Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/X5VHuwGkuFQnbFx4XZUX7J7498Y.roa
File:                     X5VHuwGkuFQnbFx4XZUX7J7498Y.roa (raw, json)
Hash identifier:          gtKRfBuWraotTXmvzT033wI0WqSrciivEfLhwGl59ho=
Subject key identifier:   5F:95:47:BB:01:A4:B8:54:27:6C:5C:78:5D:95:17:EC:9E:F8:F7:C6
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018D8C3F9C93800BFE4139AC8D902ADD4518
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/X5VHuwGkuFQnbFx4XZUX7J7498Y.roa
Signing time:             Fri 09 Feb 2024 05:03:15 +0000
ROA not before:           Fri 09 Feb 2024 05:03:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206766
IP address blocks:        2a04:6e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8c:3f:9c:93:80:0b:fe:41:39:ac:8d:90:2a:dd:45:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Feb  9 05:03:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f9547bb01a4b854276c5c785d9517ec9ef8f7c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ad:95:91:b3:e4:4d:35:6b:c6:2a:6b:5c:94:
                    9e:60:37:b1:a7:ff:65:46:73:d7:98:39:55:ed:26:
                    b5:74:80:5d:f2:8e:16:fc:19:8c:3f:bf:cd:9e:04:
                    b4:47:e7:1f:e6:a2:3b:dc:81:a2:0a:ae:8d:9e:b7:
                    f7:bb:92:a2:74:77:b4:be:4f:26:68:46:27:a4:e5:
                    c7:83:d7:e2:aa:67:89:89:29:20:b5:9e:36:93:ea:
                    24:e4:4c:02:1c:8e:6a:7f:1a:7b:11:1f:40:1d:68:
                    bc:ae:38:be:66:01:95:00:25:75:f5:b9:48:d4:28:
                    33:be:c4:e5:4b:c7:11:2a:78:f0:c4:79:ae:a9:25:
                    d1:d8:bf:6c:2f:a6:a0:b4:96:62:60:f7:63:70:be:
                    ac:5b:17:ec:60:e0:0c:47:c6:4d:a0:94:88:e9:2d:
                    99:68:43:3b:c8:dd:75:9e:14:1e:ec:37:be:b3:bf:
                    bf:9d:aa:f5:85:ae:cf:b0:0a:76:f5:7f:17:56:d6:
                    48:ac:c3:8b:2f:a6:ca:ff:0a:33:d1:b2:fd:8f:5e:
                    b6:17:36:28:f5:ef:fe:0f:7b:98:d1:b1:7e:1f:e7:
                    11:da:8f:77:03:d7:64:67:dd:3f:87:1f:c0:c2:cb:
                    da:07:7f:cf:16:17:55:96:8b:87:e1:75:9b:ca:24:
                    92:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:95:47:BB:01:A4:B8:54:27:6C:5C:78:5D:95:17:EC:9E:F8:F7:C6
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/X5VHuwGkuFQnbFx4XZUX7J7498Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:6e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:6d:a3:94:0a:98:09:91:e4:89:83:e0:62:35:2f:e5:09:2f:
         d1:6f:29:35:37:c1:ba:3f:4f:ce:47:44:12:83:6a:78:c9:4c:
         87:4c:42:75:d0:4f:6f:a3:e6:1f:3a:b2:62:25:72:43:31:fc:
         ac:ad:e2:27:68:83:f7:35:68:62:43:c9:87:81:b4:01:42:44:
         d3:b6:d9:90:83:de:c3:da:d8:4f:c0:26:a0:7a:7d:c5:5c:c0:
         1b:e2:9d:e3:ba:5f:6d:fd:f4:fb:74:19:e4:bd:b0:38:cc:f1:
         2c:2a:72:05:54:88:98:8f:44:bd:f5:0d:26:54:3b:a6:1f:3c:
         46:30:2c:be:00:64:9c:37:c0:cc:4a:33:cc:23:40:f0:17:9e:
         ef:47:92:ce:b5:23:ba:f5:ea:74:d1:ff:f5:71:22:1f:f6:1f:
         f0:06:2b:13:b5:b4:73:bc:21:00:3e:74:9a:2a:c4:9e:40:0f:
         27:a8:47:bd:a8:ba:01:b4:d4:0b:ed:ed:70:fd:0c:98:2d:1c:
         9f:9e:a3:7d:24:e8:41:a0:d7:86:cf:5a:91:14:9c:0b:0f:c9:
         dd:b2:68:40:ed:53:d3:8a:ab:f0:79:18:42:50:f0:38:85:7e:
         2f:c4:5f:eb:c6:b5:89:6f:fc:c8:c3:1a:6c:fe:9f:9c:08:33:
         09:7d:16:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2MP5yTgAv+QTmsjZAq3UUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMjA5MDUwMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjk1NDdiYjAxYTRiODU0Mjc2YzVjNzg1ZDk1MTdlYzllZjhmN2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnK2VkbPkTTVrxiprXJSeYDexp/9l
RnPXmDlV7Sa1dIBd8o4W/BmMP7/NngS0R+cf5qI73IGiCq6Nnrf3u5KidHe0vk8m
aEYnpOXHg9fiqmeJiSkgtZ42k+ok5EwCHI5qfxp7ER9AHWi8rji+ZgGVACV19blI
1CgzvsTlS8cRKnjwxHmuqSXR2L9sL6agtJZiYPdjcL6sWxfsYOAMR8ZNoJSI6S2Z
aEM7yN11nhQe7De+s7+/nar1ha7PsAp29X8XVtZIrMOLL6bK/woz0bL9j162FzYo
9e/+D3uY0bF+H+cR2o93A9dkZ90/hx/AwsvaB3/PFhdVlouH4XWbyiSSIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF+VR7sBpLhUJ2xceF2VF+ye+PfGMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvWDVWSHV3R2t1RlFuYkZ4NFhaVVg3Sjc0OThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgRuQDAN
BgkqhkiG9w0BAQsFAAOCAQEAiW2jlAqYCZHkiYPgYjUv5Qkv0W8pNTfBuj9PzkdE
EoNqeMlMh0xCddBPb6PmHzqyYiVyQzH8rK3iJ2iD9zVoYkPJh4G0AUJE07bZkIPe
w9rYT8AmoHp9xVzAG+Kd47pfbf30+3QZ5L2wOMzxLCpyBVSImI9EvfUNJlQ7ph88
RjAsvgBknDfAzEozzCNA8Bee70eSzrUjuvXqdNH/9XEiH/Yf8AYrE7W0c7whAD50
mirEnkAPJ6hHvai6AbTUC+3tcP0MmC0cn56jfSToQaDXhs9akRScCw/J3bJoQO1T
04qr8HkYQlDwOIV+L8Rf68a1iW/8yMMabP6fnAgzCX0WQg==
-----END CERTIFICATE-----