Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/Lif1o17BgLmVrmPj_eMGvkxCSrA.roa
File:                     Lif1o17BgLmVrmPj_eMGvkxCSrA.roa (raw, json)
Hash identifier:          hokRVCuAqOO1CZx6W57T7wrby2KE66xld/vUhOw6B0w=
Subject key identifier:   2E:27:F5:A3:5E:C1:80:B9:95:AE:63:E3:FD:E3:06:BE:4C:42:4A:B0
Certificate issuer:       /CN=8405c07192a8106fedb0760b8945032ca1d3054b
Certificate serial:       018CC4252D6FFBEB8CCA44B019074AD3E3AF
Authority key identifier: 84:05:C0:71:92:A8:10:6F:ED:B0:76:0B:89:45:03:2C:A1:D3:05:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/Lif1o17BgLmVrmPj_eMGvkxCSrA.roa
Signing time:             Mon 01 Jan 2024 08:30:19 +0000
ROA not before:           Mon 01 Jan 2024 08:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51903
IP address blocks:        2a0c:3a81::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2d:6f:fb:eb:8c:ca:44:b0:19:07:4a:d3:e3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8405c07192a8106fedb0760b8945032ca1d3054b
        Validity
            Not Before: Jan  1 08:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e27f5a35ec180b995ae63e3fde306be4c424ab0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:73:a3:ac:f3:59:27:14:d0:2c:44:b2:56:88:
                    1a:41:6f:19:06:8d:6a:61:7f:59:a7:d0:06:2e:06:
                    f3:63:0c:34:eb:d0:76:4a:c0:32:0c:29:f9:e2:9c:
                    17:2f:21:0f:d4:3b:4f:8b:dd:0b:97:07:06:9c:1a:
                    90:f9:c1:f2:d3:53:f7:e8:38:d7:34:24:8d:c6:c9:
                    7f:25:9b:c6:e2:84:f0:d7:e4:ad:d2:a5:61:1f:59:
                    71:22:50:a4:86:6c:54:00:7f:27:9c:d3:12:6d:39:
                    ee:db:d8:c7:f1:9d:97:75:39:f4:bc:67:9f:cb:4b:
                    e8:08:cf:70:9a:2b:68:3f:14:c0:09:cb:77:0c:fb:
                    de:b8:bd:96:53:9c:68:b0:39:7a:bb:05:fc:ab:87:
                    3e:29:87:fd:ce:15:ca:08:9e:8b:8a:16:49:77:82:
                    04:26:f8:48:44:51:45:d8:2e:d9:11:08:c3:56:36:
                    6d:75:95:6d:ba:da:20:78:0f:1f:c5:3a:e7:0e:fe:
                    63:99:9b:44:49:9f:43:e2:10:7d:ca:b3:a6:0c:42:
                    77:0b:e1:fb:ee:bc:ea:de:71:e0:ea:2b:fb:2e:39:
                    ff:57:59:40:e7:7e:fc:f9:de:69:2c:d0:c7:18:5f:
                    74:6c:4b:e8:58:cb:e1:84:85:82:ea:be:d3:36:aa:
                    64:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:27:F5:A3:5E:C1:80:B9:95:AE:63:E3:FD:E3:06:BE:4C:42:4A:B0
            X509v3 Authority Key Identifier:
                keyid:84:05:C0:71:92:A8:10:6F:ED:B0:76:0B:89:45:03:2C:A1:D3:05:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/Lif1o17BgLmVrmPj_eMGvkxCSrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:3a81::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:be:fb:95:28:bf:08:85:8d:b7:8f:45:e6:ca:8c:5b:1d:42:
         e5:d9:4d:04:2f:fe:85:9b:ed:06:ef:da:18:b0:c8:10:8e:f7:
         f2:98:39:23:80:32:45:2c:89:b0:28:8d:95:28:d8:db:5d:9f:
         6a:a9:37:90:b3:c7:f6:78:19:73:59:d5:9e:9f:f6:02:c3:d2:
         16:06:aa:3b:82:64:12:a7:4a:ff:5d:3b:dd:71:f1:82:c2:5e:
         37:77:f9:4f:c7:f3:8e:70:7c:7d:12:49:ba:32:a7:4c:35:40:
         77:da:32:ea:c4:bb:14:51:02:64:0f:fd:2f:bb:47:54:51:d4:
         40:28:a9:51:68:45:2e:88:48:62:87:0e:ff:e7:67:8a:c1:30:
         1e:21:0a:10:39:a3:f6:e0:e1:c9:7d:ab:0d:14:64:92:cb:d6:
         b8:c3:23:0a:24:e9:e8:53:ff:45:1c:ea:ce:22:bb:a6:1c:31:
         8e:65:c8:64:68:5d:85:4b:d2:85:bc:67:ce:30:6f:9f:39:82:
         4c:f0:4a:d1:9d:f0:54:03:13:7d:2f:4a:a7:b3:d5:45:89:0e:
         da:74:99:e6:f9:ef:58:38:07:44:21:68:29:43:c1:a0:c3:32:
         f3:dc:f2:0b:96:2e:c0:53:f1:2d:ad:d4:1f:8e:1b:27:cd:dc:
         f5:e3:e1:6b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJS1v++uMykSwGQdK0+OvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MDVjMDcxOTJhODEwNmZlZGIwNzYwYjg5NDUwMzJjYTFk
MzA1NGIwHhcNMjQwMTAxMDgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTI3ZjVhMzVlYzE4MGI5OTVhZTYzZTNmZGUzMDZiZTRjNDI0YWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3OjrPNZJxTQLESyVogaQW8ZBo1q
YX9Zp9AGLgbzYww069B2SsAyDCn54pwXLyEP1DtPi90LlwcGnBqQ+cHy01P36DjX
NCSNxsl/JZvG4oTw1+St0qVhH1lxIlCkhmxUAH8nnNMSbTnu29jH8Z2XdTn0vGef
y0voCM9wmitoPxTACct3DPveuL2WU5xosDl6uwX8q4c+KYf9zhXKCJ6LihZJd4IE
JvhIRFFF2C7ZEQjDVjZtdZVtutogeA8fxTrnDv5jmZtESZ9D4hB9yrOmDEJ3C+H7
7rzq3nHg6iv7Ljn/V1lA5378+d5pLNDHGF90bEvoWMvhhIWC6r7TNqpkfwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC4n9aNewYC5la5j4/3jBr5MQkqwMB8GA1UdIwQY
MBaAFIQFwHGSqBBv7bB2C4lFAyyh0wVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEFYQWNaS29FR190c0hZTGlVVURMS0hUQlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNjE1YjAtNGQ5OC00YTNkLThiZDIt
NGM5M2JlZTI3ZDU0LzEvTGlmMW8xN0JnTG1Wcm1Qal9lTUd2a3hDU3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNjE1YjAtNGQ5OC00YTNkLThiZDItNGM5M2JlZTI3ZDU0
LzEvaEFYQWNaS29FR190c0hZTGlVVURMS0hUQlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgw6gQAw
DQYJKoZIhvcNAQELBQADggEBAK+++5UovwiFjbePRebKjFsdQuXZTQQv/oWb7Qbv
2hiwyBCO9/KYOSOAMkUsibAojZUo2Ntdn2qpN5Czx/Z4GXNZ1Z6f9gLD0hYGqjuC
ZBKnSv9dO91x8YLCXjd3+U/H845wfH0SSboyp0w1QHfaMurEuxRRAmQP/S+7R1RR
1EAoqVFoRS6ISGKHDv/nZ4rBMB4hChA5o/bg4cl9qw0UZJLL1rjDIwok6ehT/0Uc
6s4iu6YcMY5lyGRoXYVL0oW8Z84wb585gkzwStGd8FQDE30vSqez1UWJDtp0meb5
71g4B0QhaClDwaDDMvPc8guWLsBT8S2t1B+OGyfN3PXj4Ws=
-----END CERTIFICATE-----