Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/kM9c7FUqGAX27htz9_ZjlD9ROLQ.roa
File:                     kM9c7FUqGAX27htz9_ZjlD9ROLQ.roa (raw, json)
Hash identifier:          Ye+1IDSow7ShRSUBtqdjatvLhmrX24sxbOMwbfYuEVM=
Subject key identifier:   90:CF:5C:EC:55:2A:18:05:F6:EE:1B:73:F7:F6:63:94:3F:51:38:B4
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018E77E4292C41D151959D7D728B26461DDF
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/kM9c7FUqGAX27htz9_ZjlD9ROLQ.roa
Signing time:             Mon 25 Mar 2024 23:13:45 +0000
ROA not before:           Mon 25 Mar 2024 23:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51714
IP address blocks:        2a09:ff00:103::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:77:e4:29:2c:41:d1:51:95:9d:7d:72:8b:26:46:1d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Mar 25 23:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90cf5cec552a1805f6ee1b73f7f663943f5138b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:19:61:96:1d:e8:92:55:be:34:2e:a2:4d:79:
                    73:5a:ac:5f:ad:af:af:ab:43:fb:71:b4:6e:99:3c:
                    52:18:b5:be:aa:b8:bf:30:07:6a:3c:e5:b6:fd:74:
                    e2:51:c0:cf:57:46:ef:06:be:c8:8d:37:41:6c:b4:
                    b5:af:c9:9c:a8:ae:f4:62:78:ff:ca:93:d7:3b:5c:
                    6a:07:c3:f1:33:87:5f:98:78:55:72:0f:9c:75:66:
                    61:91:99:72:0a:b6:7e:dd:e5:08:24:8e:9d:aa:fe:
                    73:64:3e:2b:d3:d2:8c:6b:7a:89:3d:ec:51:b6:5b:
                    c4:b9:22:da:08:7a:c5:5b:d8:5a:db:5e:ce:86:ac:
                    6b:a6:8c:eb:48:82:d2:fa:85:44:b2:38:de:e0:4d:
                    10:f6:0c:48:a1:b7:6c:97:55:79:73:b8:7a:4f:ca:
                    c5:61:77:7f:96:e8:66:af:fe:cb:fa:31:58:29:d5:
                    a8:82:f1:ec:77:03:d7:a4:a4:ec:dd:3b:8d:83:d4:
                    dd:7e:6e:23:17:9f:52:94:d8:62:9f:dd:49:9e:37:
                    8c:81:26:5c:ec:be:cb:d7:7f:dc:01:43:00:db:90:
                    00:e2:80:37:26:fe:96:4b:e9:6c:bb:39:f1:d5:6a:
                    c0:81:56:a6:20:23:07:3f:cc:57:2d:43:ea:9e:d5:
                    fd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CF:5C:EC:55:2A:18:05:F6:EE:1B:73:F7:F6:63:94:3F:51:38:B4
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/kM9c7FUqGAX27htz9_ZjlD9ROLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ff00:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:e2:93:fc:68:e0:67:15:3f:33:5a:f4:2d:fb:7e:15:55:ec:
         18:6d:c5:83:ab:b6:af:b4:74:58:18:47:64:cf:8b:51:39:a0:
         0b:35:64:4f:83:3f:0f:8e:ee:af:61:d7:f5:4a:ff:bd:e5:db:
         53:99:35:b5:9e:5c:26:2a:00:16:a9:af:32:a9:37:e9:64:69:
         87:98:0b:34:28:aa:b3:65:39:7e:a2:1d:85:09:e2:5f:6a:64:
         1f:c9:6e:78:6d:33:6f:18:51:15:71:14:2c:4e:41:7a:46:e5:
         8d:40:c9:11:44:51:70:df:d1:d1:d7:55:04:62:2c:ba:b3:b8:
         65:d3:25:91:55:0a:67:91:7b:66:3c:bc:c4:fd:13:a6:91:4f:
         3c:48:dc:63:e9:c1:18:98:78:61:24:e6:29:2a:63:3e:5a:3f:
         bc:78:cd:6d:31:98:c0:c0:70:5c:b7:eb:aa:f7:da:7d:a0:a3:
         51:39:90:b3:3f:e1:78:4b:67:9f:d0:fc:60:8f:95:1e:85:f2:
         76:65:e6:74:7b:91:40:72:88:9c:4f:96:96:6f:fd:11:51:aa:
         5f:d7:b9:95:e5:13:d0:88:bc:bb:8b:37:4d:3e:4e:34:c9:27:
         e9:6a:60:30:bc:00:61:5f:c0:2a:a7:83:74:ea:71:e5:5a:d3:
         8e:8f:00:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY535CksQdFRlZ19cosmRh3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwMzI1MjMxMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNmNWNlYzU1MmExODA1ZjZlZTFiNzNmN2Y2NjM5NDNmNTEzOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohlhlh3oklW+NC6iTXlzWqxfra+v
q0P7cbRumTxSGLW+qri/MAdqPOW2/XTiUcDPV0bvBr7IjTdBbLS1r8mcqK70Ynj/
ypPXO1xqB8PxM4dfmHhVcg+cdWZhkZlyCrZ+3eUIJI6dqv5zZD4r09KMa3qJPexR
tlvEuSLaCHrFW9ha217OhqxrpozrSILS+oVEsjje4E0Q9gxIobdsl1V5c7h6T8rF
YXd/luhmr/7L+jFYKdWogvHsdwPXpKTs3TuNg9Tdfm4jF59SlNhin91JnjeMgSZc
7L7L13/cAUMA25AA4oA3Jv6WS+lsuznx1WrAgVamICMHP8xXLUPqntX9BwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJDPXOxVKhgF9u4bc/f2Y5Q/UTi0MB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEva005YzdGVXFHQVgyN2h0ejlfWmpsRDlST0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgn/AAED
MA0GCSqGSIb3DQEBCwUAA4IBAQB94pP8aOBnFT8zWvQt+34VVewYbcWDq7avtHRY
GEdkz4tROaALNWRPgz8Pju6vYdf1Sv+95dtTmTW1nlwmKgAWqa8yqTfpZGmHmAs0
KKqzZTl+oh2FCeJfamQfyW54bTNvGFEVcRQsTkF6RuWNQMkRRFFw39HR11UEYiy6
s7hl0yWRVQpnkXtmPLzE/ROmkU88SNxj6cEYmHhhJOYpKmM+Wj+8eM1tMZjAwHBc
t+uq99p9oKNROZCzP+F4S2ef0Pxgj5UehfJ2ZeZ0e5FAcoicT5aWb/0RUapf17mV
5RPQiLy7izdNPk40ySfpamAwvABhX8Aqp4N06nHlWtOOjwAT
-----END CERTIFICATE-----