Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/r9OYUHQEWvLvzoIOqiROVB7OYc4.roa
File:                     r9OYUHQEWvLvzoIOqiROVB7OYc4.roa (raw, json)
Hash identifier:          u+1ndhXL9q4POWihwuLCfUWN8DsqTs4rGzXFbG1UymM=
Subject key identifier:   AF:D3:98:50:74:04:5A:F2:EF:CE:82:0E:AA:24:4E:54:1E:CE:61:CE
Certificate issuer:       /CN=2631166de785a3531bdc8361f1190a8369a7ed6a
Certificate serial:       018CC8DE8DEB0609E57DC3A198823CB12078
Authority key identifier: 26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/r9OYUHQEWvLvzoIOqiROVB7OYc4.roa
Signing time:             Tue 02 Jan 2024 06:31:17 +0000
ROA not before:           Tue 02 Jan 2024 06:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59550
IP address blocks:        2a00:1ca8:3f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8d:eb:06:09:e5:7d:c3:a1:98:82:3c:b1:20:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2631166de785a3531bdc8361f1190a8369a7ed6a
        Validity
            Not Before: Jan  2 06:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afd3985074045af2efce820eaa244e541ece61ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:40:62:63:bb:cf:0a:8d:1b:a0:d3:4c:46:34:
                    cb:0c:3e:9d:f3:cf:2e:3e:85:3c:6d:64:58:ae:c8:
                    ef:05:eb:2b:6e:13:3b:e0:a2:9e:dc:ab:b6:53:ac:
                    3c:9a:19:56:b7:7c:d7:5a:56:63:ed:8f:5d:90:0a:
                    6c:50:4a:2b:80:d5:0e:99:ae:3d:60:66:32:e7:28:
                    7e:df:be:c8:d2:1b:75:5c:30:40:86:72:0e:cd:a8:
                    ea:be:39:23:03:17:91:cc:e2:44:8b:f3:3b:82:d9:
                    a5:6d:15:f1:4b:f9:5d:d2:10:06:c2:18:ef:45:6d:
                    b2:bb:83:a6:4e:80:be:d9:42:09:39:46:20:51:70:
                    67:a7:9e:13:94:d5:c2:38:b4:71:16:2e:7a:b1:d5:
                    b9:8a:d7:19:ff:00:3d:91:6d:25:4c:c9:37:e5:ac:
                    eb:1f:34:9e:33:61:ec:81:d0:c6:d8:0b:e6:e3:00:
                    24:72:f5:e8:c7:0a:4f:89:5b:ee:ec:71:aa:b7:d4:
                    36:0d:3a:cc:f3:78:35:fb:c9:6d:16:e3:31:f3:41:
                    ae:59:eb:05:bc:7f:0f:6c:b3:0e:e3:86:7f:0b:7a:
                    80:5a:3c:71:67:af:63:83:68:99:f1:4a:ba:fc:26:
                    ec:df:14:f9:b0:b6:01:77:8c:42:97:77:a7:21:50:
                    1e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D3:98:50:74:04:5A:F2:EF:CE:82:0E:AA:24:4E:54:1E:CE:61:CE
            X509v3 Authority Key Identifier:
                keyid:26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/r9OYUHQEWvLvzoIOqiROVB7OYc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1ca8:3f::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:a7:16:13:79:eb:71:7a:82:27:a5:bb:5b:9b:7a:21:b4:2c:
         5e:ed:57:70:95:c6:c7:b9:d9:18:d1:92:fc:fc:3d:2e:01:99:
         e4:14:69:37:07:41:b9:36:ef:aa:e6:b6:5f:05:2f:9d:a2:e8:
         bb:d8:34:a9:03:c5:8b:fe:64:9e:c2:f2:b4:c6:ba:4c:5f:fa:
         36:60:64:17:b4:29:18:c0:00:cf:6f:c8:27:22:9d:9f:dd:e9:
         9e:35:c2:b1:5b:a3:5c:4e:a2:15:c2:63:55:99:30:dc:28:ad:
         29:32:ab:e3:b1:ba:30:2c:e5:97:77:91:21:40:55:40:63:99:
         dc:97:c8:d6:6f:18:84:3a:5d:7e:bc:af:90:2e:e5:ac:59:a3:
         29:f3:d9:43:bb:6b:2d:8b:40:3c:bf:30:eb:26:03:06:99:ed:
         61:f6:1b:ab:f1:05:8b:0c:b4:10:43:e1:a1:00:99:c0:eb:bf:
         1c:a0:ab:be:6e:b4:52:f9:4c:91:40:cd:a0:78:23:f1:0f:ca:
         cd:76:51:b2:6e:cf:ae:2f:dc:1e:bd:a1:d5:01:32:1b:1b:85:
         8d:e9:ca:97:57:32:ff:df:78:90:e3:cd:8a:78:b0:fc:5b:af:
         96:9f:d1:9f:e4:1d:b8:03:64:8e:f1:31:67:33:9f:e1:6f:9b:
         6d:09:e7:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3o3rBgnlfcOhmII8sSB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MzExNjZkZTc4NWEzNTMxYmRjODM2MWYxMTkwYTgzNjlh
N2VkNmEwHhcNMjQwMTAyMDYzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQzOTg1MDc0MDQ1YWYyZWZjZTgyMGVhYTI0NGU1NDFlY2U2MWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUBiY7vPCo0boNNMRjTLDD6d888u
PoU8bWRYrsjvBesrbhM74KKe3Ku2U6w8mhlWt3zXWlZj7Y9dkApsUEorgNUOma49
YGYy5yh+377I0ht1XDBAhnIOzajqvjkjAxeRzOJEi/M7gtmlbRXxS/ld0hAGwhjv
RW2yu4OmToC+2UIJOUYgUXBnp54TlNXCOLRxFi56sdW5itcZ/wA9kW0lTMk35azr
HzSeM2HsgdDG2Avm4wAkcvXoxwpPiVvu7HGqt9Q2DTrM83g1+8ltFuMx80GuWesF
vH8PbLMO44Z/C3qAWjxxZ69jg2iZ8Uq6/Cbs3xT5sLYBd4xCl3enIVAe5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK/TmFB0BFry786CDqokTlQezmHOMB8GA1UdIwQY
MBaAFCYxFm3nhaNTG9yDYfEZCoNpp+1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUt
Yjg5YTI2MTk5OTc2LzEvcjlPWVVIUUVXdkx2em9JT3FpUk9WQjdPWWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUtYjg5YTI2MTk5OTc2
LzEvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAcqAA/
MA0GCSqGSIb3DQEBCwUAA4IBAQBXpxYTeetxeoInpbtbm3ohtCxe7VdwlcbHudkY
0ZL8/D0uAZnkFGk3B0G5Nu+q5rZfBS+doui72DSpA8WL/mSewvK0xrpMX/o2YGQX
tCkYwADPb8gnIp2f3emeNcKxW6NcTqIVwmNVmTDcKK0pMqvjsbowLOWXd5EhQFVA
Y5ncl8jWbxiEOl1+vK+QLuWsWaMp89lDu2sti0A8vzDrJgMGme1h9hur8QWLDLQQ
Q+GhAJnA678coKu+brRS+UyRQM2geCPxD8rNdlGybs+uL9wevaHVATIbG4WN6cqX
VzL/33iQ482KeLD8W6+Wn9Gf5B24A2SO8TFnM5/hb5ttCecQ
-----END CERTIFICATE-----