Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/XlAZECchLGPJmBNFJF8Nqfz9SN8.roa
File:                     XlAZECchLGPJmBNFJF8Nqfz9SN8.roa (raw, json)
Hash identifier:          gyS2x/KbMB4gmmK+cEa8Fk6wjJtYNImOv16fgeOd+4s=
Subject key identifier:   5E:50:19:10:27:21:2C:63:C9:98:13:45:24:5F:0D:A9:FC:FD:48:DF
Certificate issuer:       /CN=bbd351b274fc23a42728303638a0d62b606401b4
Certificate serial:       018CC4938189FCE492DC18BCDDE9445AFFBD
Authority key identifier: BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/XlAZECchLGPJmBNFJF8Nqfz9SN8.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35003
IP address blocks:        2001:1578:400::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:81:89:fc:e4:92:dc:18:bc:dd:e9:44:5a:ff:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd351b274fc23a42728303638a0d62b606401b4
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e50191027212c63c9981345245f0da9fcfd48df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d5:44:94:29:e8:e2:30:f4:05:73:2c:64:63:
                    46:c4:08:4d:a1:27:97:19:f3:b0:4f:45:c6:b6:c3:
                    7a:17:a6:11:83:75:d4:f6:fc:0a:1e:37:98:2c:af:
                    da:12:50:c7:2b:fe:9d:67:42:41:e7:b7:f8:5d:86:
                    6d:a9:86:a5:af:db:3a:15:66:97:e5:71:fd:8d:ca:
                    e4:d6:68:b5:a1:e6:19:79:f7:29:95:bc:a3:35:88:
                    bc:13:26:1c:d2:b6:2e:2d:40:be:69:ff:c2:8d:ca:
                    b8:84:5c:e6:ad:6f:1a:b6:f6:2b:9a:5f:27:50:4d:
                    43:dd:35:a0:97:cb:7f:1f:9d:dd:6d:16:1b:90:4f:
                    ca:be:8a:9c:96:cc:4c:7a:09:81:b3:4e:19:6f:c3:
                    1f:de:39:17:2c:73:df:f3:82:01:79:70:85:c0:85:
                    a6:1d:59:29:df:6c:81:94:be:7a:20:c5:d3:35:80:
                    40:fb:67:21:cb:a4:f8:2b:3f:20:b9:99:8e:10:ba:
                    e3:de:01:b8:3b:f6:b1:79:77:92:ce:e2:ce:90:7b:
                    6c:e9:58:b4:10:0d:7e:f2:8d:c1:57:ab:f5:fd:67:
                    df:24:b7:a1:fa:65:19:44:65:1b:b9:2d:d7:21:48:
                    75:0d:1e:6f:8d:a0:c8:81:e1:ab:04:a3:69:0b:6f:
                    98:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:50:19:10:27:21:2C:63:C9:98:13:45:24:5F:0D:A9:FC:FD:48:DF
            X509v3 Authority Key Identifier:
                keyid:BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/XlAZECchLGPJmBNFJF8Nqfz9SN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1578:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         04:68:dc:95:fe:05:ef:0a:3d:e0:ce:2d:ab:56:3d:c9:88:12:
         12:3c:14:af:20:f5:59:d3:54:3b:6f:e0:ae:e1:db:19:3d:42:
         23:e2:99:2f:af:22:0e:f1:e3:69:c8:be:05:02:38:ce:4e:b0:
         6e:24:84:56:bb:38:c5:65:38:56:79:6e:71:8c:a3:b4:04:fc:
         02:30:fb:07:5d:aa:43:a8:f0:11:44:cc:bc:a0:2e:ea:ae:ee:
         de:e1:55:4b:76:82:06:d0:c1:90:51:81:d1:df:d2:92:7f:a1:
         24:56:1d:d6:e6:b7:69:d0:9f:11:19:6b:98:58:fc:a2:fa:c9:
         a4:b5:42:4d:a6:76:54:7d:6c:4f:23:4f:65:b9:91:68:f0:8c:
         b3:85:19:1b:b7:3b:c4:76:fe:5f:f5:6e:24:36:66:be:11:dd:
         a6:e3:2f:8f:b1:ac:c9:f9:8e:6a:a8:0f:ac:aa:30:df:28:8f:
         ca:75:ad:2e:23:59:b0:29:44:b7:74:70:ef:a6:37:c9:09:9b:
         11:b8:da:72:60:fa:15:34:01:2b:bc:da:15:19:f6:40:f7:6f:
         c0:98:87:8c:c4:0e:71:45:a0:63:3c:ae:26:20:70:04:2c:ca:
         0b:27:50:7b:77:e4:0f:01:2b:12:29:96:f8:7d:45:a6:85:1b:
         47:e3:6b:4b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk4GJ/OSS3Bi83elEWv+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDM1MWIyNzRmYzIzYTQyNzI4MzAzNjM4YTBkNjJiNjA2
NDAxYjQwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUwMTkxMDI3MjEyYzYzYzk5ODEzNDUyNDVmMGRhOWZjZmQ0OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldVElCno4jD0BXMsZGNGxAhNoSeX
GfOwT0XGtsN6F6YRg3XU9vwKHjeYLK/aElDHK/6dZ0JB57f4XYZtqYalr9s6FWaX
5XH9jcrk1mi1oeYZefcplbyjNYi8EyYc0rYuLUC+af/Cjcq4hFzmrW8atvYrml8n
UE1D3TWgl8t/H53dbRYbkE/KvoqclsxMegmBs04Zb8Mf3jkXLHPf84IBeXCFwIWm
HVkp32yBlL56IMXTNYBA+2chy6T4Kz8guZmOELrj3gG4O/axeXeSzuLOkHts6Vi0
EA1+8o3BV6v1/WffJLeh+mUZRGUbuS3XIUh1DR5vjaDIgeGrBKNpC2+Y7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF5QGRAnISxjyZgTRSRfDan8/UjfMB8GA1UdIwQY
MBaAFLvTUbJ0/COkJygwNjig1itgZAG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYt
NDZiMzAyOGEwM2IwLzEvWGxBWkVDY2hMR1BKbUJORkpGOE5xZno5U044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYtNDZiMzAyOGEwM2Iw
LzEvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAIAEVeAQw
DQYJKoZIhvcNAQELBQADggEBAARo3JX+Be8KPeDOLatWPcmIEhI8FK8g9VnTVDtv
4K7h2xk9QiPimS+vIg7x42nIvgUCOM5OsG4khFa7OMVlOFZ5bnGMo7QE/AIw+wdd
qkOo8BFEzLygLuqu7t7hVUt2ggbQwZBRgdHf0pJ/oSRWHdbmt2nQnxEZa5hY/KL6
yaS1Qk2mdlR9bE8jT2W5kWjwjLOFGRu3O8R2/l/1biQ2Zr4R3abjL4+xrMn5jmqo
D6yqMN8oj8p1rS4jWbApRLd0cO+mN8kJmxG42nJg+hU0ASu82hUZ9kD3b8CYh4zE
DnFFoGM8riYgcAQsygsnUHt35A8BKxIplvh9RaaFG0fja0s=
-----END CERTIFICATE-----