Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/48UHfzmWiAVRxS4Otcpy0ODRKeE.roa
File:                     48UHfzmWiAVRxS4Otcpy0ODRKeE.roa (raw, json)
Hash identifier:          iO9bP/Ht85C6UC+3ecfNnagsIeColrIER2vB5VGYGVA=
Subject key identifier:   E3:C5:07:7F:39:96:88:05:51:C5:2E:0E:B5:CA:72:D0:E0:D1:29:E1
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B7E5DEADC9E67CDA1E9DEDDA7EF46
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/48UHfzmWiAVRxS4Otcpy0ODRKeE.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210989
IP address blocks:        2a0d:1a40:7b00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7e:5d:ea:dc:9e:67:cd:a1:e9:de:dd:a7:ef:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3c5077f3996880551c52e0eb5ca72d0e0d129e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fa:ba:fd:6c:30:c1:bc:84:70:40:6a:9c:b8:
                    f5:19:f1:fe:18:6d:f5:20:f0:8a:15:0c:89:18:09:
                    5b:d7:5e:ff:87:2b:a7:bf:d4:bf:54:b8:0c:4e:aa:
                    90:3f:a0:ba:6f:fb:0c:df:0f:50:d4:1c:87:e7:2b:
                    52:56:77:8b:e0:f5:30:fe:3a:93:fe:53:fc:18:6b:
                    0d:a1:ad:e5:ce:58:1a:9c:e0:0b:d0:98:4d:6d:39:
                    e3:b5:28:8e:ea:25:af:38:45:7a:60:83:53:f3:57:
                    15:36:30:e6:36:74:c5:e5:6d:ab:c7:a9:19:77:6f:
                    f3:ed:70:24:ec:37:b6:75:02:26:a3:87:b7:05:83:
                    8a:36:61:20:86:b2:6e:22:44:39:16:09:bb:58:7b:
                    54:d7:99:81:60:79:1c:87:c8:28:81:62:b1:1b:44:
                    42:31:65:a6:3e:48:02:1e:ff:a3:b3:28:cd:31:84:
                    db:a8:0d:b4:0d:39:d9:f9:ba:6a:4d:32:fc:72:f3:
                    e1:10:ef:41:71:85:f4:26:32:06:e8:fb:07:92:22:
                    42:d4:bf:23:cf:b1:61:7f:0e:b0:63:41:54:61:e7:
                    94:56:22:20:6e:3c:b6:da:2c:29:aa:2c:aa:d9:a0:
                    1b:b5:86:8b:3c:5e:38:8c:44:40:85:4a:2e:3b:24:
                    54:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C5:07:7F:39:96:88:05:51:C5:2E:0E:B5:CA:72:D0:E0:D1:29:E1
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/48UHfzmWiAVRxS4Otcpy0ODRKeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:7b00::/44

    Signature Algorithm: sha256WithRSAEncryption
         53:07:b9:c2:1e:2f:ab:2f:a3:8a:91:e0:86:b7:02:23:0b:fb:
         9a:41:c5:3e:7b:41:57:23:68:17:ba:cf:34:eb:b4:e2:9d:19:
         d2:cb:7e:4c:4d:9b:81:96:0a:09:d1:fa:69:11:83:83:a4:87:
         44:ab:2d:e5:f5:f9:55:05:e3:1f:3c:7e:f3:99:b8:59:7d:3e:
         af:7e:ca:8b:10:4b:66:b8:d7:3e:be:9d:a5:72:2a:34:0e:bd:
         62:05:bb:98:62:95:01:bc:9a:bf:a5:cd:60:38:a0:7f:02:28:
         be:05:0a:94:a3:be:19:6b:68:58:f0:63:c9:f0:84:cb:ea:45:
         15:65:f0:7c:0c:89:3a:48:db:90:0f:77:90:88:7e:c9:6c:cf:
         bb:7c:f4:ae:3b:e8:56:ac:72:07:de:0f:2c:9b:b5:c0:11:af:
         52:6d:f4:a0:c6:68:3a:ba:bd:82:ae:5b:af:31:61:2c:60:4f:
         fe:6a:b3:35:9a:ee:70:08:d0:d1:5c:b6:95:a5:42:1f:f0:18:
         2a:67:8b:80:39:8a:51:c1:04:00:7e:7a:46:d2:c3:f9:1c:7b:
         22:f8:57:f0:d3:ef:2c:cb:51:5f:01:e2:99:d2:b4:c4:8f:12:
         5d:41:49:13:8d:d6:c6:39:2b:db:48:c6:89:81:97:0e:78:00:
         a3:f0:a1:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS35d6tyeZ82h6d7dp+9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M1MDc3ZjM5OTY4ODA1NTFjNTJlMGViNWNhNzJkMGUwZDEyOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofq6/WwwwbyEcEBqnLj1GfH+GG31
IPCKFQyJGAlb117/hyunv9S/VLgMTqqQP6C6b/sM3w9Q1ByH5ytSVneL4PUw/jqT
/lP8GGsNoa3lzlganOAL0JhNbTnjtSiO6iWvOEV6YINT81cVNjDmNnTF5W2rx6kZ
d2/z7XAk7De2dQImo4e3BYOKNmEghrJuIkQ5Fgm7WHtU15mBYHkch8gogWKxG0RC
MWWmPkgCHv+jsyjNMYTbqA20DTnZ+bpqTTL8cvPhEO9BcYX0JjIG6PsHkiJC1L8j
z7Fhfw6wY0FUYeeUViIgbjy22iwpqiyq2aAbtYaLPF44jERAhUouOyRUHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOPFB385logFUcUuDrXKctDg0SnhMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvNDhVSGZ6bVdpQVZSeFM0T3RjcHkwT0RSS2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0aQHsA
MA0GCSqGSIb3DQEBCwUAA4IBAQBTB7nCHi+rL6OKkeCGtwIjC/uaQcU+e0FXI2gX
us8067TinRnSy35MTZuBlgoJ0fppEYODpIdEqy3l9flVBeMfPH7zmbhZfT6vfsqL
EEtmuNc+vp2lcio0Dr1iBbuYYpUBvJq/pc1gOKB/Aii+BQqUo74Za2hY8GPJ8ITL
6kUVZfB8DIk6SNuQD3eQiH7JbM+7fPSuO+hWrHIH3g8sm7XAEa9SbfSgxmg6ur2C
rluvMWEsYE/+arM1mu5wCNDRXLaVpUIf8BgqZ4uAOYpRwQQAfnpG0sP5HHsi+Ffw
0+8sy1FfAeKZ0rTEjxJdQUkTjdbGOSvbSMaJgZcOeACj8KF0
-----END CERTIFICATE-----