Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/1qzGhWD1hGnrVh5-8M_oGp1gZYA.roa
File:                     1qzGhWD1hGnrVh5-8M_oGp1gZYA.roa (raw, json)
Hash identifier:          Y2q5OeMXQM09k7+KZyMdI9lcgvuWB8LPgEJsG+5xkbg=
Subject key identifier:   D6:AC:C6:85:60:F5:84:69:EB:56:1E:7E:F0:CF:E8:1A:9D:60:65:80
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018CC4936DEC9941D4476C720F93DFA32563
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/1qzGhWD1hGnrVh5-8M_oGp1gZYA.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39702
IP address blocks:        2a0d:2146:bf00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6d:ec:99:41:d4:47:6c:72:0f:93:df:a3:25:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6acc68560f58469eb561e7ef0cfe81a9d606580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:8a:30:42:0c:00:a8:cc:9e:81:f4:c5:9e:db:
                    4c:83:57:37:ab:ba:ab:1a:b9:d2:f0:2c:ad:19:2b:
                    41:e9:75:29:da:45:47:69:31:a8:2a:b8:64:a6:f6:
                    2c:74:fe:e6:df:38:df:5a:2b:ed:e0:bf:dd:b5:78:
                    7d:f5:3a:8f:78:70:df:fc:f7:40:05:f8:55:77:38:
                    df:3a:38:61:26:34:62:6f:5f:03:7e:59:b9:f1:7a:
                    91:0a:47:a7:5a:cc:90:32:a1:9a:43:b1:b4:55:b4:
                    c3:51:76:80:ae:a4:78:e5:6b:a3:9c:5e:0a:1d:26:
                    b2:e0:8f:27:c3:6a:1b:e8:4b:0a:e2:a3:fd:1a:de:
                    cc:69:c6:e5:af:0d:5f:ca:b7:05:de:dc:82:3d:f2:
                    9d:1c:e7:dc:86:53:f5:84:0f:24:a7:f6:8f:0b:b7:
                    b0:fa:ed:19:04:97:ec:e7:d6:56:b4:d9:90:a3:e0:
                    69:c7:4d:41:ca:4b:06:51:35:5b:2c:95:7d:98:cb:
                    e7:26:e2:38:c3:dc:0e:06:73:86:a1:8c:4f:37:1f:
                    a6:36:38:57:b5:66:f0:d0:cb:0b:ca:84:9d:a8:4d:
                    b9:ac:4f:b5:4b:02:ef:4a:ad:17:71:6d:31:e4:25:
                    17:0a:a7:dc:fc:c3:60:d0:5f:b5:ed:3e:ed:b7:fa:
                    b4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:AC:C6:85:60:F5:84:69:EB:56:1E:7E:F0:CF:E8:1A:9D:60:65:80
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/1qzGhWD1hGnrVh5-8M_oGp1gZYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:bf00::/40

    Signature Algorithm: sha256WithRSAEncryption
         03:2f:00:a7:a6:25:5b:6a:c1:40:8c:53:8c:c8:5b:62:a1:5e:
         31:4f:66:11:12:97:8f:dc:78:bb:f1:68:af:94:23:25:11:fd:
         19:80:eb:b7:48:57:25:96:aa:8e:65:a8:0d:61:e9:df:e4:48:
         b6:21:50:c9:ed:bf:79:69:5a:05:9f:53:97:21:42:94:fa:21:
         ae:f7:db:be:2c:ea:64:86:4b:38:56:41:38:a7:44:99:ae:6d:
         1c:61:14:03:33:07:21:72:71:77:4a:fb:d0:c6:19:df:cb:09:
         47:ae:ba:82:ea:f1:46:7f:19:05:71:53:e8:0e:78:45:12:ec:
         f2:a8:46:96:b6:41:a2:c1:a7:d3:f6:b5:bc:ab:e3:13:a8:a2:
         13:ac:82:fa:93:e2:58:c3:88:ca:38:3f:70:cb:a6:06:62:52:
         73:c9:e9:b2:95:b1:c9:88:ae:71:01:7c:87:a0:58:ce:69:e2:
         ea:85:f7:f6:91:2a:24:0b:fd:c7:74:f0:cb:5a:c6:60:30:e8:
         02:df:bd:7c:c0:c9:ea:e8:57:da:d0:d6:0a:9c:37:01:50:21:
         8a:3f:54:43:d9:05:4f:25:9e:da:bd:d4:bd:12:73:c6:8d:31:
         fb:25:3e:0c:aa:ab:03:31:03:6b:11:c8:2b:cf:07:2e:7c:64:
         67:4f:5c:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk23smUHUR2xyD5PfoyVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmFjYzY4NTYwZjU4NDY5ZWI1NjFlN2VmMGNmZTgxYTlkNjA2NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIowQgwAqMyegfTFnttMg1c3q7qr
GrnS8CytGStB6XUp2kVHaTGoKrhkpvYsdP7m3zjfWivt4L/dtXh99TqPeHDf/PdA
BfhVdzjfOjhhJjRib18Dflm58XqRCkenWsyQMqGaQ7G0VbTDUXaArqR45WujnF4K
HSay4I8nw2ob6EsK4qP9Gt7Macblrw1fyrcF3tyCPfKdHOfchlP1hA8kp/aPC7ew
+u0ZBJfs59ZWtNmQo+Bpx01ByksGUTVbLJV9mMvnJuI4w9wOBnOGoYxPNx+mNjhX
tWbw0MsLyoSdqE25rE+1SwLvSq0XcW0x5CUXCqfc/MNg0F+17T7tt/q0WQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNasxoVg9YRp61YefvDP6BqdYGWAMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvMXF6R2hXRDFoR25yVmg1LThNX29HcDFnWllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg0hRr8w
DQYJKoZIhvcNAQELBQADggEBAAMvAKemJVtqwUCMU4zIW2KhXjFPZhESl4/ceLvx
aK+UIyUR/RmA67dIVyWWqo5lqA1h6d/kSLYhUMntv3lpWgWfU5chQpT6Ia73274s
6mSGSzhWQTinRJmubRxhFAMzByFycXdK+9DGGd/LCUeuuoLq8UZ/GQVxU+gOeEUS
7PKoRpa2QaLBp9P2tbyr4xOoohOsgvqT4ljDiMo4P3DLpgZiUnPJ6bKVscmIrnEB
fIegWM5p4uqF9/aRKiQL/cd08MtaxmAw6ALfvXzAyeroV9rQ1gqcNwFQIYo/VEPZ
BU8lntq91L0Sc8aNMfslPgyqqwMxA2sRyCvPBy58ZGdPXC0=
-----END CERTIFICATE-----