Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/xYQLBHimiAg_Gwob9vJJonc6oF8.roa
File:                     xYQLBHimiAg_Gwob9vJJonc6oF8.roa (raw, json)
Hash identifier:          sC+nPEyZa2fa5bIcfHH6ux3A+VEYVfvGV6BLO6UkLWk=
Subject key identifier:   C5:84:0B:04:78:A6:88:08:3F:1B:0A:1B:F6:F2:49:A2:77:3A:A0:5F
Certificate issuer:       /CN=7ba2be98438b98ee68a0d1b8c4144520bd0a623d
Certificate serial:       018CC348C093D69C8D17F57C7609045AC84A
Authority key identifier: 7B:A2:BE:98:43:8B:98:EE:68:A0:D1:B8:C4:14:45:20:BD:0A:62:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/xYQLBHimiAg_Gwob9vJJonc6oF8.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394144
IP address blocks:        2a0e:7580::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c0:93:d6:9c:8d:17:f5:7c:76:09:04:5a:c8:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba2be98438b98ee68a0d1b8c4144520bd0a623d
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5840b0478a688083f1b0a1bf6f249a2773aa05f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:eb:50:7b:62:f2:c2:bf:cf:98:f9:7b:e1:0b:
                    8c:d3:14:99:37:e1:c6:be:8d:57:da:e4:c8:a2:93:
                    dd:f3:46:f4:7b:fa:52:19:8d:68:24:65:11:e2:d7:
                    8b:98:0c:6a:b4:3a:7f:12:16:3a:3c:35:22:38:0f:
                    f3:ac:2f:84:9f:49:f7:58:4e:ce:3d:3e:49:46:0e:
                    72:65:33:ce:44:ee:18:ed:10:e0:76:8c:e5:6e:0b:
                    de:f9:cf:3b:3a:47:0f:80:3b:5b:a6:89:1d:f8:9d:
                    89:a5:0c:a4:18:57:93:58:2f:ed:73:24:92:68:46:
                    cf:ed:96:6b:d5:3b:57:1d:53:54:d2:9e:84:6b:23:
                    ee:1e:8d:de:49:54:95:1c:8b:82:b9:da:d3:0a:9b:
                    c4:00:70:7a:e5:67:63:73:1f:c9:1c:69:8d:41:0e:
                    7c:f7:a2:7f:10:59:2e:af:f8:8d:e8:61:ec:40:44:
                    11:39:83:0a:eb:e3:78:bb:45:de:e6:bd:b1:d3:d9:
                    fa:80:f4:63:57:77:90:3f:91:87:aa:da:1e:b7:22:
                    b9:3d:c9:fa:09:32:18:5c:08:d4:d9:dc:14:00:0a:
                    68:29:cd:e9:3b:4d:58:35:1b:d8:06:c9:47:ac:87:
                    39:77:28:67:e3:1b:41:63:52:fe:61:11:6d:81:f7:
                    91:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:84:0B:04:78:A6:88:08:3F:1B:0A:1B:F6:F2:49:A2:77:3A:A0:5F
            X509v3 Authority Key Identifier:
                keyid:7B:A2:BE:98:43:8B:98:EE:68:A0:D1:B8:C4:14:45:20:BD:0A:62:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6K-mEOLmO5ooNG4xBRFIL0KYj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/xYQLBHimiAg_Gwob9vJJonc6oF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/845e76-9c2d-4aff-92af-4935b3f5c209/1/e6K-mEOLmO5ooNG4xBRFIL0KYj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7580::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:40:04:b5:54:c0:58:52:be:48:fa:b6:0e:cd:a4:79:2c:cf:
         f0:a6:b8:99:7e:4b:fe:49:ce:67:04:3c:46:78:ee:2e:1c:ec:
         42:8f:b6:e1:96:f8:71:39:00:87:c0:f9:7b:47:b7:d0:27:06:
         4b:c6:2b:51:36:c3:25:e2:de:59:ac:6a:60:dc:47:9a:1d:7f:
         d7:52:e8:5e:b2:49:f0:bc:6b:a4:de:8a:00:d0:5a:c9:fd:e9:
         73:ce:21:4b:6a:cb:01:59:96:02:75:04:e1:3b:54:6d:d7:67:
         9b:dd:f4:fa:c6:83:88:6e:6c:28:d2:ad:98:1c:98:83:4a:88:
         4e:46:cb:9f:8c:cd:99:a9:04:1d:8a:5f:bd:87:50:0c:e4:41:
         ad:ba:94:a1:01:70:53:a0:ad:07:31:bc:25:cb:84:b0:d8:63:
         97:3a:72:97:be:bd:b0:49:21:bf:b4:99:67:f3:81:23:f0:20:
         9a:91:11:b2:37:b2:5b:ae:e9:76:3c:92:cd:a7:1f:af:fa:e0:
         82:09:96:85:2f:d8:d9:9c:49:e2:0c:e0:44:f8:3f:52:eb:c0:
         55:2d:67:bb:6b:47:5b:51:24:c7:14:0a:ed:ed:de:06:b2:c6:
         54:fd:a9:9f:33:bc:d5:45:d8:1e:3b:63:f6:76:90:69:df:18:
         52:24:c8:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSMCT1pyNF/V8dgkEWshKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTJiZTk4NDM4Yjk4ZWU2OGEwZDFiOGM0MTQ0NTIwYmQw
YTYyM2QwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTg0MGIwNDc4YTY4ODA4M2YxYjBhMWJmNmYyNDlhMjc3M2FhMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+tQe2Lywr/PmPl74QuM0xSZN+HG
vo1X2uTIopPd80b0e/pSGY1oJGUR4teLmAxqtDp/EhY6PDUiOA/zrC+En0n3WE7O
PT5JRg5yZTPORO4Y7RDgdozlbgve+c87OkcPgDtbpokd+J2JpQykGFeTWC/tcySS
aEbP7ZZr1TtXHVNU0p6EayPuHo3eSVSVHIuCudrTCpvEAHB65Wdjcx/JHGmNQQ58
96J/EFkur/iN6GHsQEQROYMK6+N4u0Xe5r2x09n6gPRjV3eQP5GHqtoetyK5Pcn6
CTIYXAjU2dwUAApoKc3pO01YNRvYBslHrIc5dyhn4xtBY1L+YRFtgfeRJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMWECwR4pogIPxsKG/bySaJ3OqBfMB8GA1UdIwQY
MBaAFHuivphDi5juaKDRuMQURSC9CmI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZLLW1FT0xtTzVvb05HNHhCUkZJTDBLWWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84NDVlNzYtOWMyZC00YWZmLTkyYWYt
NDkzNWIzZjVjMjA5LzEveFlRTEJIaW1pQWdfR3dvYjl2SkpvbmM2b0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84NDVlNzYtOWMyZC00YWZmLTkyYWYtNDkzNWIzZjVjMjA5
LzEvZTZLLW1FT0xtTzVvb05HNHhCUkZJTDBLWWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg51gDAN
BgkqhkiG9w0BAQsFAAOCAQEACUAEtVTAWFK+SPq2Ds2keSzP8Ka4mX5L/knOZwQ8
RnjuLhzsQo+24Zb4cTkAh8D5e0e30CcGS8YrUTbDJeLeWaxqYNxHmh1/11LoXrJJ
8LxrpN6KANBayf3pc84hS2rLAVmWAnUE4TtUbddnm930+saDiG5sKNKtmByYg0qI
TkbLn4zNmakEHYpfvYdQDORBrbqUoQFwU6CtBzG8JcuEsNhjlzpyl769sEkhv7SZ
Z/OBI/AgmpERsjeyW67pdjySzacfr/rgggmWhS/Y2ZxJ4gzgRPg/UuvAVS1nu2tH
W1EkxxQK7e3eBrLGVP2pnzO81UXYHjtj9naQad8YUiTIUQ==
-----END CERTIFICATE-----