Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/5iuIoZCzvZZQfQqhdJRfyO5Y0Ok.roa
File:                     5iuIoZCzvZZQfQqhdJRfyO5Y0Ok.roa (raw, json)
Hash identifier:          k/hyZPS5vqXSZeFYZYvLSk8Rp6GBrOA39N3xoEljDnE=
Subject key identifier:   E6:2B:88:A1:90:B3:BD:96:50:7D:0A:A1:74:94:5F:C8:EE:58:D0:E9
Certificate issuer:       /CN=8c856557c4146a8b50dc4d94424b06680cef755b
Certificate serial:       018CC26D472C88CD939835DEBC7975A51A8B
Authority key identifier: 8C:85:65:57:C4:14:6A:8B:50:DC:4D:94:42:4B:06:68:0C:EF:75:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jIVlV8QUaotQ3E2UQksGaAzvdVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/5iuIoZCzvZZQfQqhdJRfyO5Y0Ok.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49846
IP address blocks:        2a01:348:317:8000::/49 maxlen: 49

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/jIVlV8QUaotQ3E2UQksGaAzvdVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/jIVlV8QUaotQ3E2UQksGaAzvdVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jIVlV8QUaotQ3E2UQksGaAzvdVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:2c:88:cd:93:98:35:de:bc:79:75:a5:1a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c856557c4146a8b50dc4d94424b06680cef755b
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e62b88a190b3bd96507d0aa174945fc8ee58d0e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b5:af:3a:db:f7:27:7f:a3:0c:03:ad:bc:2b:
                    b6:2a:df:2d:39:03:49:c1:a8:ca:57:7b:34:33:41:
                    58:6c:df:6d:3f:a6:d9:6f:6f:e9:39:53:fc:73:88:
                    13:eb:e6:7e:cb:a6:7f:2a:f9:88:c4:0d:d7:63:96:
                    e1:f8:31:e3:40:5e:e8:9e:3d:d5:99:82:0a:03:db:
                    28:e2:37:56:ab:99:61:3c:03:90:4b:0e:c8:0c:06:
                    ca:ea:b4:f0:7a:b7:00:da:4f:6b:44:0b:9b:5a:37:
                    1b:a9:44:48:5e:58:83:4a:f2:09:83:38:13:39:62:
                    1b:60:27:c8:ca:18:3e:04:fe:12:12:99:fa:f7:51:
                    9b:f3:7e:bb:67:e0:36:17:28:53:db:a9:3c:ba:0d:
                    5f:92:d2:07:f5:1f:ce:b0:36:09:db:38:21:16:92:
                    e9:97:c8:66:fd:c7:e4:95:4e:00:d1:8d:15:c9:63:
                    c7:d6:7f:16:4c:e3:0c:8f:88:85:fd:ef:40:08:f5:
                    b7:69:f6:70:30:3c:82:0d:ae:e8:91:cd:b1:f9:ba:
                    ac:f3:28:81:dd:71:12:1a:02:3e:e6:84:5b:77:90:
                    0e:b6:7c:f7:1b:50:18:90:e9:ce:6a:72:dc:82:79:
                    21:f1:ff:20:71:70:90:90:d9:98:af:0c:5a:b6:3a:
                    15:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:2B:88:A1:90:B3:BD:96:50:7D:0A:A1:74:94:5F:C8:EE:58:D0:E9
            X509v3 Authority Key Identifier:
                keyid:8C:85:65:57:C4:14:6A:8B:50:DC:4D:94:42:4B:06:68:0C:EF:75:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jIVlV8QUaotQ3E2UQksGaAzvdVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/5iuIoZCzvZZQfQqhdJRfyO5Y0Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/jIVlV8QUaotQ3E2UQksGaAzvdVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:348:317:8000::/49

    Signature Algorithm: sha256WithRSAEncryption
         a5:40:55:c8:8a:49:32:1c:02:b2:69:6d:09:e8:d6:8b:e9:a9:
         f9:5f:01:11:cc:57:e8:d6:b4:b7:70:ff:0e:91:7b:d7:84:0c:
         da:81:25:9e:bc:1a:b9:c5:82:5a:ff:af:57:8f:ab:46:31:4d:
         a3:fa:57:2d:56:2e:11:85:f0:70:43:ef:2f:b7:f7:d0:58:32:
         f6:bd:eb:45:9d:a1:ac:91:7d:aa:3d:c7:bb:3c:b6:8e:21:7f:
         5c:21:7f:8d:97:b2:d8:01:01:fe:4e:af:da:0a:d0:bd:47:b4:
         8c:8b:da:e9:3b:76:0a:8e:b2:32:d0:9d:93:a6:54:f1:04:88:
         ce:3a:63:a6:af:3f:1d:fd:a0:05:f1:18:3b:e2:4a:e6:3d:31:
         ed:e8:d6:a1:b2:a3:f2:b6:d1:a6:12:1d:38:08:33:93:f8:52:
         e2:ef:b7:05:9e:f7:23:f5:23:67:7c:e7:ac:19:b8:c2:ae:1d:
         b9:fb:8c:17:95:0d:44:77:ae:30:77:2e:b5:4e:86:b4:fa:f3:
         38:23:c9:41:15:0f:8c:dd:84:22:72:11:7e:4e:69:15:e9:7c:
         62:d1:3c:8d:30:e3:31:30:1c:b0:10:70:15:f2:ec:aa:d1:b7:
         af:70:94:fc:69:39:1c:59:b4:5a:ac:ef:b9:07:c0:2d:e7:99:
         0f:0b:86:f7
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzCbUcsiM2TmDXevHl1pRqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjODU2NTU3YzQxNDZhOGI1MGRjNGQ5NDQyNGIwNjY4MGNl
Zjc1NWIwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjJiODhhMTkwYjNiZDk2NTA3ZDBhYTE3NDk0NWZjOGVlNThkMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorWvOtv3J3+jDAOtvCu2Kt8tOQNJ
wajKV3s0M0FYbN9tP6bZb2/pOVP8c4gT6+Z+y6Z/KvmIxA3XY5bh+DHjQF7onj3V
mYIKA9so4jdWq5lhPAOQSw7IDAbK6rTwercA2k9rRAubWjcbqURIXliDSvIJgzgT
OWIbYCfIyhg+BP4SEpn691Gb8367Z+A2FyhT26k8ug1fktIH9R/OsDYJ2zghFpLp
l8hm/cfklU4A0Y0VyWPH1n8WTOMMj4iF/e9ACPW3afZwMDyCDa7okc2x+bqs8yiB
3XESGgI+5oRbd5AOtnz3G1AYkOnOanLcgnkh8f8gcXCQkNmYrwxatjoV5QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFOYriKGQs72WUH0KoXSUX8juWNDpMB8GA1UdIwQY
MBaAFIyFZVfEFGqLUNxNlEJLBmgM73VbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaklWbFY4UVVhb3RRM0UyVVFrc0dhQXp2ZFZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDZhZGItN2FhNy00YjgyLWIwNWEt
MmE2YjlhMGNjYWJkLzEvNWl1SW9aQ3p2WlpRZlFxaGRKUmZ5TzVZME9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDZhZGItN2FhNy00YjgyLWIwNWEtMmE2YjlhMGNjYWJk
LzEvaklWbFY4UVVhb3RRM0UyVVFrc0dhQXp2ZFZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAAjAKAwgHKgEDSAMX
gDANBgkqhkiG9w0BAQsFAAOCAQEApUBVyIpJMhwCsmltCejWi+mp+V8BEcxX6Na0
t3D/DpF714QM2oElnrwaucWCWv+vV4+rRjFNo/pXLVYuEYXwcEPvL7f30Fgy9r3r
RZ2hrJF9qj3Huzy2jiF/XCF/jZey2AEB/k6v2grQvUe0jIva6Tt2Co6yMtCdk6ZU
8QSIzjpjpq8/Hf2gBfEYO+JK5j0x7ejWobKj8rbRphIdOAgzk/hS4u+3BZ73I/Uj
Z3znrBm4wq4dufuMF5UNRHeuMHcutU6GtPrzOCPJQRUPjN2EInIRfk5pFel8YtE8
jTDjMTAcsBBwFfLsqtG3r3CU/Gk5HFm0WqzvuQfALeeZDwuG9w==
-----END CERTIFICATE-----