Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/USdQ8VI9QAsfXSNqVlW_OyQVRpM.roa
File:                     USdQ8VI9QAsfXSNqVlW_OyQVRpM.roa (raw, json)
Hash identifier:          joJRLu2cCgi/nPSAsLj6TGgUuqcKQ3DWkYnk1P0oELo=
Subject key identifier:   51:27:50:F1:52:3D:40:0B:1F:5D:23:6A:56:55:BF:3B:24:15:46:93
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E3D87ADCB9F00CCE72D5379432D9A
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/USdQ8VI9QAsfXSNqVlW_OyQVRpM.roa
Signing time:             Tue 02 Jan 2024 08:33:17 +0000
ROA not before:           Tue 02 Jan 2024 08:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200615
IP address blocks:        2a09:e683:1::/48 maxlen: 48
                          2a09:e685::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3d:87:ad:cb:9f:00:cc:e7:2d:53:79:43:2d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=512750f1523d400b1f5d236a5655bf3b24154693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c7:50:c6:61:b5:f8:03:2d:5e:a4:a6:d7:b6:
                    e4:35:4b:01:57:06:f2:92:35:e7:29:ef:3a:46:74:
                    db:cf:c3:45:ab:65:72:c2:36:60:e1:b8:38:4d:ed:
                    fc:af:a8:80:b3:b5:6c:d6:5e:08:9e:37:8d:68:1e:
                    0e:75:da:f2:9a:e3:d0:81:88:a1:ab:63:87:88:4d:
                    8b:51:4a:48:a6:15:35:88:74:5f:48:af:47:e0:05:
                    be:72:99:1d:71:59:16:60:23:ab:96:7e:ae:1c:ea:
                    56:24:3d:15:bb:cc:6d:a9:ff:07:f7:8a:a4:74:c8:
                    34:a7:6f:6f:27:9e:21:83:39:4e:d1:ad:1a:cb:bd:
                    0e:76:f4:34:b3:e7:44:f1:4b:e5:b9:21:4c:95:c6:
                    0c:0a:f5:89:33:90:e6:91:42:6c:9c:83:17:18:30:
                    9b:e4:39:36:d2:b9:67:27:ac:3d:c2:46:df:91:13:
                    b6:20:20:29:be:75:14:3b:ee:02:0d:cd:50:3d:53:
                    9f:ef:fc:68:67:d6:72:4d:84:34:a0:34:f0:56:79:
                    6e:a7:c9:4d:93:17:2c:ad:de:d4:de:86:6f:c0:37:
                    a9:e6:b1:e0:9c:2f:af:54:dc:a0:0c:f4:f7:07:d1:
                    cb:d9:4d:55:92:bf:17:3e:d0:00:70:7e:7f:77:8c:
                    d6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:27:50:F1:52:3D:40:0B:1F:5D:23:6A:56:55:BF:3B:24:15:46:93
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/USdQ8VI9QAsfXSNqVlW_OyQVRpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e683:1::/48
                  2a09:e685::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:00:7f:79:c1:33:c5:b3:90:79:ec:7f:40:08:ce:28:32:28:
         68:0b:89:7f:81:b3:a5:75:83:05:00:86:6e:75:1d:82:05:18:
         0e:6f:e8:ca:18:a9:c7:99:4e:6e:3a:52:8f:87:ff:24:a4:e5:
         20:2c:60:31:93:5e:7e:bc:53:d1:d8:5b:be:8e:bc:36:dd:fb:
         f2:b9:92:fe:28:70:7d:79:c4:3a:96:21:41:98:4a:44:0a:9f:
         ee:72:74:59:62:1e:45:59:4b:2b:5b:ef:72:14:46:6d:d3:3f:
         89:69:64:4b:3c:4c:73:43:c3:44:25:c7:9d:48:aa:48:9c:26:
         88:5c:ae:f6:c3:f6:27:44:6b:e7:e8:1c:83:56:73:49:64:47:
         f5:26:11:fd:92:ce:b7:ea:3b:16:cd:ab:db:2e:6f:6d:42:ba:
         23:e1:2b:89:bd:35:35:e4:57:d5:b9:37:c5:0d:57:78:c2:cc:
         0a:4f:62:9d:bc:5b:9f:54:d8:13:58:27:a1:a2:3b:12:23:a8:
         8f:69:15:15:1d:b8:3a:36:e0:a1:75:5d:57:ce:fc:b0:7e:de:
         53:3a:d9:03:d8:27:5a:b2:ac:07:fc:b8:03:94:e3:34:73:7c:
         92:5f:9a:f0:ad:68:73:c5:24:41:85:65:d9:9f:68:d9:d6:e2:
         63:88:c8:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTj2HrcufAMznLVN5Qy2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI3NTBmMTUyM2Q0MDBiMWY1ZDIzNmE1NjU1YmYzYjI0MTU0NjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88dQxmG1+AMtXqSm17bkNUsBVwby
kjXnKe86RnTbz8NFq2VywjZg4bg4Te38r6iAs7Vs1l4InjeNaB4OddrymuPQgYih
q2OHiE2LUUpIphU1iHRfSK9H4AW+cpkdcVkWYCOrln6uHOpWJD0Vu8xtqf8H94qk
dMg0p29vJ54hgzlO0a0ay70OdvQ0s+dE8UvluSFMlcYMCvWJM5DmkUJsnIMXGDCb
5Dk20rlnJ6w9wkbfkRO2ICApvnUUO+4CDc1QPVOf7/xoZ9ZyTYQ0oDTwVnlup8lN
kxcsrd7U3oZvwDep5rHgnC+vVNygDPT3B9HL2U1Vkr8XPtAAcH5/d4zWDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFEnUPFSPUALH10jalZVvzskFUaTMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvVVNkUThWSTlRQXNmWFNOcVZsV19PeVFWUnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgnmgwAB
AwcAKgnmhQAAMA0GCSqGSIb3DQEBCwUAA4IBAQAIAH95wTPFs5B57H9ACM4oMiho
C4l/gbOldYMFAIZudR2CBRgOb+jKGKnHmU5uOlKPh/8kpOUgLGAxk15+vFPR2Fu+
jrw23fvyuZL+KHB9ecQ6liFBmEpECp/ucnRZYh5FWUsrW+9yFEZt0z+JaWRLPExz
Q8NEJcedSKpInCaIXK72w/YnRGvn6ByDVnNJZEf1JhH9ks636jsWzavbLm9tQroj
4SuJvTU15FfVuTfFDVd4wswKT2KdvFufVNgTWCehojsSI6iPaRUVHbg6NuChdV1X
zvywft5TOtkD2CdasqwH/LgDlOM0c3ySX5rwrWhzxSRBhWXZn2jZ1uJjiMjO
-----END CERTIFICATE-----