Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/8u-JtuepV1qTRe4mewjV06Xxk94.roa
File:                     8u-JtuepV1qTRe4mewjV06Xxk94.roa (raw, json)
Hash identifier:          VGmAE8IbWQQAUpBf2xJmmApptXu1V3uXLrJPk6OE0+I=
Subject key identifier:   F2:EF:89:B6:E7:A9:57:5A:93:45:EE:26:7B:08:D5:D3:A5:F1:93:DE
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCDB673E4A6C08BD9D9C0514DD7732
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/8u-JtuepV1qTRe4mewjV06Xxk94.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50542
IP address blocks:        2a02:2698:1400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:db:67:3e:4a:6c:08:bd:9d:9c:05:14:dd:77:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2ef89b6e7a9575a9345ee267b08d5d3a5f193de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c6:41:d4:b4:46:cd:28:92:3f:56:52:d2:08:
                    0a:f0:05:d8:3e:93:ed:a0:89:f7:40:2b:13:cc:e0:
                    06:30:eb:56:5c:57:2b:5f:1e:f9:ed:07:35:5e:d2:
                    9b:e1:26:43:5d:63:e3:43:f7:e8:c2:c6:c3:34:7b:
                    29:58:f0:b8:a3:d9:ed:39:47:dc:57:e7:11:89:64:
                    b7:e1:c8:18:13:4f:a3:27:a4:43:bb:e4:1f:ea:ad:
                    22:ec:f4:d9:a4:e1:e8:2b:34:a1:20:23:1a:08:a1:
                    d0:37:1d:8e:21:8d:2a:0a:cb:f8:f5:49:43:f9:86:
                    19:6e:c6:6f:c5:f7:c8:ac:64:ca:c9:7d:7c:8c:09:
                    92:92:8e:6a:f7:57:01:ae:68:7f:9e:34:62:7d:e0:
                    47:65:aa:af:f9:35:f7:2d:ca:99:d4:a0:18:39:b7:
                    66:c4:29:e2:5c:3d:62:26:0f:56:e9:0e:53:bb:db:
                    38:b4:5e:41:78:d0:f2:79:86:36:80:61:9c:62:ec:
                    05:4f:01:31:17:ad:14:56:1f:c6:eb:a1:81:99:d7:
                    a6:4d:51:e8:e9:69:9b:2d:c1:84:82:fa:12:19:c5:
                    ba:46:3e:0f:43:f6:5a:b3:21:25:b9:e7:c3:5c:3b:
                    ae:e9:75:75:22:85:d9:d1:82:c9:a4:96:e2:45:e5:
                    8c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:EF:89:B6:E7:A9:57:5A:93:45:EE:26:7B:08:D5:D3:A5:F1:93:DE
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/8u-JtuepV1qTRe4mewjV06Xxk94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:1400::/38

    Signature Algorithm: sha256WithRSAEncryption
         21:f1:25:af:70:81:bf:8b:25:26:2a:3e:43:0b:5f:ea:a5:c8:
         6d:1c:97:71:34:94:d4:21:e6:f6:c9:c3:1e:18:b8:f7:67:c6:
         79:a1:c1:f3:d9:50:c8:56:0b:1e:4e:61:7e:b5:b3:26:74:4e:
         23:9e:13:fa:52:98:cb:22:50:fd:4a:e9:e0:f8:bb:50:9c:e7:
         2b:73:0d:df:a5:e4:e5:99:08:7c:52:8d:bd:fe:cb:88:fa:92:
         93:d6:4b:34:c9:d8:67:50:85:8c:84:ac:06:0c:17:f1:d8:b2:
         4b:a1:da:5e:b7:72:7b:3a:42:66:87:f5:87:46:99:56:d6:80:
         20:94:53:f8:7c:de:4a:18:d8:bf:33:3d:b6:c9:85:03:4b:3d:
         c4:fb:93:76:5b:0e:dd:a2:7e:04:aa:8b:45:16:4b:db:14:a4:
         4c:c6:87:e9:9f:cd:a2:a9:9f:58:59:8b:1b:25:4f:16:0b:89:
         c4:fd:18:d0:20:56:6a:10:da:83:02:18:3e:30:bb:81:95:f0:
         7f:ef:09:e5:1f:1c:43:38:b6:04:f1:27:a2:18:86:ed:99:a3:
         b9:25:17:9a:bf:bd:fb:33:92:32:25:c2:35:0d:fe:a1:70:83:
         bb:f2:a6:b6:24:6a:53:17:0a:10:27:85:c2:ac:72:ba:c1:9e:
         86:cd:ed:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvNtnPkpsCL2dnAUU3XcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmVmODliNmU3YTk1NzVhOTM0NWVlMjY3YjA4ZDVkM2E1ZjE5M2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcZB1LRGzSiSP1ZS0ggK8AXYPpPt
oIn3QCsTzOAGMOtWXFcrXx757Qc1XtKb4SZDXWPjQ/fowsbDNHspWPC4o9ntOUfc
V+cRiWS34cgYE0+jJ6RDu+Qf6q0i7PTZpOHoKzShICMaCKHQNx2OIY0qCsv49UlD
+YYZbsZvxffIrGTKyX18jAmSko5q91cBrmh/njRifeBHZaqv+TX3LcqZ1KAYObdm
xCniXD1iJg9W6Q5Tu9s4tF5BeNDyeYY2gGGcYuwFTwExF60UVh/G66GBmdemTVHo
6WmbLcGEgvoSGcW6Rj4PQ/ZasyEluefDXDuu6XV1IoXZ0YLJpJbiReWMawIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPLvibbnqVdak0XuJnsI1dOl8ZPeMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvOHUtSnR1ZXBWMXFUUmU0bWV3alYwNlh4azk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmBQw
DQYJKoZIhvcNAQELBQADggEBACHxJa9wgb+LJSYqPkMLX+qlyG0cl3E0lNQh5vbJ
wx4YuPdnxnmhwfPZUMhWCx5OYX61syZ0TiOeE/pSmMsiUP1K6eD4u1Cc5ytzDd+l
5OWZCHxSjb3+y4j6kpPWSzTJ2GdQhYyErAYMF/HYskuh2l63cns6QmaH9YdGmVbW
gCCUU/h83koY2L8zPbbJhQNLPcT7k3ZbDt2ifgSqi0UWS9sUpEzGh+mfzaKpn1hZ
ixslTxYLicT9GNAgVmoQ2oMCGD4wu4GV8H/vCeUfHEM4tgTxJ6IYhu2Zo7klF5q/
vfszkjIlwjUN/qFwg7vyprYkalMXChAnhcKscrrBnobN7TI=
-----END CERTIFICATE-----