Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Ue_lxNppAzB5mRwvK6c5gRBj28w.roa
File:                     Ue_lxNppAzB5mRwvK6c5gRBj28w.roa (raw, json)
Hash identifier:          6gfwHrTuiQdGSp92xX4Ce2vze2MtiLfM3q+vytYNib0=
Subject key identifier:   51:EF:E5:C4:DA:69:03:30:79:99:1C:2F:2B:A7:39:81:10:63:DB:CC
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCE03A7E2B8961F0B3BBA3C001EBBB
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Ue_lxNppAzB5mRwvK6c5gRBj28w.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52207
IP address blocks:        2a02:2698:7c00::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e0:3a:7e:2b:89:61:f0:b3:bb:a3:c0:01:eb:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51efe5c4da69033079991c2f2ba739811063dbcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ba:25:0a:40:b1:ae:bd:f4:33:09:36:50:9c:
                    61:a2:9d:18:75:3c:6a:e5:43:a4:75:99:62:74:14:
                    b1:21:dc:ca:b5:54:3e:b3:34:c5:0f:5c:1b:90:7b:
                    a7:8b:6f:44:b7:b0:92:1b:9d:08:18:2c:ee:da:f2:
                    04:93:c0:65:da:f9:14:8b:77:b0:7f:1c:47:be:cd:
                    48:6e:a7:fb:73:cd:e3:53:b4:3d:8b:6a:45:90:a0:
                    11:f3:48:b4:65:47:f8:3a:7a:48:43:46:51:e9:7d:
                    3d:6a:d1:79:d3:5b:6d:e2:42:a8:9c:4d:78:32:8f:
                    c0:d3:e4:37:e5:f5:a3:c3:5c:b9:16:4a:de:b1:7a:
                    68:25:fc:cb:2c:21:c7:d1:30:13:5c:e7:d5:b1:37:
                    41:17:e3:83:16:7e:20:74:94:7a:86:0e:e6:13:ad:
                    e0:d6:fa:8e:b1:74:cd:9c:eb:af:1c:2c:f0:ba:a9:
                    15:0a:6a:78:13:c9:1a:8a:cf:1d:07:85:e4:1a:58:
                    55:48:a0:98:fe:12:d7:b5:35:f9:4b:dd:87:df:18:
                    1f:dc:8b:4d:83:1a:7a:c5:51:22:29:94:1c:49:b4:
                    99:b2:f9:f4:f1:85:14:c0:0c:37:bb:2b:8b:bb:2e:
                    29:d2:7a:1f:61:78:aa:d6:dc:f7:94:6f:dd:d2:dd:
                    e4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:EF:E5:C4:DA:69:03:30:79:99:1C:2F:2B:A7:39:81:10:63:DB:CC
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/Ue_lxNppAzB5mRwvK6c5gRBj28w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:7c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         5a:e6:0f:84:34:9e:8a:a3:7b:a3:fb:38:34:58:e9:63:30:4b:
         4d:b0:56:31:0d:b9:ef:fb:d0:bc:09:78:fd:f5:b4:82:15:ba:
         41:4d:80:f7:b3:5c:97:2f:49:58:3e:57:d2:10:40:b8:bd:9f:
         9b:77:ca:5b:59:8f:23:03:cb:15:7b:28:c2:1e:20:2b:9c:42:
         72:e1:83:a8:fd:3c:25:54:e1:68:66:e4:31:e5:5b:07:ff:a8:
         1c:c1:30:bb:c8:77:2f:3d:7e:14:35:72:61:3a:e7:d5:63:7b:
         9c:2a:66:b4:49:65:00:4c:bd:8b:0e:3d:91:ec:9f:7e:a9:ed:
         0e:f3:f6:48:e4:d7:81:e9:ab:29:00:a4:dc:78:1e:7c:da:01:
         4e:06:71:01:3a:1a:36:94:1d:67:87:fb:16:c4:4c:96:6d:27:
         70:32:5f:70:ff:c0:b7:a5:0f:86:70:25:e2:67:bb:a9:81:05:
         10:85:a7:01:af:e9:9b:fd:60:4e:8d:ff:74:98:46:9c:26:01:
         f2:66:b7:d2:31:96:2a:46:47:ae:cb:e0:97:62:51:46:1f:a2:
         cd:cc:7d:f7:4c:93:a9:74:20:b6:7d:7e:c0:b7:e0:04:b5:e1:
         95:d9:d3:69:05:53:82:e0:9a:20:64:68:b0:15:f2:ee:8e:5c:
         5f:4e:4f:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvOA6fiuJYfCzu6PAAeu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWVmZTVjNGRhNjkwMzMwNzk5OTFjMmYyYmE3Mzk4MTEwNjNkYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLolCkCxrr30Mwk2UJxhop0YdTxq
5UOkdZlidBSxIdzKtVQ+szTFD1wbkHuni29Et7CSG50IGCzu2vIEk8Bl2vkUi3ew
fxxHvs1Ibqf7c83jU7Q9i2pFkKAR80i0ZUf4OnpIQ0ZR6X09atF501tt4kKonE14
Mo/A0+Q35fWjw1y5FkresXpoJfzLLCHH0TATXOfVsTdBF+ODFn4gdJR6hg7mE63g
1vqOsXTNnOuvHCzwuqkVCmp4E8kais8dB4XkGlhVSKCY/hLXtTX5S92H3xgf3ItN
gxp6xVEiKZQcSbSZsvn08YUUwAw3uyuLuy4p0nofYXiq1tz3lG/d0t3k4wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFHv5cTaaQMweZkcLyunOYEQY9vMMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvVWVfbHhOcHBBekI1bVJ3dks2YzVnUkJqMjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmHww
DQYJKoZIhvcNAQELBQADggEBAFrmD4Q0noqje6P7ODRY6WMwS02wVjENue/70LwJ
eP31tIIVukFNgPezXJcvSVg+V9IQQLi9n5t3yltZjyMDyxV7KMIeICucQnLhg6j9
PCVU4Whm5DHlWwf/qBzBMLvIdy89fhQ1cmE659Vje5wqZrRJZQBMvYsOPZHsn36p
7Q7z9kjk14HpqykApNx4HnzaAU4GcQE6GjaUHWeH+xbETJZtJ3AyX3D/wLelD4Zw
JeJnu6mBBRCFpwGv6Zv9YE6N/3SYRpwmAfJmt9IxlipGR67L4JdiUUYfos3MffdM
k6l0ILZ9fsC34AS14ZXZ02kFU4LgmiBkaLAV8u6OXF9OTwQ=
-----END CERTIFICATE-----