Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mCvAZWDemmob0WOk0361y7HrK2E.roa
File:                     mCvAZWDemmob0WOk0361y7HrK2E.roa (raw, json)
Hash identifier:          zqHOtfnad3AreHYOGknuB1FyCnSQPlhF4uADQ0Eeoc4=
Subject key identifier:   98:2B:C0:65:60:DE:9A:6A:1B:D1:63:A4:D3:7E:B5:CB:B1:EB:2B:61
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9B6D23ADF2CBAEA25CB2D847222A
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mCvAZWDemmob0WOk0361y7HrK2E.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50158
IP address blocks:        2a0e:d603::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9b:6d:23:ad:f2:cb:ae:a2:5c:b2:d8:47:22:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=982bc06560de9a6a1bd163a4d37eb5cbb1eb2b61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:87:67:24:c0:f4:be:3e:96:15:9a:32:b3:3d:
                    3b:45:63:4f:d0:5a:f3:c4:e6:d5:1e:3d:e8:b7:60:
                    9f:3d:35:20:67:af:7c:03:23:3e:31:28:e1:ef:8a:
                    1f:1b:21:bb:84:6f:0d:77:74:8c:7b:c8:d6:00:2d:
                    40:74:68:7d:00:74:27:eb:3c:cc:72:8d:8d:6d:34:
                    23:dc:13:8d:fc:47:a7:2f:6f:79:c9:3a:37:31:b7:
                    43:b4:a2:69:19:dc:01:2e:cc:de:17:ce:84:d5:4b:
                    46:c6:99:19:04:08:38:b6:5e:cd:1b:10:ae:b0:05:
                    0e:1a:ea:f0:cd:02:37:47:48:8b:7a:8f:8e:55:3a:
                    87:39:b7:75:f7:b6:d6:d4:af:a1:48:07:3d:9b:7f:
                    54:67:8b:f9:63:ea:81:59:fb:04:69:a7:5a:79:e0:
                    5f:50:ec:fc:92:4e:40:cb:5b:4e:d3:0a:d0:5e:05:
                    6b:52:eb:b2:60:08:1a:f3:d9:82:84:f7:40:b6:7d:
                    d5:ed:c5:79:96:90:05:19:7b:4a:e8:24:20:ac:97:
                    ec:78:25:fe:92:ef:1d:2b:49:80:36:07:e3:69:80:
                    68:3e:b3:30:d6:93:7b:80:dd:03:3c:5d:2e:ff:39:
                    2b:e6:24:b8:25:6d:ba:95:12:a6:19:ee:e1:b0:4a:
                    8e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:2B:C0:65:60:DE:9A:6A:1B:D1:63:A4:D3:7E:B5:CB:B1:EB:2B:61
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mCvAZWDemmob0WOk0361y7HrK2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d603::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:0a:54:72:1b:00:99:ad:f0:51:b8:aa:28:78:7d:9c:54:75:
         d9:38:09:3d:36:4c:d8:ef:66:32:3e:84:1f:7a:de:bd:05:73:
         6a:cc:7c:3f:f0:df:ad:33:69:ef:1e:f9:0e:b8:20:12:16:08:
         a0:c2:7f:97:47:52:26:b1:83:ba:a5:34:62:4a:7f:d7:c5:13:
         f9:a0:bf:b1:db:96:ef:8a:e7:ef:6f:d1:86:26:ea:97:e1:bd:
         b2:6d:a0:20:91:18:bf:d3:59:8e:0f:4d:6f:81:8e:e8:91:53:
         42:92:e8:a1:ec:e3:0d:54:e8:2f:9d:82:1f:4a:3b:22:56:b8:
         2d:c3:81:49:d3:89:c4:f7:39:2c:d2:97:a9:79:99:85:74:a0:
         2d:07:d8:94:cd:ec:5e:78:93:e3:f2:d7:30:04:2b:5c:8a:20:
         f1:aa:ae:3a:41:12:57:e3:27:82:a3:04:aa:41:49:19:e1:11:
         05:6a:58:cd:03:d7:5a:ff:c7:d5:bd:fa:16:d5:b3:74:23:3a:
         0d:93:3e:a0:c6:b5:d1:10:a5:6b:e7:56:08:a4:40:5f:66:1f:
         cf:9e:e6:89:6f:bb:61:b3:f5:7e:13:1e:76:33:f0:f0:74:d4:
         d4:11:3d:52:a7:70:10:96:ae:48:34:72:b9:f2:d1:c0:16:e1:
         fc:c2:ed:47
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI35ttI63yy66iXLLYRyIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODJiYzA2NTYwZGU5YTZhMWJkMTYzYTRkMzdlYjVjYmIxZWIyYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkodnJMD0vj6WFZoysz07RWNP0Frz
xObVHj3ot2CfPTUgZ698AyM+MSjh74ofGyG7hG8Nd3SMe8jWAC1AdGh9AHQn6zzM
co2NbTQj3BON/EenL295yTo3MbdDtKJpGdwBLszeF86E1UtGxpkZBAg4tl7NGxCu
sAUOGurwzQI3R0iLeo+OVTqHObd197bW1K+hSAc9m39UZ4v5Y+qBWfsEaadaeeBf
UOz8kk5Ay1tO0wrQXgVrUuuyYAga89mChPdAtn3V7cV5lpAFGXtK6CQgrJfseCX+
ku8dK0mANgfjaYBoPrMw1pN7gN0DPF0u/zkr5iS4JW26lRKmGe7hsEqOaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJgrwGVg3ppqG9FjpNN+tcux6ythMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbUN2QVpXRGVtbW9iMFdPazAzNjF5N0hySzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7WAzAN
BgkqhkiG9w0BAQsFAAOCAQEAFApUchsAma3wUbiqKHh9nFR12TgJPTZM2O9mMj6E
H3revQVzasx8P/DfrTNp7x75DrggEhYIoMJ/l0dSJrGDuqU0Ykp/18UT+aC/sduW
74rn72/Rhibql+G9sm2gIJEYv9NZjg9Nb4GO6JFTQpLooezjDVToL52CH0o7Ila4
LcOBSdOJxPc5LNKXqXmZhXSgLQfYlM3sXniT4/LXMAQrXIog8aquOkESV+MngqME
qkFJGeERBWpYzQPXWv/H1b36FtWzdCM6DZM+oMa10RCla+dWCKRAX2Yfz57miW+7
YbP1fhMedjPw8HTU1BE9UqdwEJauSDRyufLRwBbh/MLtRw==
-----END CERTIFICATE-----