07:35:2b:b8:48:97:4c:3c:c8:7a:
                    5c:3b:88:82:1c:bd:6a:8c:e5:3b:32:d3:fc:b4:57:
                    62:67:9f:80:1a:a6:a8:ed:85:85:9d:e1:22:ee:4e:
                    bb:c8:2f:41:1d:37:0c:fe:64:43:1a:eb:08:b0:10:
                    ad:ae:a4:95:71:86:1b:30:dd:7f:85:f0:f7:ab:df:
                    de:e0:66:26:89:38:00:9f:e2:8d:a6:44:d3:46:21:
                    47:50:ae:ea:b6:7a:19:62:97:c4:a3:05:e3:a1:9a:
                    7a:a3:ef:34:9b:26:31:d6:c2:c2:e3:43:b8:9c:40:
                    30:7c:18:b1:83:b4:c1:bc:3a:e2:97:b6:e6:ca:6d:
                    59:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DC:30:77:B5:89:BD:67:81:EC:C5:C7:85:F4:FB:DA:05:0B:4C:4C
            X509v3 Authority Key Identifier:
                keyid:E8:13:93:BD:FF:60:14:62:A5:55:91:D2:6A:CB:3D:8C:92:3F:F2:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6BOTvf9gFGKlVZHSass9jJI_8m0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/Etwwd7WJvWeB7MXHhfT72gULTEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/6BOTvf9gFGKlVZHSass9jJI_8m0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:5fc7::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:5b:c8:5b:62:6f:4e:67:20:d0:04:d1:3e:1f:d6:f3:29:a6:
         73:05:34:87:a1:6e:96:b6:a4:bd:61:d7:81:20:53:7d:c0:88:
         6b:c6:0b:d8:7c:f0:52:b4:b8:61:e1:c4:31:49:32:f0:9e:ac:
         3e:97:01:b3:5d:63:51:70:0c:83:cd:35:e3:4b:22:84:bc:e2:
         20:3c:e2:1c:76:bd:86:ec:63:d9:3b:70:aa:62:6b:62:c6:a2:
         7b:f7:5c:52:c0:86:10:74:89:36:b9:10:ba:0f:fc:64:58:f8:
         3f:bf:ac:6e:48:5c:5e:85:59:aa:b5:07:bd:f0:69:7c:dd:ae:
         d0:6c:24:5c:ce:a1:8d:a3:8c:8f:95:39:41:13:6f:21:f3:a1:
         4b:38:e8:7e:cf:03:f3:91:0c:ed:f6:20:90:06:d2:3e:c2:d2:
         f4:f9:20:f6:b1:b1:e2:67:54:79:44:0b:4c:61:b7:f1:b9:5f:
         30:2e:fd:4c:25:c7:39:4a:d5:ec:5b:3b:d1:cc:bb:bf:03:19:
         17:58:af:ab:27:0e:7d:73:7c:54:f2:ff:f6:ec:54:7a:c8:97:
         39:92:5a:41:67:72:84:85:ab:16:ac:c0:6e:d8:44:c2:a6:45:
         ca:da:d3:89:41:27:20:99:7f:8a:c1:4a:83:8b:5f:03:1a:58:
         38:49:b6:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATpo2ngr1iRQMGLhBxAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MTM5M2JkZmY2MDE0NjJhNTU1OTFkMjZhY2IzZDhjOTIz
ZmYyNmQwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRjMzA3N2I1ODliZDY3ODFlY2M1Yzc4NWY0ZmJkYTA1MGI0YzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ/IoHnpcSpgZQjun/MEKVXL1Rnl
ruve5iRe7vSwz+3QBdfoueftwjnGUIIe/MeOhfV6WKStGw4Vh1ycTjytr0VX8D++
KxwbiSrypbTSuQyzVfucvV6slZSLpy2FYX3SPMETFE9at0GwQEjG4vQHenWhmKlC
aIgIlfJmnAc1K7hIl0w8yHpcO4iCHL1qjOU7MtP8tFdiZ5+AGqao7YWFneEi7k67
yC9BHTcM/mRDGusIsBCtrqSVcYYbMN1/hfD3q9/e4GYmiTgAn+KNpkTTRiFHUK7q
tnoZYpfEowXjoZp6o+80myYx1sLC40O4nEAwfBixg7TBvDril7bmym1Z8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBLcMHe1ib1ngezFx4X0+9oFC0xMMB8GA1UdIwQY
MBaAFOgTk73/YBRipVWR0mrLPYySP/JtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkJPVHZmOWdGR0tsVlpIU2FzczlqSklfOG0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iZDAzODQtODA1ZC00OGExLWJmMDkt
M2MxNDYyMWVjZmM1LzEvRXR3d2Q3V0p2V2VCN01YSGhmVDcyZ1VMVEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iZDAzODQtODA1ZC00OGExLWJmMDktM2MxNDYyMWVjZmM1
LzEvNkJPVHZmOWdGR0tsVlpIU2FzczlqSklfOG0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBfxwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDLW8hbYm9OZyDQBNE+H9bzKaZzBTSHoW6WtqS9
YdeBIFN9wIhrxgvYfPBStLhh4cQxSTLwnqw+lwGzXWNRcAyDzTXjSyKEvOIgPOIc
dr2G7GPZO3CqYmtixqJ791xSwIYQdIk2uRC6D/xkWPg/v6xuSFxehVmqtQe98Gl8
3a7QbCRczqGNo4yPlTlBE28h86FLOOh+zwPzkQzt9iCQBtI+wtL0+SD2sbHiZ1R5
RAtMYbfxuV8wLv1MJcc5StXsWzvRzLu/AxkXWK+rJw59c3xU8v/27FR6yJc5klpB
Z3KEhasWrMBu2ETCpkXK2tOJQScgmX+KwUqDi18DGlg4Sba/
-----END CERTIFICATE-----