Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/Q0r3YKXp0tdDrYF0bSxbcLY79CI.roa
File:                     Q0r3YKXp0tdDrYF0bSxbcLY79CI.roa (raw, json)
Hash identifier:          Znx3sU7YybOBp/mkH1E5e2pL8SWDdsWeFEA7+cdVQ5U=
Subject key identifier:   43:4A:F7:60:A5:E9:D2:D7:43:AD:81:74:6D:2C:5B:70:B6:3B:F4:22
Certificate issuer:       /CN=a566d8337776c98746bd231e69e185db2a9a5be2
Certificate serial:       018CC34921862BD2599341500432F8494182
Authority key identifier: A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/Q0r3YKXp0tdDrYF0bSxbcLY79CI.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207835
IP address blocks:        2a0e:1540:f9c0::/42 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:21:86:2b:d2:59:93:41:50:04:32:f8:49:41:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a566d8337776c98746bd231e69e185db2a9a5be2
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=434af760a5e9d2d743ad81746d2c5b70b63bf422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d9:f2:0b:00:71:24:af:ef:d7:88:e9:5a:92:
                    4d:46:3d:30:1d:dd:81:52:20:c7:4c:95:a6:5f:b6:
                    38:d3:02:cd:7f:83:27:db:c7:50:1f:8d:06:04:67:
                    0b:1d:c2:e5:7a:8b:07:02:e9:70:4a:a8:cc:fd:2e:
                    fb:9d:a6:cc:1d:0c:fc:0b:f1:57:8a:67:37:b5:c2:
                    03:ca:ee:50:1a:7b:13:bf:8f:78:ff:36:fa:b5:b8:
                    07:a3:b9:f4:9c:e5:32:c8:9b:49:6f:7a:87:a7:2e:
                    5a:2f:ed:17:f8:37:6f:40:41:40:4d:67:4e:92:a0:
                    f1:c5:a2:e2:75:9a:34:f6:ec:c1:1e:09:9a:cc:89:
                    0b:29:3d:0b:e9:44:af:03:2a:18:94:62:b2:2c:41:
                    75:1a:45:66:87:b2:5c:81:5d:10:3b:ec:ec:a6:f8:
                    06:64:b4:d9:38:9f:3a:3b:f8:03:f0:27:7f:8b:c7:
                    5f:e1:1c:89:c2:32:d5:dc:d2:0a:e9:e2:a6:b6:09:
                    fe:01:01:1e:a9:39:66:50:0c:c8:89:f9:70:1a:2a:
                    f4:e2:dc:cf:b7:36:49:30:22:7d:d7:99:b3:18:e4:
                    99:f5:4b:e6:46:45:d7:a0:55:9d:ea:ac:c9:7d:77:
                    34:95:2a:4e:28:35:47:e2:03:f4:52:e3:57:06:67:
                    fb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4A:F7:60:A5:E9:D2:D7:43:AD:81:74:6D:2C:5B:70:B6:3B:F4:22
            X509v3 Authority Key Identifier:
                keyid:A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/Q0r3YKXp0tdDrYF0bSxbcLY79CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1540:f9c0::/42

    Signature Algorithm: sha256WithRSAEncryption
         cc:70:af:f4:f7:f6:18:34:3a:d4:92:e0:cd:73:7f:63:8b:bd:
         35:c8:dc:a1:b0:f2:eb:54:b2:da:6a:d6:70:82:94:d7:55:aa:
         16:45:88:c1:4b:8c:83:f6:d4:aa:58:cb:17:72:40:f0:c7:c0:
         ec:fa:a5:34:f1:e2:87:29:23:34:e1:20:6b:ef:80:68:1a:dc:
         cb:cf:81:f3:c5:b2:f9:9e:d6:05:74:4b:1e:f2:72:42:4e:f2:
         ac:db:43:c6:93:b7:cd:93:b1:a8:43:2d:81:51:5c:20:ef:6a:
         29:72:55:ff:3d:05:49:f8:8b:15:0d:b3:0f:12:13:b8:31:a6:
         14:21:83:23:00:db:fe:64:54:52:0f:2a:2f:fb:d6:fc:98:5a:
         cd:cb:dd:43:6b:0b:de:dd:04:d7:37:e2:0e:0d:79:71:05:48:
         2e:2a:33:d5:b1:e6:99:56:fc:a8:24:72:4e:60:94:0b:7c:d4:
         c3:49:c2:71:44:ea:69:bd:cf:e1:f8:b9:ad:a9:b7:9b:80:b3:
         b2:24:ce:3e:14:0c:a4:11:29:d3:6f:91:24:04:54:8b:f9:8a:
         48:c8:a0:82:3b:b3:65:45:c8:18:cb:6a:47:5a:79:09:d8:31:
         7e:55:d1:35:f0:e6:31:1f:83:bc:b0:71:5e:5e:1e:e8:9d:70:
         ba:3d:03:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSSGGK9JZk0FQBDL4SUGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjZkODMzNzc3NmM5ODc0NmJkMjMxZTY5ZTE4NWRiMmE5
YTViZTIwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzRhZjc2MGE1ZTlkMmQ3NDNhZDgxNzQ2ZDJjNWI3MGI2M2JmNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9nyCwBxJK/v14jpWpJNRj0wHd2B
UiDHTJWmX7Y40wLNf4Mn28dQH40GBGcLHcLleosHAulwSqjM/S77nabMHQz8C/FX
imc3tcIDyu5QGnsTv494/zb6tbgHo7n0nOUyyJtJb3qHpy5aL+0X+DdvQEFATWdO
kqDxxaLidZo09uzBHgmazIkLKT0L6USvAyoYlGKyLEF1GkVmh7JcgV0QO+zspvgG
ZLTZOJ86O/gD8Cd/i8df4RyJwjLV3NIK6eKmtgn+AQEeqTlmUAzIiflwGir04tzP
tzZJMCJ915mzGOSZ9UvmRkXXoFWd6qzJfXc0lSpOKDVH4gP0UuNXBmf7mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFENK92Cl6dLXQ62BdG0sW3C2O/QiMB8GA1UdIwQY
MBaAFKVm2DN3dsmHRr0jHmnhhdsqmlviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgt
MWI3NTg2N2U4ZGZmLzEvUTByM1lLWHAwdGREcllGMGJTeGJjTFk3OUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgtMWI3NTg2N2U4ZGZm
LzEvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKg4VQPnA
MA0GCSqGSIb3DQEBCwUAA4IBAQDMcK/09/YYNDrUkuDNc39ji701yNyhsPLrVLLa
atZwgpTXVaoWRYjBS4yD9tSqWMsXckDwx8Ds+qU08eKHKSM04SBr74BoGtzLz4Hz
xbL5ntYFdEse8nJCTvKs20PGk7fNk7GoQy2BUVwg72opclX/PQVJ+IsVDbMPEhO4
MaYUIYMjANv+ZFRSDyov+9b8mFrNy91Dawve3QTXN+IODXlxBUguKjPVseaZVvyo
JHJOYJQLfNTDScJxROppvc/h+LmtqbebgLOyJM4+FAykESnTb5EkBFSL+YpIyKCC
O7NlRcgYy2pHWnkJ2DF+VdE18OYxH4O8sHFeXh7onXC6PQMG
-----END CERTIFICATE-----