Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/Szb9Go-Kvcf2XYXtEwfh3e0Oypw.roa
File:                     Szb9Go-Kvcf2XYXtEwfh3e0Oypw.roa (raw, json)
Hash identifier:          qvU9Do7ZIffm/lHUsEhQSaseKP7P/JqQy4horubR5xQ=
Subject key identifier:   4B:36:FD:1A:8F:8A:BD:C7:F6:5D:85:ED:13:07:E1:DD:ED:0E:CA:9C
Certificate issuer:       /CN=c61850173c8d28d5afbf91091ca63e5da3c75ed4
Certificate serial:       018CC4936F81BACE26AAC60CEE9A88F158A7
Authority key identifier: C6:18:50:17:3C:8D:28:D5:AF:BF:91:09:1C:A6:3E:5D:A3:C7:5E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/Szb9Go-Kvcf2XYXtEwfh3e0Oypw.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29684
IP address blocks:        2a05:5100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6f:81:ba:ce:26:aa:c6:0c:ee:9a:88:f1:58:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61850173c8d28d5afbf91091ca63e5da3c75ed4
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b36fd1a8f8abdc7f65d85ed1307e1dded0eca9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:40:f1:8a:25:43:77:29:b4:3a:1d:ac:63:44:
                    1c:1b:14:3a:b5:d0:9f:a9:c1:82:fd:a1:b9:58:6f:
                    11:39:b5:aa:a3:d6:e5:e1:ba:77:2b:aa:23:af:4a:
                    d5:c5:ea:03:a2:f8:b1:af:0c:a0:ef:5a:1f:6e:6b:
                    bd:7d:8e:b4:01:16:f1:57:65:5e:e5:6f:5d:ac:b0:
                    de:c8:b9:74:39:c6:1a:e7:8a:b4:ee:cb:78:fc:87:
                    77:1a:93:77:0e:24:f3:0e:07:93:1f:ae:25:57:5c:
                    91:dd:f6:52:43:2d:1a:cf:1d:87:d5:f8:66:2b:39:
                    5f:24:f1:44:a2:00:04:1f:52:89:65:41:40:3c:2d:
                    00:7a:73:db:57:06:48:04:17:87:65:48:5d:30:45:
                    8b:f8:03:9c:85:2f:11:d9:20:9e:3e:da:46:9e:41:
                    67:74:67:a2:3f:35:4b:3e:4c:f7:60:2f:d3:a0:54:
                    2e:56:20:d4:bb:23:77:9f:7f:cb:41:4c:b8:83:33:
                    b0:7f:8d:53:9a:41:cc:1d:c0:ca:24:a1:52:f3:31:
                    76:ad:d8:8b:54:92:61:90:70:e7:71:7e:7b:b9:af:
                    f8:42:7f:73:2e:0b:be:e5:81:26:15:81:5a:e4:2a:
                    a5:b4:d7:2c:e0:24:06:c7:cc:0a:df:7c:b7:87:12:
                    d3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:36:FD:1A:8F:8A:BD:C7:F6:5D:85:ED:13:07:E1:DD:ED:0E:CA:9C
            X509v3 Authority Key Identifier:
                keyid:C6:18:50:17:3C:8D:28:D5:AF:BF:91:09:1C:A6:3E:5D:A3:C7:5E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/Szb9Go-Kvcf2XYXtEwfh3e0Oypw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:5100::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:65:ac:74:34:4f:85:3e:39:47:27:60:ac:ce:c7:58:ae:a6:
         59:1d:14:f3:ef:fb:26:e6:8d:d3:88:59:42:b9:77:07:e4:f7:
         35:7f:95:f7:00:1e:d1:1e:e8:b2:57:4a:ed:2c:4c:b4:31:ff:
         18:cc:63:47:9e:79:f1:43:2a:ce:e5:37:74:98:04:b5:bd:76:
         ef:ae:3f:da:04:ee:7f:ec:30:bf:46:f0:94:82:c7:3c:b9:6f:
         06:62:18:69:37:8d:5b:f6:24:4c:00:9b:a8:96:75:ca:91:f5:
         5c:80:81:fc:45:96:b2:f1:22:e2:72:d2:83:42:03:28:20:c8:
         c2:9a:90:80:59:94:17:64:43:a7:94:6c:ea:b3:9d:bb:ea:35:
         5a:58:89:a9:52:a4:a4:4c:81:f9:69:16:ef:6c:a9:2d:76:42:
         60:71:90:77:34:a1:a8:f2:31:f8:be:cd:39:24:80:bc:00:80:
         f5:1d:f6:2d:2f:e0:da:5b:43:68:d3:17:38:f5:b6:d4:c2:52:
         de:88:52:0c:dd:62:bf:c8:ef:8c:7f:56:20:b0:d9:f0:cd:c4:
         e5:49:26:83:be:07:53:94:a0:f9:1f:00:d2:88:fe:0d:1e:76:
         40:bf:4b:af:31:78:d3:bd:5d:5f:ec:2e:b4:31:a2:9d:ac:d7:
         ff:d0:37:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2+Bus4mqsYM7pqI8VinMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTg1MDE3M2M4ZDI4ZDVhZmJmOTEwOTFjYTYzZTVkYTNj
NzVlZDQwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjM2ZmQxYThmOGFiZGM3ZjY1ZDg1ZWQxMzA3ZTFkZGVkMGVjYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEDxiiVDdym0Oh2sY0QcGxQ6tdCf
qcGC/aG5WG8RObWqo9bl4bp3K6ojr0rVxeoDovixrwyg71ofbmu9fY60ARbxV2Ve
5W9drLDeyLl0OcYa54q07st4/Id3GpN3DiTzDgeTH64lV1yR3fZSQy0azx2H1fhm
KzlfJPFEogAEH1KJZUFAPC0AenPbVwZIBBeHZUhdMEWL+AOchS8R2SCePtpGnkFn
dGeiPzVLPkz3YC/ToFQuViDUuyN3n3/LQUy4gzOwf41TmkHMHcDKJKFS8zF2rdiL
VJJhkHDncX57ua/4Qn9zLgu+5YEmFYFa5CqltNcs4CQGx8wK33y3hxLTlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEs2/RqPir3H9l2F7RMH4d3tDsqcMB8GA1UdIwQY
MBaAFMYYUBc8jSjVr7+RCRymPl2jx17UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhoUUZ6eU5LTld2djVFSkhLWS1YYVBIWHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9lZTA5ZjEtN2QwYi00MzFmLWFhZWUt
YmI4ZGViYzAwMzg4LzEvU3piOUdvLUt2Y2YyWFlYdEV3ZmgzZTBPeXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9lZTA5ZjEtN2QwYi00MzFmLWFhZWUtYmI4ZGViYzAwMzg4
LzEveGhoUUZ6eU5LTld2djVFSkhLWS1YYVBIWHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVRAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAXZax0NE+FPjlHJ2CszsdYrqZZHRTz7/sm5o3T
iFlCuXcH5Pc1f5X3AB7RHuiyV0rtLEy0Mf8YzGNHnnnxQyrO5Td0mAS1vXbvrj/a
BO5/7DC/RvCUgsc8uW8GYhhpN41b9iRMAJuolnXKkfVcgIH8RZay8SLictKDQgMo
IMjCmpCAWZQXZEOnlGzqs5276jVaWImpUqSkTIH5aRbvbKktdkJgcZB3NKGo8jH4
vs05JIC8AID1HfYtL+DaW0No0xc49bbUwlLeiFIM3WK/yO+Mf1YgsNnwzcTlSSaD
vgdTlKD5HwDSiP4NHnZAv0uvMXjTvV1f7C60MaKdrNf/0Dfh
-----END CERTIFICATE-----