Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/eqNkhdgnmT_BvDt83WNw8kQ2ChQ.roa
File:                     eqNkhdgnmT_BvDt83WNw8kQ2ChQ.roa (raw, json)
Hash identifier:          sKT4Nmiap9wrcjN20JlEE1JUjVn9bjeZiBnDweI2NAk=
Subject key identifier:   7A:A3:64:85:D8:27:99:3F:C1:BC:3B:7C:DD:63:70:F2:44:36:0A:14
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       018CC26D733B6D60FA9B808E491C0C3B3646
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/eqNkhdgnmT_BvDt83WNw8kQ2ChQ.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8519
IP address blocks:        2001:638:30d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:3b:6d:60:fa:9b:80:8e:49:1c:0c:3b:36:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7aa36485d827993fc1bc3b7cdd6370f244360a14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e6:54:27:14:25:76:c9:bc:a1:bf:d2:88:34:
                    9b:90:f6:57:06:d5:17:3b:77:d1:40:83:60:31:e3:
                    01:86:7c:65:3a:a2:a7:af:73:68:cd:04:52:a5:3b:
                    78:4b:2f:40:36:04:3d:d0:e6:e1:b5:b8:fa:3b:04:
                    d2:fb:be:4d:8d:fa:38:00:7c:fb:26:94:5c:4a:6b:
                    c1:c2:b8:50:b6:b2:fc:6f:80:ac:f0:bd:df:7f:b8:
                    cf:b8:c6:cc:f1:0a:31:f6:3b:29:08:c7:2e:6c:1e:
                    79:f0:50:bc:02:a1:44:2c:0f:f1:41:e6:27:55:28:
                    1b:40:8b:5b:b8:ae:e9:6d:fe:e7:bc:6d:6f:e8:09:
                    cd:1b:34:2c:6d:87:05:66:79:4f:c6:9e:29:b8:d6:
                    7f:99:30:dc:6d:0a:9b:ba:a0:0e:75:a9:57:f2:8f:
                    eb:0b:aa:2d:37:db:8c:8a:97:10:60:cc:d0:e6:e8:
                    62:72:55:cf:1a:79:da:95:23:22:a0:21:dd:5b:84:
                    a0:3c:41:74:8b:70:3d:f7:4d:eb:3b:b8:5b:78:6f:
                    8c:9e:2d:5f:6d:ef:1f:40:ce:4a:ca:0b:d0:61:57:
                    48:04:7d:ab:59:e0:75:d3:a5:71:80:4d:68:bd:b9:
                    69:29:b2:3c:1c:fd:17:eb:26:c7:38:0b:34:d8:e1:
                    65:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A3:64:85:D8:27:99:3F:C1:BC:3B:7C:DD:63:70:F2:44:36:0A:14
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/eqNkhdgnmT_BvDt83WNw8kQ2ChQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:638:30d::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:b1:dd:39:11:99:ce:47:48:b0:57:c6:8f:58:ad:20:f8:2e:
         58:d6:dd:c5:cb:af:8e:eb:35:7a:df:4f:5c:33:3c:e0:9a:25:
         fb:78:4e:4b:9e:39:b7:31:86:7d:95:27:2f:03:b8:65:16:d3:
         7b:b4:e6:fa:23:36:5f:51:84:8b:c2:e2:52:c2:b6:14:89:16:
         4d:b6:7c:98:1a:b8:f8:5d:54:f6:fa:47:21:10:a2:92:51:c2:
         f3:ae:82:5f:b3:f2:e4:49:f3:79:ab:11:1a:64:ba:2b:4e:fd:
         3e:ab:a8:02:d4:c7:ef:f3:a6:ca:92:a5:28:cd:1e:89:6c:78:
         a9:8f:ad:7b:0d:ae:51:87:b4:ec:5d:74:7c:4a:4f:bf:e4:c6:
         a8:a1:dc:fe:f5:05:60:5f:4c:ad:df:a8:d2:85:63:bc:a5:b7:
         2b:8c:83:c8:78:90:d1:79:83:4d:e5:c2:2c:cc:c8:52:fc:d3:
         ae:68:34:63:8a:ac:15:84:e0:de:02:61:5a:3c:2d:c4:db:e0:
         ad:21:50:82:6e:b1:97:58:0a:03:fe:38:47:5a:d5:9c:42:a2:
         9c:6d:d0:3f:49:71:a2:f6:6b:7a:b2:e7:05:3e:30:68:1f:97:
         fc:89:cc:05:c9:1c:1b:aa:0b:8e:9a:86:64:39:d5:fa:83:a3:
         7e:7e:e5:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbXM7bWD6m4COSRwMOzZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWEzNjQ4NWQ4Mjc5OTNmYzFiYzNiN2NkZDYzNzBmMjQ0MzYwYTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeZUJxQldsm8ob/SiDSbkPZXBtUX
O3fRQINgMeMBhnxlOqKnr3NozQRSpTt4Sy9ANgQ90Obhtbj6OwTS+75Njfo4AHz7
JpRcSmvBwrhQtrL8b4Cs8L3ff7jPuMbM8Qox9jspCMcubB558FC8AqFELA/xQeYn
VSgbQItbuK7pbf7nvG1v6AnNGzQsbYcFZnlPxp4puNZ/mTDcbQqbuqAOdalX8o/r
C6otN9uMipcQYMzQ5uhiclXPGnnalSMioCHdW4SgPEF0i3A9903rO7hbeG+Mni1f
be8fQM5KygvQYVdIBH2rWeB106VxgE1ovblpKbI8HP0X6ybHOAs02OFlYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHqjZIXYJ5k/wbw7fN1jcPJENgoUMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvZXFOa2hkZ25tVF9CdkR0ODNXTnc4a1EyQ2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGOAMN
MA0GCSqGSIb3DQEBCwUAA4IBAQBasd05EZnOR0iwV8aPWK0g+C5Y1t3Fy6+O6zV6
309cMzzgmiX7eE5Lnjm3MYZ9lScvA7hlFtN7tOb6IzZfUYSLwuJSwrYUiRZNtnyY
Grj4XVT2+kchEKKSUcLzroJfs/LkSfN5qxEaZLorTv0+q6gC1Mfv86bKkqUozR6J
bHipj617Da5Rh7TsXXR8Sk+/5Maoodz+9QVgX0yt36jShWO8pbcrjIPIeJDReYNN
5cIszMhS/NOuaDRjiqwVhODeAmFaPC3E2+CtIVCCbrGXWAoD/jhHWtWcQqKcbdA/
SXGi9mt6sucFPjBoH5f8icwFyRwbqguOmoZkOdX6g6N+fuXC
-----END CERTIFICATE-----