Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/V-LCmOe10R8krDgxZ26_D69-M1s.roa
File:                     V-LCmOe10R8krDgxZ26_D69-M1s.roa (raw, json)
Hash identifier:          e5tLg2l3aiV5VWqL3jXIWtw0V144t3f3X8rGhSYx2N8=
Subject key identifier:   57:E2:C2:98:E7:B5:D1:1F:24:AC:38:31:67:6E:BF:0F:AF:7E:33:5B
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C5C009C35D0EBF219ECB9C980D4DD
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/V-LCmOe10R8krDgxZ26_D69-M1s.roa
Signing time:             Wed 01 Jan 2025 01:47:59 +0000
ROA not before:           Wed 01 Jan 2025 01:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41668
IP address blocks:        2a02:2698:2800::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5c:00:9c:35:d0:eb:f2:19:ec:b9:c9:80:d4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e2c298e7b5d11f24ac3831676ebf0faf7e335b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:91:c0:cd:80:60:6c:b3:10:71:8c:a3:c5:03:
                    a9:82:47:2f:74:1f:ae:52:8f:1b:ef:9c:d1:c8:0a:
                    9b:fd:27:f3:e3:f0:2f:95:c1:d6:c7:2c:cf:aa:0b:
                    6c:a7:a9:13:90:d1:43:fb:23:c1:b2:54:60:71:9b:
                    30:88:0d:42:ae:c3:52:ee:e4:60:f7:51:d8:45:5c:
                    48:cc:6a:29:81:4a:81:81:6a:0d:73:ee:24:b6:40:
                    c1:e8:cf:68:da:29:05:8f:e3:5d:28:92:eb:08:b5:
                    11:95:c1:ce:9c:26:3f:c2:64:ef:f4:6f:3a:83:19:
                    08:48:07:af:ac:03:ea:5d:d8:4a:41:46:1b:a5:64:
                    24:d6:fe:08:20:ae:cb:54:d7:3d:c6:0e:ba:ee:56:
                    cf:c6:d3:22:c5:f7:77:ae:48:c3:b2:60:90:db:de:
                    aa:b0:da:ff:e7:dd:75:a2:bf:78:62:47:38:94:46:
                    44:ea:4b:8c:e5:be:3b:20:72:a2:17:e2:5a:2d:82:
                    3e:fa:d8:14:0e:5b:9a:94:85:3c:95:65:02:12:e7:
                    78:c2:06:df:9e:1d:5e:b1:73:c1:d5:a5:3a:0b:6c:
                    50:e0:94:ef:10:f2:9a:7e:84:13:9a:f5:12:38:1f:
                    c8:c3:89:9c:d3:1a:10:f9:2e:7a:72:14:d9:11:95:
                    3e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E2:C2:98:E7:B5:D1:1F:24:AC:38:31:67:6E:BF:0F:AF:7E:33:5B
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/V-LCmOe10R8krDgxZ26_D69-M1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:2800::/38

    Signature Algorithm: sha256WithRSAEncryption
         b1:23:1d:87:67:52:d5:a3:49:9c:aa:03:50:15:19:20:00:ac:
         7f:7f:ad:e6:f7:4d:e2:24:86:9a:97:63:bf:85:2e:5e:25:64:
         87:9d:97:4e:3d:ef:b8:bb:26:29:f6:82:99:36:db:d1:34:0f:
         df:04:8a:05:f5:31:ef:5d:d6:3a:9e:74:b8:d6:a8:80:53:9d:
         6d:7a:e1:27:b5:cc:98:e3:5b:99:63:f5:5a:a6:d8:8f:cf:f3:
         0a:ce:da:aa:ec:96:61:94:b8:f3:23:ab:a5:bd:fb:9f:ee:2e:
         32:20:c2:63:01:6a:49:b2:da:d0:0e:69:d0:3e:c7:d0:39:54:
         7a:1c:05:5a:b7:0c:73:79:3e:59:f6:76:b4:8d:cd:d2:c7:5c:
         82:bb:a6:2a:77:19:71:c8:bf:c0:34:4b:9f:d0:31:c8:a9:05:
         f3:76:19:4c:3f:ed:6f:1c:8a:e2:87:b9:97:8c:00:c9:81:f6:
         1b:ad:fb:b6:83:55:3a:c6:d2:66:b1:fb:af:32:09:d7:5f:fd:
         79:36:93:ad:e1:a9:36:1c:39:b6:6f:56:66:f3:4a:f3:9d:6b:
         86:83:66:b4:10:d7:e6:21:9a:31:87:bd:a2:9c:31:35:1d:55:
         44:b3:ad:e8:0f:42:02:55:f2:80:a0:08:71:fc:82:bd:bf:04:
         2f:34:2b:6d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjFwAnDXQ6/IZ7LnJgNTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UyYzI5OGU3YjVkMTFmMjRhYzM4MzE2NzZlYmYwZmFmN2UzMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JHAzYBgbLMQcYyjxQOpgkcvdB+u
Uo8b75zRyAqb/Sfz4/AvlcHWxyzPqgtsp6kTkNFD+yPBslRgcZswiA1CrsNS7uRg
91HYRVxIzGopgUqBgWoNc+4ktkDB6M9o2ikFj+NdKJLrCLURlcHOnCY/wmTv9G86
gxkISAevrAPqXdhKQUYbpWQk1v4IIK7LVNc9xg667lbPxtMixfd3rkjDsmCQ296q
sNr/5911or94Ykc4lEZE6kuM5b47IHKiF+JaLYI++tgUDlualIU8lWUCEud4wgbf
nh1esXPB1aU6C2xQ4JTvEPKafoQTmvUSOB/Iw4mc0xoQ+S56chTZEZU+hQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFfiwpjntdEfJKw4MWduvw+vfjNbMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvVi1MQ21PZTEwUjhrckRneFoyNl9ENjktTTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmCgw
DQYJKoZIhvcNAQELBQADggEBALEjHYdnUtWjSZyqA1AVGSAArH9/reb3TeIkhpqX
Y7+FLl4lZIedl04977i7Jin2gpk229E0D98EigX1Me9d1jqedLjWqIBTnW164Se1
zJjjW5lj9Vqm2I/P8wrO2qrslmGUuPMjq6W9+5/uLjIgwmMBakmy2tAOadA+x9A5
VHocBVq3DHN5Pln2drSNzdLHXIK7pip3GXHIv8A0S5/QMcipBfN2GUw/7W8ciuKH
uZeMAMmB9hut+7aDVTrG0max+68yCddf/Xk2k63hqTYcObZvVmbzSvOda4aDZrQQ
1+YhmjGHvaKcMTUdVUSzregPQgJV8oCgCHH8gr2/BC80K20=
-----END CERTIFICATE-----