Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/A-TshZhM_sU9hWdS41ltYlw2W2g.roa
File:                     A-TshZhM_sU9hWdS41ltYlw2W2g.roa (raw, json)
Hash identifier:          igzfwE+MSurDGVdKQyThwm+yb1auijiZ4wAyxzOLCEM=
Subject key identifier:   03:E4:EC:85:98:4C:FE:C5:3D:85:67:52:E3:59:6D:62:5C:36:5B:68
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB7A26DCFAED2DC5DB2318EB1EC71
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/A-TshZhM_sU9hWdS41ltYlw2W2g.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35491
IP address blocks:        2001:1a68:15::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b7:a2:6d:cf:ae:d2:dc:5d:b2:31:8e:b1:ec:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03e4ec85984cfec53d856752e3596d625c365b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c9:67:75:a9:ae:3d:fd:2d:9b:dd:88:81:1a:
                    3a:69:b0:25:8e:0c:ae:6f:ea:d2:a0:01:87:09:95:
                    bd:29:e0:93:c3:d4:3f:ea:c5:d9:ec:d9:20:26:40:
                    82:64:59:7b:7b:78:25:48:3a:2e:cd:14:44:34:a4:
                    d8:3a:35:2b:3f:39:35:09:83:1f:3b:5f:d4:d2:55:
                    b6:bd:22:8b:29:5a:4d:9f:05:dd:99:8f:c8:4a:2e:
                    f7:6c:cd:eb:65:8f:19:30:4f:9f:2e:32:fc:73:f6:
                    d6:e2:6d:5c:9c:17:6e:53:6c:c4:5b:20:5e:b8:f7:
                    1f:5a:69:bb:c3:1c:e9:cb:ed:97:34:ed:f1:f8:87:
                    cb:9d:e7:76:76:ea:1e:19:03:67:f1:de:d1:5b:a1:
                    0a:cf:50:10:74:33:25:b3:bf:d4:16:9a:83:c0:52:
                    62:2e:70:7e:fe:dc:20:db:9e:14:3e:b2:9d:3a:12:
                    07:1d:10:a9:9f:33:11:5f:bf:12:ef:be:2e:74:f1:
                    23:a5:f3:c8:4f:70:10:5e:dd:61:0e:3a:ed:e8:e0:
                    9f:b6:b3:43:33:4f:52:0d:e4:28:d0:c5:c4:17:12:
                    6d:0c:be:9c:ac:0f:43:40:55:10:fe:80:23:85:73:
                    e4:50:b8:3d:ba:14:6d:28:00:d9:ca:b4:2d:af:21:
                    51:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E4:EC:85:98:4C:FE:C5:3D:85:67:52:E3:59:6D:62:5C:36:5B:68
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/A-TshZhM_sU9hWdS41ltYlw2W2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1a68:15::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:4d:11:9b:30:7c:d4:5e:d0:3c:e5:3a:04:59:88:36:24:43:
         7b:74:86:73:e2:82:a6:80:51:ed:f0:0a:b9:f3:4d:5e:35:e9:
         4e:43:6e:cb:43:f7:c1:1b:a6:1e:3e:8f:4a:3c:b9:b2:a2:a2:
         30:fd:78:aa:fc:de:5b:ed:d2:35:39:6f:6c:50:d1:01:d9:96:
         0b:e2:db:9d:32:94:ee:cf:fb:ed:31:9d:f6:41:c4:df:a1:66:
         a3:9b:35:63:49:b3:73:3c:d0:97:26:34:ab:33:6a:2f:6c:25:
         87:9f:f0:2c:32:f2:7a:a5:59:ff:53:ba:92:08:80:91:45:11:
         cf:36:db:9f:a3:c3:a1:d1:bd:c7:e2:fe:95:f5:e1:fa:42:86:
         41:5d:fb:cf:52:09:93:d0:f2:6e:e7:f4:de:c7:06:a9:85:f9:
         c7:d7:4b:45:bb:16:f4:33:d5:17:09:28:cd:96:46:de:b9:9c:
         dd:9e:49:cb:bb:32:a4:1e:7f:7a:6b:1a:6b:fc:56:cd:8f:0b:
         43:ba:ac:6a:db:ed:22:d1:4c:dc:75:ae:17:21:36:5f:e8:0f:
         5c:98:31:9f:c7:12:17:2a:22:3c:04:d9:d2:89:19:5c:f1:e7:
         6f:77:1b:ca:00:09:d9:b3:5d:7c:21:5d:8e:a2:c3:35:6c:ed:
         b3:4d:29:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK7eibc+u0txdsjGOsexxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U0ZWM4NTk4NGNmZWM1M2Q4NTY3NTJlMzU5NmQ2MjVjMzY1YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8lndamuPf0tm92IgRo6abAljgyu
b+rSoAGHCZW9KeCTw9Q/6sXZ7NkgJkCCZFl7e3glSDouzRRENKTYOjUrPzk1CYMf
O1/U0lW2vSKLKVpNnwXdmY/ISi73bM3rZY8ZME+fLjL8c/bW4m1cnBduU2zEWyBe
uPcfWmm7wxzpy+2XNO3x+IfLned2duoeGQNn8d7RW6EKz1AQdDMls7/UFpqDwFJi
LnB+/twg254UPrKdOhIHHRCpnzMRX78S774udPEjpfPIT3AQXt1hDjrt6OCftrND
M09SDeQo0MXEFxJtDL6crA9DQFUQ/oAjhXPkULg9uhRtKADZyrQtryFRWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAPk7IWYTP7FPYVnUuNZbWJcNltoMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvQS1Uc2haaE1fc1U5aFdkUzQxbHRZbHcyVzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEaaAAV
MA0GCSqGSIb3DQEBCwUAA4IBAQC3TRGbMHzUXtA85ToEWYg2JEN7dIZz4oKmgFHt
8Aq5801eNelOQ27LQ/fBG6YePo9KPLmyoqIw/Xiq/N5b7dI1OW9sUNEB2ZYL4tud
MpTuz/vtMZ32QcTfoWajmzVjSbNzPNCXJjSrM2ovbCWHn/AsMvJ6pVn/U7qSCICR
RRHPNtufo8Oh0b3H4v6V9eH6QoZBXfvPUgmT0PJu5/TexwaphfnH10tFuxb0M9UX
CSjNlkbeuZzdnknLuzKkHn96axpr/FbNjwtDuqxq2+0i0Uzcda4XITZf6A9cmDGf
xxIXKiI8BNnSiRlc8edvdxvKAAnZs118IV2OosM1bO2zTSmB
-----END CERTIFICATE-----