Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/mP6V_NJQIvFz__0HJiXIbC5O9cc.roa
File:                     mP6V_NJQIvFz__0HJiXIbC5O9cc.roa (raw, json)
Hash identifier:          yAyd0ZZ6mcdLOMPkYoGKgAiTNnVldd+ZNoRJp6W5r6w=
Subject key identifier:   98:FE:95:FC:D2:50:22:F1:73:FF:FD:07:26:25:C8:6C:2E:4E:F5:C7
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018DF430152C942E3D10DD312194FAC1A0EE
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/mP6V_NJQIvFz__0HJiXIbC5O9cc.roa
Signing time:             Thu 29 Feb 2024 09:26:48 +0000
ROA not before:           Thu 29 Feb 2024 09:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        2a0b:d900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:30:15:2c:94:2e:3d:10:dd:31:21:94:fa:c1:a0:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Feb 29 09:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98fe95fcd25022f173fffd072625c86c2e4ef5c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:01:9e:ea:36:05:ff:0f:9a:ef:f4:f7:0d:36:
                    82:f9:0b:41:9e:bd:e3:14:8a:2b:96:89:85:09:4e:
                    72:32:e5:14:e2:36:f5:f5:e4:d2:d6:54:96:f8:0f:
                    d1:69:86:eb:2e:f7:2d:45:44:53:12:e7:8c:1e:bd:
                    ca:ca:a6:50:4c:80:22:a6:7a:77:9e:f6:47:af:d5:
                    f6:70:e8:c4:65:f7:8f:88:60:3d:83:1f:4e:79:1f:
                    eb:87:0f:a9:68:74:93:a8:18:5c:dd:95:d5:f0:ca:
                    0b:a6:e0:5b:31:16:66:d1:20:d3:83:f1:b4:61:a1:
                    33:09:f7:40:88:75:f7:60:cc:de:6e:06:51:2a:80:
                    33:7d:e7:46:38:ed:96:25:51:1d:09:c0:1e:22:80:
                    49:fd:cd:ba:39:46:72:ed:97:1e:e6:eb:ec:b6:96:
                    02:c5:8c:4d:97:c7:a1:28:68:94:6b:c5:a9:86:c6:
                    be:d7:cb:44:c4:1b:cb:82:38:a5:9d:9d:75:dc:27:
                    2b:a9:6a:0a:8d:96:b6:84:bd:fe:ec:43:00:78:5b:
                    a4:f9:95:1b:39:43:f4:2c:a3:e1:68:70:7c:16:cd:
                    0a:1d:2d:60:3e:9e:18:22:36:a4:19:f0:8b:04:3f:
                    c0:71:dc:cd:1d:8f:6d:10:3f:26:94:0e:c9:90:62:
                    ab:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:FE:95:FC:D2:50:22:F1:73:FF:FD:07:26:25:C8:6C:2E:4E:F5:C7
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/mP6V_NJQIvFz__0HJiXIbC5O9cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d900::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:63:b7:3d:a6:33:50:ce:5e:5b:f4:64:18:a2:ce:ee:b8:d4:
         3b:9e:cb:91:c2:cd:df:6e:fe:46:8f:b3:80:b2:75:67:50:b3:
         a6:0b:b5:ee:9f:2f:bf:6f:c3:a9:6b:c8:79:8d:b5:bd:e6:d8:
         d3:c8:6c:d2:ec:a4:09:28:cd:49:35:d2:64:a4:61:e1:b8:1b:
         cd:9d:c2:33:b6:c7:12:9c:53:b7:ee:00:3e:b2:87:7a:dc:35:
         d9:5a:69:62:fa:78:23:d4:cd:2b:47:f6:a3:b0:8d:42:a5:dd:
         b6:ad:6f:69:5e:c5:3e:bd:b6:0e:24:6a:2c:46:df:be:ba:da:
         b1:a4:0e:f6:d3:39:39:54:53:0c:31:a0:5f:c0:64:1e:a7:bb:
         b1:65:e1:68:13:99:f9:72:4b:c1:8c:6d:b1:38:4b:52:1c:64:
         70:fe:d1:bc:90:6e:9e:5c:2c:8f:50:ba:b0:40:50:39:45:21:
         5c:db:2e:83:7a:bc:46:78:e6:52:59:89:68:0a:95:48:04:0c:
         d4:a9:61:6e:9a:c0:ab:8e:d4:6c:10:e5:e3:17:aa:ca:81:ee:
         04:b2:eb:84:e8:5b:a1:4a:ab:d8:e7:9d:84:bb:12:a9:ef:35:
         16:a4:49:ab:49:e1:cc:5a:43:de:7e:4f:41:fb:60:b5:df:f9:
         16:5a:3b:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY30MBUslC49EN0xIZT6waDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwMjI5MDkyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGZlOTVmY2QyNTAyMmYxNzNmZmZkMDcyNjI1Yzg2YzJlNGVmNWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigGe6jYF/w+a7/T3DTaC+QtBnr3j
FIorlomFCU5yMuUU4jb19eTS1lSW+A/RaYbrLvctRURTEueMHr3KyqZQTIAipnp3
nvZHr9X2cOjEZfePiGA9gx9OeR/rhw+paHSTqBhc3ZXV8MoLpuBbMRZm0SDTg/G0
YaEzCfdAiHX3YMzebgZRKoAzfedGOO2WJVEdCcAeIoBJ/c26OUZy7Zce5uvstpYC
xYxNl8ehKGiUa8Wphsa+18tExBvLgjilnZ113CcrqWoKjZa2hL3+7EMAeFuk+ZUb
OUP0LKPhaHB8Fs0KHS1gPp4YIjakGfCLBD/AcdzNHY9tED8mlA7JkGKrpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJj+lfzSUCLxc//9ByYlyGwuTvXHMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvbVA2Vl9OSlFJdkZ6X18wSEppWEliQzVPOWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgvZADAN
BgkqhkiG9w0BAQsFAAOCAQEABWO3PaYzUM5eW/RkGKLO7rjUO57LkcLN327+Ro+z
gLJ1Z1Czpgu17p8vv2/DqWvIeY21vebY08hs0uykCSjNSTXSZKRh4bgbzZ3CM7bH
EpxTt+4APrKHetw12VppYvp4I9TNK0f2o7CNQqXdtq1vaV7FPr22DiRqLEbfvrra
saQO9tM5OVRTDDGgX8BkHqe7sWXhaBOZ+XJLwYxtsThLUhxkcP7RvJBunlwsj1C6
sEBQOUUhXNsug3q8RnjmUlmJaAqVSAQM1KlhbprAq47UbBDl4xeqyoHuBLLrhOhb
oUqr2OedhLsSqe81FqRJq0nhzFpD3n5PQftgtd/5Flo7wg==
-----END CERTIFICATE-----