Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/XnPraB41E1QQFEevgegIN3EfNGQ.roa
File:                     XnPraB41E1QQFEevgegIN3EfNGQ.roa (raw, json)
Hash identifier:          722ufutqFHVzyitCfMx7stFEGNMbvPgVkLvy4VjNZCE=
Subject key identifier:   5E:73:EB:68:1E:35:13:54:10:14:47:AF:81:E8:08:37:71:1F:34:64
Certificate issuer:       /CN=bd5c08323ac27ab6553a5a69a73a58f802423d68
Certificate serial:       018F0AFA53639FE108429D55B064F1A4FF29
Authority key identifier: BD:5C:08:32:3A:C2:7A:B6:55:3A:5A:69:A7:3A:58:F8:02:42:3D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/XnPraB41E1QQFEevgegIN3EfNGQ.roa
Signing time:             Tue 23 Apr 2024 12:42:08 +0000
ROA not before:           Tue 23 Apr 2024 12:42:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2a03:96e0:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:fa:53:63:9f:e1:08:42:9d:55:b0:64:f1:a4:ff:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd5c08323ac27ab6553a5a69a73a58f802423d68
        Validity
            Not Before: Apr 23 12:42:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e73eb681e351354101447af81e80837711f3464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5f:e0:a8:e9:c5:8c:50:35:31:b9:d7:50:e3:
                    a4:9b:31:c2:0b:25:a1:0e:e6:9c:d8:58:46:d8:ce:
                    3e:ec:df:32:12:f7:cd:1d:15:29:e0:19:04:b5:80:
                    3b:5b:aa:4e:01:27:d3:a4:3c:38:d4:5e:d9:66:9f:
                    79:c2:71:14:a6:2a:cf:20:1e:10:61:9a:77:e4:6e:
                    aa:bc:2b:c1:5b:40:2a:5f:55:83:b9:6c:1a:71:1d:
                    5e:17:36:ac:d7:f0:e8:10:11:d2:e9:c5:a1:61:17:
                    14:9a:28:9a:c4:93:f5:d4:3f:53:12:f9:01:4f:e1:
                    0b:bb:33:72:d9:4f:e5:29:7c:cb:06:9e:27:b2:2f:
                    a8:ae:7e:aa:3c:5b:c9:f4:5c:7e:51:4b:fb:6e:4e:
                    3e:4a:65:79:e6:ec:e4:8b:a9:be:e8:31:fe:50:74:
                    a6:4f:45:ca:63:20:79:a0:63:69:83:d4:67:ea:8f:
                    90:6d:2b:dd:5e:22:b3:00:c7:00:21:2a:ec:f5:16:
                    b9:85:18:7c:ba:8b:9c:be:30:84:8a:76:ca:8b:84:
                    de:74:1f:22:b1:7c:db:ac:51:bd:49:7a:ef:13:4d:
                    16:7e:70:36:a9:40:d6:18:06:9d:4a:4c:a0:c8:6b:
                    7e:d4:b9:ee:0d:a7:9a:86:5e:20:5f:08:8f:70:13:
                    1e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:73:EB:68:1E:35:13:54:10:14:47:AF:81:E8:08:37:71:1F:34:64
            X509v3 Authority Key Identifier:
                keyid:BD:5C:08:32:3A:C2:7A:B6:55:3A:5A:69:A7:3A:58:F8:02:42:3D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/XnPraB41E1QQFEevgegIN3EfNGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:96e0:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         26:98:58:1d:26:f7:f7:28:84:e9:29:4f:18:64:fc:ad:ba:35:
         53:ae:a4:d1:71:a1:60:2f:65:66:97:1b:4f:17:b0:4e:01:67:
         0f:10:31:15:d7:6d:0f:a5:06:f3:99:35:00:95:6e:22:9f:f7:
         6f:23:f0:8f:57:28:f1:3d:e2:92:d0:1d:e8:37:4c:7c:5c:8a:
         bc:2e:a1:f1:7b:96:19:7a:73:47:12:36:1b:9d:33:be:70:03:
         b4:b9:7b:f1:00:a9:c3:12:f5:96:d0:4a:25:a0:9c:5f:48:37:
         c1:c4:e6:3c:f9:7d:b0:3b:71:49:fe:fd:d0:17:e1:12:64:c1:
         0e:0a:20:60:10:1c:f8:97:86:2f:1b:94:11:cc:97:05:e2:7e:
         ae:51:ff:5a:68:5b:5f:ea:35:4e:ec:c9:d1:91:67:c4:6c:20:
         ee:0f:38:29:1d:3e:26:3c:96:0a:e4:2e:de:b8:af:31:0b:e4:
         79:98:cf:0f:85:71:85:fd:ff:64:47:5e:38:ae:22:a2:84:4a:
         e3:4a:3c:2e:5b:f6:4e:2c:48:dd:8f:2b:e3:4a:89:be:92:dc:
         e7:e5:08:23:d3:2b:27:c2:bc:78:24:13:ca:81:8f:06:1e:c0:
         e3:37:54:a0:02:03:4d:74:c7:83:1c:71:e6:d8:e0:31:c2:40:
         08:66:12:ef
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY8K+lNjn+EIQp1VsGTxpP8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNWMwODMyM2FjMjdhYjY1NTNhNWE2OWE3M2E1OGY4MDI0
MjNkNjgwHhcNMjQwNDIzMTI0MjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTczZWI2ODFlMzUxMzU0MTAxNDQ3YWY4MWU4MDgzNzcxMWYzNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1/gqOnFjFA1MbnXUOOkmzHCCyWh
Duac2FhG2M4+7N8yEvfNHRUp4BkEtYA7W6pOASfTpDw41F7ZZp95wnEUpirPIB4Q
YZp35G6qvCvBW0AqX1WDuWwacR1eFzas1/DoEBHS6cWhYRcUmiiaxJP11D9TEvkB
T+ELuzNy2U/lKXzLBp4nsi+orn6qPFvJ9Fx+UUv7bk4+SmV55uzki6m+6DH+UHSm
T0XKYyB5oGNpg9Rn6o+QbSvdXiKzAMcAISrs9Ra5hRh8uoucvjCEinbKi4TedB8i
sXzbrFG9SXrvE00WfnA2qUDWGAadSkygyGt+1LnuDaeahl4gXwiPcBMeUwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF5z62geNRNUEBRHr4HoCDdxHzRkMB8GA1UdIwQY
MBaAFL1cCDI6wnq2VTpaaac6WPgCQj1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlZ3SU1qckNlclpWT2xwcHB6cFktQUpDUFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS84Y2NmMDctMWU4Yi00MTFmLWIwNDMt
NDY0MWFiNmU0YmZiLzEvWG5QcmFCNDFFMVFRRkVldmdlZ0lOM0VmTkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS84Y2NmMDctMWU4Yi00MTFmLWIwNDMtNDY0MWFiNmU0YmZi
LzEvdlZ3SU1qckNlclpWT2xwcHB6cFktQUpDUFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgOW4IAw
DQYJKoZIhvcNAQELBQADggEBACaYWB0m9/cohOkpTxhk/K26NVOupNFxoWAvZWaX
G08XsE4BZw8QMRXXbQ+lBvOZNQCVbiKf928j8I9XKPE94pLQHeg3THxcirwuofF7
lhl6c0cSNhudM75wA7S5e/EAqcMS9ZbQSiWgnF9IN8HE5jz5fbA7cUn+/dAX4RJk
wQ4KIGAQHPiXhi8blBHMlwXifq5R/1poW1/qNU7sydGRZ8RsIO4POCkdPiY8lgrk
Lt64rzEL5HmYzw+FcYX9/2RHXjiuIqKESuNKPC5b9k4sSN2PK+NKib6S3OflCCPT
KyfCvHgkE8qBjwYewOM3VKACA010x4MccebY4DHCQAhmEu8=
-----END CERTIFICATE-----