Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/2aab9a-fbe1-4f2a-a95d-ebc7043dbbdc/1/xR7tu-g0VkAo75q4zFlmP3o7Q3Y.roa
File:                     xR7tu-g0VkAo75q4zFlmP3o7Q3Y.roa (raw, json)
Hash identifier:          E+nbfPTBJdqGTxnoOD8DkAiXqQCjiEyFxpnniZ+DBXg=
Subject key identifier:   C5:1E:ED:BB:E8:34:56:40:28:EF:9A:B8:CC:59:66:3F:7A:3B:43:76
Certificate issuer:       /CN=e93114001872fabc939db6bedc1e6cd691462117
Certificate serial:       018CC5DC346DDE4DAE8AC63031218B9D6DE0
Authority key identifier: E9:31:14:00:18:72:FA:BC:93:9D:B6:BE:DC:1E:6C:D6:91:46:21:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6TEUABhy-ryTnba-3B5s1pFGIRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/2aab9a-fbe1-4f2a-a95d-ebc7043dbbdc/1/xR7tu-g0VkAo75q4zFlmP3o7Q3Y.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207901
IP address blocks:        2a0f:5740::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/2aab9a-fbe1-4f2a-a95d-ebc7043dbbdc/1/6TEUABhy-ryTnba-3B5s1pFGIRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/2aab9a-fbe1-4f2a-a95d-ebc7043dbbdc/1/6TEUABhy-ryTnba-3B5s1pFGIRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6TEUABhy-ryTnba-3B5s1pFGIRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:34:6d:de:4d:ae:8a:c6:30:31:21:8b:9d:6d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e93114001872fabc939db6bedc1e6cd691462117
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c51eedbbe834564028ef9ab8cc59663f7a3b4376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7b:bb:4f:35:44:b3:27:e9:9d:70:3e:e4:2f:
                    58:09:07:c4:21:d8:bf:cc:b8:75:c6:fc:94:ed:e8:
                    58:14:f7:bf:95:38:5d:24:b2:c5:7c:61:6c:7f:1d:
                    13:0f:ed:48:67:95:bd:c6:f0:71:54:cd:04:7c:88:
                    ec:bd:cc:4f:20:3d:e6:e5:b4:c2:2b:d9:5c:c9:b4:
                    ac:e5:8d:e2:2e:3b:6b:65:af:d3:01:9a:9a:83:0a:
                    1a:36:06:26:40:b4:99:54:fc:84:3a:1f:f7:66:79:
                    ca:f3:19:bb:18:e1:5a:d0:3c:95:48:3d:fc:6c:b7:
                    46:71:84:a5:93:85:4e:f3:17:f2:2e:5c:e4:cf:e7:
                    10:f3:9d:8f:b1:56:5f:b7:0f:b6:f8:cd:6f:34:94:
                    b0:b8:c5:9c:4e:6c:10:8e:f1:a1:c6:d6:44:51:93:
                    7d:60:05:c8:cf:b8:3d:a2:2a:f0:e1:72:94:1c:4a:
                    1c:b9:cd:08:b1:fa:26:7e:36:bf:c4:b4:98:ff:0b:
                    cc:9c:0b:55:29:06:13:9a:cc:5a:8f:de:c9:d7:fd:
                    27:21:dc:a9:6b:e2:88:b6:1a:8b:b1:f0:ec:30:a7:
                    53:be:b0:55:7b:4d:6f:c9:fb:60:b6:a5:74:8c:ce:
                    b6:fd:3f:29:0d:41:31:2c:cb:4a:25:43:95:8d:90:
                    ef:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:1E:ED:BB:E8:34:56:40:28:EF:9A:B8:CC:59:66:3F:7A:3B:43:76
            X509v3 Authority Key Identifier:
                keyid:E9:31:14:00:18:72:FA:BC:93:9D:B6:BE:DC:1E:6C:D6:91:46:21:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6TEUABhy-ryTnba-3B5s1pFGIRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2aab9a-fbe1-4f2a-a95d-ebc7043dbbdc/1/xR7tu-g0VkAo75q4zFlmP3o7Q3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2aab9a-fbe1-4f2a-a95d-ebc7043dbbdc/1/6TEUABhy-ryTnba-3B5s1pFGIRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5740::/29

    Signature Algorithm: sha256WithRSAEncryption
         bd:6a:71:e9:c3:f9:bf:23:73:d1:84:25:b5:59:94:4a:55:86:
         17:b6:f1:6a:a5:6e:e1:c3:b1:ff:a6:d1:e1:6e:d6:d5:4d:e4:
         98:73:07:ea:81:83:df:4b:6d:84:1b:86:c4:2c:aa:cb:12:05:
         94:1b:08:81:cf:0b:33:08:a5:4a:1b:86:cc:4e:71:fe:d7:10:
         62:22:84:95:f3:fc:c5:72:00:5c:a5:de:5a:1f:0a:98:7d:89:
         ab:3c:79:24:97:5b:98:ae:d5:7f:ea:19:68:2b:a8:82:37:90:
         1d:91:9f:e4:09:e8:9a:51:c5:be:1f:84:8a:53:36:04:27:c1:
         92:f7:9e:85:2f:c5:69:8f:96:98:2e:41:b1:9b:02:c6:d7:fc:
         8d:e6:cf:55:aa:67:72:a5:30:27:bc:12:14:0a:4f:50:41:e8:
         71:bf:29:ca:e1:bb:d7:2f:f0:17:d7:b6:38:d6:ab:84:de:bf:
         5f:7c:42:5f:82:bf:34:da:bc:c5:06:ca:74:e4:84:09:13:35:
         ab:f1:9d:5d:e3:79:e9:07:d5:c5:ca:d8:40:e8:f7:c3:71:46:
         08:4d:cb:9b:b3:f9:16:11:8c:a4:08:21:d7:f3:fe:8e:ac:16:
         15:bc:44:34:a6:0f:dc:5d:91:66:5f:f1:d0:28:05:b9:83:85:
         da:03:c2:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3DRt3k2uisYwMSGLnW3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MzExNDAwMTg3MmZhYmM5MzlkYjZiZWRjMWU2Y2Q2OTE0
NjIxMTcwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTFlZWRiYmU4MzQ1NjQwMjhlZjlhYjhjYzU5NjYzZjdhM2I0Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXu7TzVEsyfpnXA+5C9YCQfEIdi/
zLh1xvyU7ehYFPe/lThdJLLFfGFsfx0TD+1IZ5W9xvBxVM0EfIjsvcxPID3m5bTC
K9lcybSs5Y3iLjtrZa/TAZqagwoaNgYmQLSZVPyEOh/3ZnnK8xm7GOFa0DyVSD38
bLdGcYSlk4VO8xfyLlzkz+cQ852PsVZftw+2+M1vNJSwuMWcTmwQjvGhxtZEUZN9
YAXIz7g9oirw4XKUHEocuc0Isfomfja/xLSY/wvMnAtVKQYTmsxaj97J1/0nIdyp
a+KIthqLsfDsMKdTvrBVe01vyftgtqV0jM62/T8pDUExLMtKJUOVjZDvzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMUe7bvoNFZAKO+auMxZZj96O0N2MB8GA1UdIwQY
MBaAFOkxFAAYcvq8k522vtwebNaRRiEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlRFVUFCaHktcnlUbmJhLTNCNXMxcEZHSVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yYWFiOWEtZmJlMS00ZjJhLWE5NWQt
ZWJjNzA0M2RiYmRjLzEveFI3dHUtZzBWa0FvNzVxNHpGbG1QM283UTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yYWFiOWEtZmJlMS00ZjJhLWE5NWQtZWJjNzA0M2RiYmRj
LzEvNlRFVUFCaHktcnlUbmJhLTNCNXMxcEZHSVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg9XQDAN
BgkqhkiG9w0BAQsFAAOCAQEAvWpx6cP5vyNz0YQltVmUSlWGF7bxaqVu4cOx/6bR
4W7W1U3kmHMH6oGD30tthBuGxCyqyxIFlBsIgc8LMwilShuGzE5x/tcQYiKElfP8
xXIAXKXeWh8KmH2Jqzx5JJdbmK7Vf+oZaCuogjeQHZGf5AnomlHFvh+EilM2BCfB
kveehS/FaY+WmC5BsZsCxtf8jebPVapncqUwJ7wSFApPUEHocb8pyuG71y/wF9e2
ONarhN6/X3xCX4K/NNq8xQbKdOSECRM1q/GdXeN56QfVxcrYQOj3w3FGCE3Lm7P5
FhGMpAgh1/P+jqwWFbxENKYP3F2RZl/x0CgFuYOF2gPCoA==
-----END CERTIFICATE-----