Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/r5I4-80QltknIQiW1ZKIiJr59K4.roa
File:                     r5I4-80QltknIQiW1ZKIiJr59K4.roa (raw, json)
Hash identifier:          M5/25/pB6S3WlX19umyLEtbdhVfO9WGj3r20H6KpJ2Q=
Subject key identifier:   AF:92:38:FB:CD:10:96:D9:27:21:08:96:D5:92:88:88:9A:F9:F4:AE
Certificate issuer:       /CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
Certificate serial:       018D662B1657603FF2A6A6E69C6BFB52DBAB
Authority key identifier: BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/r5I4-80QltknIQiW1ZKIiJr59K4.roa
Signing time:             Thu 01 Feb 2024 19:35:16 +0000
ROA not before:           Thu 01 Feb 2024 19:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215593
IP address blocks:        2a0e:8340:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 01:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:66:2b:16:57:60:3f:f2:a6:a6:e6:9c:6b:fb:52:db:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
        Validity
            Not Before: Feb  1 19:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af9238fbcd1096d927210896d59288889af9f4ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:bb:aa:86:82:54:b0:ab:e8:cf:ca:3f:2c:f2:
                    be:0f:be:44:e8:6f:bf:d7:1d:15:19:ba:d8:f7:5c:
                    ec:7c:e3:bc:56:a1:b4:2a:8a:3a:60:5f:d5:7f:2b:
                    50:da:f3:c7:45:87:d8:07:2a:6d:6e:69:41:10:63:
                    7a:27:ba:d4:fa:70:85:72:31:a6:59:10:27:5f:b9:
                    d6:d2:a0:9d:eb:12:eb:bb:d0:b5:02:d1:e7:be:5d:
                    4c:b2:ff:46:e7:3e:2b:a0:cf:94:13:d7:15:63:fc:
                    91:a8:75:69:e2:91:6f:59:17:e3:64:21:83:77:72:
                    63:ca:34:cc:d1:3f:e7:c3:11:c6:10:05:e1:20:ad:
                    b2:07:85:ba:85:43:9f:e2:ee:d3:57:12:4b:4b:88:
                    a0:fa:5c:fe:d9:87:ef:bc:20:fd:67:78:0d:68:c1:
                    94:61:73:ba:99:c0:77:a0:94:0a:c4:3b:eb:44:83:
                    44:65:53:dd:a6:fd:f5:f5:47:34:25:a1:b7:06:f1:
                    cb:7a:3c:bf:33:3a:de:cd:d0:ec:9d:60:67:51:15:
                    93:46:ff:5f:3a:de:58:78:cd:84:5a:b6:9c:b0:de:
                    7b:d3:07:86:ae:36:dc:48:66:c9:d8:57:1d:bd:62:
                    e9:b1:72:4d:84:8d:1d:15:d3:1d:1b:0b:6f:5c:bb:
                    88:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:92:38:FB:CD:10:96:D9:27:21:08:96:D5:92:88:88:9A:F9:F4:AE
            X509v3 Authority Key Identifier:
                keyid:BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/r5I4-80QltknIQiW1ZKIiJr59K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8340:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:9e:15:72:54:4f:01:91:76:fd:b0:64:7c:f4:4e:a5:8e:68:
         f0:31:c3:4a:95:a9:89:56:82:b1:ef:88:e0:b2:88:14:c6:ec:
         fd:b1:33:a0:99:47:67:94:20:a8:04:19:02:1b:29:36:29:11:
         eb:b4:7a:57:c1:09:ee:33:07:1a:e3:0a:4b:e0:0c:99:40:b2:
         44:6d:03:6f:17:c6:3b:13:4c:08:cd:51:45:e7:5f:e4:bb:0b:
         c8:9d:e2:c5:a2:76:f7:55:03:12:a9:22:ad:7e:eb:45:c8:36:
         14:90:8f:c4:ed:cc:98:24:33:a4:56:34:5f:ee:17:22:b1:90:
         de:0d:d8:a0:af:7e:bb:bd:2c:fe:93:69:3e:a1:bb:e7:6e:32:
         8c:45:a6:fb:9e:79:a3:e4:00:2a:76:d9:0c:ce:72:20:a2:69:
         df:c6:97:bc:0c:c0:90:a1:6c:89:fc:71:fd:7c:8e:06:35:77:
         ca:e6:1c:3e:0b:5a:c6:21:95:47:4a:89:88:f2:e5:4a:2d:d2:
         3f:2d:ea:0e:99:5b:7e:26:c0:d4:fb:62:c2:4b:01:a2:3c:40:
         6f:c4:e9:e3:38:cc:17:7d:5f:45:d7:80:55:a7:81:d1:aa:5c:
         5a:14:5a:ff:09:a1:20:43:f1:71:ea:e5:10:54:c4:a3:8e:94:
         b7:7b:86:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1mKxZXYD/ypqbmnGv7UturMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMjNiMDdhM2MwYWM5ZTMzM2Y1MmU4YjVkNDFhNzY4YTNk
MzkwMjUwHhcNMjQwMjAxMTkzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjkyMzhmYmNkMTA5NmQ5MjcyMTA4OTZkNTkyODg4ODlhZjlmNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7uqhoJUsKvoz8o/LPK+D75E6G+/
1x0VGbrY91zsfOO8VqG0Koo6YF/VfytQ2vPHRYfYByptbmlBEGN6J7rU+nCFcjGm
WRAnX7nW0qCd6xLru9C1AtHnvl1Msv9G5z4roM+UE9cVY/yRqHVp4pFvWRfjZCGD
d3JjyjTM0T/nwxHGEAXhIK2yB4W6hUOf4u7TVxJLS4ig+lz+2YfvvCD9Z3gNaMGU
YXO6mcB3oJQKxDvrRINEZVPdpv319Uc0JaG3BvHLejy/MzrezdDsnWBnURWTRv9f
Ot5YeM2EWracsN570weGrjbcSGbJ2FcdvWLpsXJNhI0dFdMdGwtvXLuIcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK+SOPvNEJbZJyEIltWSiIia+fSuMB8GA1UdIwQY
MBaAFLojsHo8CsnjM/Uui11Bp2ij05AlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEt
ODA2OWM0Njc3MWNjLzEvcjVJNC04MFFsdGtuSVFpVzFaS0lpSnI1OUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEtODA2OWM0Njc3MWNj
LzEvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6DQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCPnhVyVE8BkXb9sGR89E6ljmjwMcNKlamJVoKx
74jgsogUxuz9sTOgmUdnlCCoBBkCGyk2KRHrtHpXwQnuMwca4wpL4AyZQLJEbQNv
F8Y7E0wIzVFF51/kuwvIneLFonb3VQMSqSKtfutFyDYUkI/E7cyYJDOkVjRf7hci
sZDeDdigr367vSz+k2k+obvnbjKMRab7nnmj5AAqdtkMznIgomnfxpe8DMCQoWyJ
/HH9fI4GNXfK5hw+C1rGIZVHSomI8uVKLdI/LeoOmVt+JsDU+2LCSwGiPEBvxOnj
OMwXfV9F14BVp4HRqlxaFFr/CaEgQ/Fx6uUQVMSjjpS3e4aJ
-----END CERTIFICATE-----