Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/a5JNcvWj4NTMiiCHXUEMK9j325Y.roa
File:                     a5JNcvWj4NTMiiCHXUEMK9j325Y.roa (raw, json)
Hash identifier:          /5wX+4nOL+GvUAqOQnGWPFr9VjqDZpshMocM3SCXBo8=
Subject key identifier:   6B:92:4D:72:F5:A3:E0:D4:CC:8A:20:87:5D:41:0C:2B:D8:F7:DB:96
Certificate issuer:       /CN=bbd351b274fc23a42728303638a0d62b606401b4
Certificate serial:       018F615BCB11F607B8E0CD114F8A9276125F
Authority key identifier: BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/a5JNcvWj4NTMiiCHXUEMK9j325Y.roa
Signing time:             Fri 10 May 2024 07:15:56 +0000
ROA not before:           Fri 10 May 2024 07:15:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6825
IP address blocks:        2001:1578:300::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:5b:cb:11:f6:07:b8:e0:cd:11:4f:8a:92:76:12:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd351b274fc23a42728303638a0d62b606401b4
        Validity
            Not Before: May 10 07:15:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b924d72f5a3e0d4cc8a20875d410c2bd8f7db96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:74:d4:f4:f7:71:73:08:17:2b:43:e4:c9:b0:
                    b8:98:48:f8:ca:ca:42:4f:a3:12:f2:d6:6a:16:0f:
                    a3:64:a2:1c:bf:91:73:44:fe:22:e9:9f:4c:9c:bc:
                    97:97:dc:06:8d:6d:51:5b:95:34:f2:79:0a:88:3e:
                    ea:18:27:f7:7a:56:4a:fc:be:c3:5f:5a:06:58:c5:
                    79:53:14:a8:cd:fc:78:19:4d:ab:c8:da:9e:65:50:
                    69:7c:85:fb:d0:c3:1d:02:f0:c9:15:b1:90:bd:f0:
                    2c:f8:db:d4:72:d0:09:25:0c:c6:5b:aa:b3:1a:66:
                    da:d3:39:04:6a:fe:e7:fc:03:c6:37:50:c5:c4:82:
                    1b:2d:9b:b7:1b:21:5a:8d:b6:6e:13:db:19:6c:03:
                    97:0b:13:fd:a5:0f:21:4f:dd:a0:64:45:37:a6:2e:
                    52:cc:af:22:a7:40:21:85:c0:51:50:d3:7e:a7:74:
                    03:1c:a8:49:36:23:f3:8f:f2:fd:95:fb:4a:f5:61:
                    0e:57:59:74:63:88:86:6b:86:0e:a9:6e:6d:5a:9a:
                    e4:d2:7d:b2:0d:33:56:f3:b1:07:2d:8e:5b:c0:18:
                    a5:ff:fc:3e:6f:f7:0f:ba:87:d4:9c:39:fb:4f:b8:
                    df:44:cd:35:8f:44:3f:4c:1b:0b:b8:c2:53:aa:26:
                    4f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:92:4D:72:F5:A3:E0:D4:CC:8A:20:87:5D:41:0C:2B:D8:F7:DB:96
            X509v3 Authority Key Identifier:
                keyid:BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/a5JNcvWj4NTMiiCHXUEMK9j325Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1578:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         82:1c:56:eb:54:49:f9:47:80:35:a5:a3:87:cf:18:c6:e8:0c:
         84:ca:20:eb:83:88:66:ef:51:95:44:ca:e8:05:7c:70:e1:e9:
         bf:7a:ed:10:77:7e:b7:8e:26:9b:37:f3:3e:94:67:bd:33:02:
         fa:21:2b:f2:65:11:f9:97:90:d2:27:b0:36:9f:0a:71:fd:aa:
         56:ac:e7:95:28:ee:02:38:3c:ea:c8:b8:07:a1:6b:d1:86:96:
         ff:b3:65:42:71:62:dc:fb:d1:e1:23:cf:74:cf:38:24:5c:88:
         6a:28:ac:4b:e6:7a:db:5f:79:06:bb:37:da:8e:2a:02:67:ed:
         67:ed:ab:ea:b4:c1:81:02:23:ac:4b:3a:c5:ab:82:46:84:d7:
         06:cb:2a:ea:e4:9f:42:8b:be:87:b7:de:c2:1f:1f:cb:02:53:
         60:b8:7f:45:7b:fa:3c:2a:be:3d:48:4a:d6:ad:b0:6a:83:30:
         00:5e:af:53:1a:7f:c0:3d:0c:ce:7b:65:b0:91:53:cb:5c:63:
         6e:fe:77:fe:74:7a:42:6b:8f:28:aa:52:be:80:3a:89:39:a0:
         77:81:5e:c9:d4:52:69:12:d6:e8:d2:92:d8:77:a3:d1:48:68:
         63:b3:81:1e:b9:4c:92:dd:08:4c:6c:db:b7:5b:f6:d7:8d:18:
         68:f9:a1:73
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY9hW8sR9ge44M0RT4qSdhJfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDM1MWIyNzRmYzIzYTQyNzI4MzAzNjM4YTBkNjJiNjA2
NDAxYjQwHhcNMjQwNTEwMDcxNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjkyNGQ3MmY1YTNlMGQ0Y2M4YTIwODc1ZDQxMGMyYmQ4ZjdkYjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXTU9PdxcwgXK0PkybC4mEj4yspC
T6MS8tZqFg+jZKIcv5FzRP4i6Z9MnLyXl9wGjW1RW5U08nkKiD7qGCf3elZK/L7D
X1oGWMV5UxSozfx4GU2ryNqeZVBpfIX70MMdAvDJFbGQvfAs+NvUctAJJQzGW6qz
Gmba0zkEav7n/APGN1DFxIIbLZu3GyFajbZuE9sZbAOXCxP9pQ8hT92gZEU3pi5S
zK8ip0AhhcBRUNN+p3QDHKhJNiPzj/L9lftK9WEOV1l0Y4iGa4YOqW5tWprk0n2y
DTNW87EHLY5bwBil//w+b/cPuofUnDn7T7jfRM01j0Q/TBsLuMJTqiZPPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGuSTXL1o+DUzIogh11BDCvY99uWMB8GA1UdIwQY
MBaAFLvTUbJ0/COkJygwNjig1itgZAG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYt
NDZiMzAyOGEwM2IwLzEvYTVKTmN2V2o0TlRNaWlDSFhVRU1LOWozMjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYtNDZiMzAyOGEwM2Iw
LzEvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAIAEVeAMw
DQYJKoZIhvcNAQELBQADggEBAIIcVutUSflHgDWlo4fPGMboDITKIOuDiGbvUZVE
yugFfHDh6b967RB3freOJps38z6UZ70zAvohK/JlEfmXkNInsDafCnH9qlas55Uo
7gI4POrIuAeha9GGlv+zZUJxYtz70eEjz3TPOCRciGoorEvmettfeQa7N9qOKgJn
7Wftq+q0wYECI6xLOsWrgkaE1wbLKurkn0KLvoe33sIfH8sCU2C4f0V7+jwqvj1I
StatsGqDMABer1Maf8A9DM57ZbCRU8tcY27+d/50ekJrjyiqUr6AOok5oHeBXsnU
UmkS1ujSkth3o9FIaGOzgR65TJLdCExs27db9teNGGj5oXM=
-----END CERTIFICATE-----