Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/Uaznv0pZ0wmKtKM9xY-vR6sOGk8.roa
File:                     Uaznv0pZ0wmKtKM9xY-vR6sOGk8.roa (raw, json)
Hash identifier:          C7xq3SD0FwCxHn9VXkUqO4z6C1TJF3izWxnv2TLIzsw=
Subject key identifier:   51:AC:E7:BF:4A:59:D3:09:8A:B4:A3:3D:C5:8F:AF:47:AB:0E:1A:4F
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B7A67C3C4DF34E48C23AFF2A2E57B
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/Uaznv0pZ0wmKtKM9xY-vR6sOGk8.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202313
IP address blocks:        2a0d:1a40:fa0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7a:67:c3:c4:df:34:e4:8c:23:af:f2:a2:e5:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51ace7bf4a59d3098ab4a33dc58faf47ab0e1a4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:68:a9:1e:2b:15:d6:5b:53:bb:ca:91:e6:e2:
                    c9:c6:94:c3:b7:b9:53:4f:4d:9d:cf:90:15:43:8f:
                    d9:ac:a3:73:02:7c:b5:d0:22:89:9c:17:d2:7f:74:
                    7c:df:61:46:cc:65:88:43:87:46:c0:4d:60:f4:8d:
                    89:84:4b:32:20:13:4a:d2:be:ed:e2:7b:d1:bd:6b:
                    16:29:3c:1d:d9:6a:20:2e:ea:63:90:33:22:9f:94:
                    a7:67:aa:36:dd:38:a2:f5:38:c2:a6:b8:06:ad:1a:
                    9c:8d:71:d6:20:99:5d:b5:53:b3:03:bf:31:38:d2:
                    ee:64:2a:38:36:e9:71:72:99:51:45:0a:d0:6f:d8:
                    d6:16:bd:97:57:ee:8e:61:af:70:09:66:f0:db:17:
                    05:97:85:37:5b:67:57:4d:05:e3:5e:8d:24:5b:6a:
                    09:57:f8:c1:4b:0e:00:56:7d:79:53:bd:bc:92:f7:
                    99:a0:61:99:7a:be:62:f6:6f:8a:97:f1:94:3a:39:
                    5b:86:b3:f2:2d:63:de:a5:04:07:33:3d:72:cd:7d:
                    75:f3:5e:3e:a7:bc:3f:8c:ef:31:f8:64:de:16:09:
                    83:5f:9e:71:c8:5d:5e:c0:04:50:ed:7a:33:61:26:
                    45:34:56:e4:c0:63:4e:91:11:89:ce:45:97:4c:9b:
                    e4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:AC:E7:BF:4A:59:D3:09:8A:B4:A3:3D:C5:8F:AF:47:AB:0E:1A:4F
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/Uaznv0pZ0wmKtKM9xY-vR6sOGk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1a40:fa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:44:bf:cd:a5:98:02:b5:04:0e:af:45:14:58:bf:00:3b:36:
         ea:6e:d5:79:df:ea:85:5a:76:6d:8b:4e:90:19:3e:cf:5b:89:
         52:7f:4b:c1:50:b1:fb:8a:94:79:f1:d8:21:77:18:6d:0b:14:
         24:d1:ac:20:56:23:e3:fa:87:d9:b2:0f:7e:73:cc:39:92:1a:
         ba:62:bf:4c:d1:a4:8f:c4:03:1a:13:62:2c:b2:b5:4d:03:bf:
         9d:77:65:0f:83:ca:0c:5e:a7:a5:d1:2b:6c:10:b7:86:1f:75:
         5f:96:d7:82:e3:9f:60:4d:a8:55:b0:52:59:f6:62:24:9a:d3:
         18:dd:b3:24:eb:06:50:34:6a:2e:33:2d:a9:c8:a5:e9:58:0d:
         29:bc:e2:d6:fa:13:bc:0f:41:c0:7b:78:91:02:23:d3:61:2c:
         d2:c6:8b:e0:30:91:38:1a:90:56:25:0d:bc:5e:2c:ce:41:c2:
         fb:3f:67:30:e3:66:5f:8b:a3:8d:1b:c9:89:80:2b:b4:14:a1:
         ed:f1:eb:cf:78:80:85:05:ab:46:03:3e:c9:8b:cd:70:2b:1b:
         c7:c8:a5:63:b9:30:4e:9c:6b:1b:60:b2:62:9b:4e:8b:8c:62:
         fa:06:87:49:a8:7d:24:2a:61:6d:4b:4d:cf:c6:f1:6f:f7:23:
         66:e5:54:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS3pnw8TfNOSMI6/youV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWFjZTdiZjRhNTlkMzA5OGFiNGEzM2RjNThmYWY0N2FiMGUxYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGipHisV1ltTu8qR5uLJxpTDt7lT
T02dz5AVQ4/ZrKNzAny10CKJnBfSf3R832FGzGWIQ4dGwE1g9I2JhEsyIBNK0r7t
4nvRvWsWKTwd2WogLupjkDMin5SnZ6o23Tii9TjCprgGrRqcjXHWIJldtVOzA78x
ONLuZCo4NulxcplRRQrQb9jWFr2XV+6OYa9wCWbw2xcFl4U3W2dXTQXjXo0kW2oJ
V/jBSw4AVn15U728kveZoGGZer5i9m+Kl/GUOjlbhrPyLWPepQQHMz1yzX11814+
p7w/jO8x+GTeFgmDX55xyF1ewARQ7XozYSZFNFbkwGNOkRGJzkWXTJvkMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFGs579KWdMJirSjPcWPr0erDhpPMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvVWF6bnYwcFowd21LdEtNOXhZLXZSNnNPR2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0aQA+g
MA0GCSqGSIb3DQEBCwUAA4IBAQAlRL/NpZgCtQQOr0UUWL8AOzbqbtV53+qFWnZt
i06QGT7PW4lSf0vBULH7ipR58dghdxhtCxQk0awgViPj+ofZsg9+c8w5khq6Yr9M
0aSPxAMaE2IssrVNA7+dd2UPg8oMXqel0StsELeGH3VflteC459gTahVsFJZ9mIk
mtMY3bMk6wZQNGouMy2pyKXpWA0pvOLW+hO8D0HAe3iRAiPTYSzSxovgMJE4GpBW
JQ28XizOQcL7P2cw42Zfi6ONG8mJgCu0FKHt8evPeICFBatGAz7Ji81wKxvHyKVj
uTBOnGsbYLJim06LjGL6BodJqH0kKmFtS03PxvFv9yNm5VS6
-----END CERTIFICATE-----