Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/pTeulQvFFNnjqRjeTfnPDhTn3PQ.roa
File:                     pTeulQvFFNnjqRjeTfnPDhTn3PQ.roa (raw, json)
Hash identifier:          JgjxNVAOso4SOrPDiFH/aQ+UTiz4hGmE9gcDE35bYKY=
Subject key identifier:   A5:37:AE:95:0B:C5:14:D9:E3:A9:18:DE:4D:F9:CF:0E:14:E7:DC:F4
Certificate issuer:       /CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
Certificate serial:       018CC2DABB3E4D3FEBBC048F61C2BAF33B92
Authority key identifier: F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/pTeulQvFFNnjqRjeTfnPDhTn3PQ.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211380
IP address blocks:        2a0c:5707:ff04::/48 maxlen: 48
                          2a0c:5707:ff01::/48 maxlen: 48
                          2a0c:5707:ff00::/40 maxlen: 48
                          2a0c:5707:ff02::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bb:3e:4d:3f:eb:bc:04:8f:61:c2:ba:f3:3b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f60846f21c56a8513d31c155dd199197a3ffc7c0
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a537ae950bc514d9e3a918de4df9cf0e14e7dcf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d9:c6:dd:75:40:09:79:8a:42:81:76:ec:45:
                    14:17:ef:1f:f4:f7:38:85:fc:d5:08:22:d7:d0:fb:
                    7a:eb:c3:93:80:aa:d2:b9:77:bd:dc:e1:76:c3:2a:
                    6d:9c:19:42:38:74:54:1f:a2:d2:42:1a:9f:cb:1d:
                    bd:28:b1:97:45:86:c8:73:61:c9:7a:e4:ff:7a:5a:
                    0d:1b:26:d6:cf:41:66:15:f1:cb:ce:0e:86:50:f8:
                    02:82:b6:9b:b8:24:29:ac:09:bb:04:4b:b5:ab:9c:
                    f9:92:39:0c:9d:2f:06:3c:4d:24:ee:f6:d8:4d:1a:
                    9e:d4:7c:aa:9e:3f:b6:57:06:3a:f7:c3:98:47:e0:
                    e7:d2:f9:c7:a7:a7:07:20:11:c9:4a:f6:89:e0:31:
                    65:1a:cf:5e:ca:e5:5c:c4:e4:bb:62:ef:d3:9c:84:
                    86:03:2f:ce:c6:a3:75:c4:ca:8d:09:1d:e8:d6:15:
                    1e:cb:8c:9f:ae:41:7b:3e:56:fa:1f:73:3e:f9:31:
                    36:f5:b2:f5:07:e3:60:02:1e:b9:cc:35:21:61:8a:
                    4f:b8:3d:bd:e2:ce:78:75:42:40:19:95:5b:e7:08:
                    51:92:12:11:9a:64:f7:ca:47:a7:bb:77:c4:59:c7:
                    7a:53:61:e4:31:6c:01:4f:86:91:9e:dc:92:2b:91:
                    08:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:37:AE:95:0B:C5:14:D9:E3:A9:18:DE:4D:F9:CF:0E:14:E7:DC:F4
            X509v3 Authority Key Identifier:
                keyid:F6:08:46:F2:1C:56:A8:51:3D:31:C1:55:DD:19:91:97:A3:FF:C7:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ghG8hxWqFE9McFV3RmRl6P_x8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/pTeulQvFFNnjqRjeTfnPDhTn3PQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a0f4be-4c0d-4df5-90c6-a6d45ef7d227/1/9ghG8hxWqFE9McFV3RmRl6P_x8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5707:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8f:83:88:2b:24:bd:34:01:40:09:d5:8b:fa:81:fe:cb:bc:6b:
         ef:26:9f:1d:80:d9:50:2f:03:21:2e:44:01:a8:1a:33:95:26:
         3f:cc:8e:0b:1c:8a:75:87:d9:14:21:0b:63:34:5a:df:03:70:
         a7:7d:c8:59:1b:3d:26:e7:07:1b:13:56:59:88:ea:11:27:76:
         35:3e:45:63:10:50:3a:d5:2e:5a:9e:62:9b:5a:26:7c:db:b8:
         7e:b3:74:e5:a9:84:a1:62:7f:62:16:75:54:62:71:b5:91:44:
         0e:3d:3d:76:e4:01:fd:6e:43:0e:45:c3:18:22:08:62:2f:f2:
         aa:80:75:14:b0:69:48:f2:6a:a1:ae:20:5e:bd:a3:9d:f9:27:
         77:42:7b:01:47:8a:84:73:bc:4b:14:38:02:84:9a:eb:43:df:
         71:a8:96:ca:75:5e:11:44:50:05:bf:2f:fd:ef:f6:8c:98:5b:
         e0:63:10:c1:b5:7c:0e:c4:28:ec:64:c2:d1:0a:23:4a:b6:a6:
         e0:d6:4e:a6:8e:38:42:ad:ff:c3:48:d4:15:44:c5:6f:c3:37:
         d1:3e:60:92:78:1a:a0:42:86:28:ac:ff:0a:e2:18:e1:94:48:
         2b:72:34:22:5e:c6:f1:c9:32:8a:fb:3a:00:fa:e8:e7:a8:fd:
         77:9b:74:71
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC2rs+TT/rvASPYcK68zuSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDg0NmYyMWM1NmE4NTEzZDMxYzE1NWRkMTk5MTk3YTNm
ZmM3YzAwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM3YWU5NTBiYzUxNGQ5ZTNhOTE4ZGU0ZGY5Y2YwZTE0ZTdkY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNnG3XVACXmKQoF27EUUF+8f9Pc4
hfzVCCLX0Pt668OTgKrSuXe93OF2wyptnBlCOHRUH6LSQhqfyx29KLGXRYbIc2HJ
euT/eloNGybWz0FmFfHLzg6GUPgCgrabuCQprAm7BEu1q5z5kjkMnS8GPE0k7vbY
TRqe1Hyqnj+2VwY698OYR+Dn0vnHp6cHIBHJSvaJ4DFlGs9eyuVcxOS7Yu/TnISG
Ay/OxqN1xMqNCR3o1hUey4yfrkF7Plb6H3M++TE29bL1B+NgAh65zDUhYYpPuD29
4s54dUJAGZVb5whRkhIRmmT3ykenu3fEWcd6U2HkMWwBT4aRntySK5EIRQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKU3rpULxRTZ46kY3k35zw4U59z0MB8GA1UdIwQY
MBaAFPYIRvIcVqhRPTHBVd0ZkZej/8fAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYt
YTZkNDVlZjdkMjI3LzEvcFRldWxRdkZGTm5qcVJqZVRmblBEaFRuM1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hMGY0YmUtNGMwZC00ZGY1LTkwYzYtYTZkNDVlZjdkMjI3
LzEvOWdoRzhoeFdxRkU5TWNGVjNSbVJsNlBfeDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgxXB/8w
DQYJKoZIhvcNAQELBQADggEBAI+DiCskvTQBQAnVi/qB/su8a+8mnx2A2VAvAyEu
RAGoGjOVJj/MjgscinWH2RQhC2M0Wt8DcKd9yFkbPSbnBxsTVlmI6hEndjU+RWMQ
UDrVLlqeYptaJnzbuH6zdOWphKFif2IWdVRicbWRRA49PXbkAf1uQw5FwxgiCGIv
8qqAdRSwaUjyaqGuIF69o535J3dCewFHioRzvEsUOAKEmutD33Golsp1XhFEUAW/
L/3v9oyYW+BjEMG1fA7EKOxkwtEKI0q2puDWTqaOOEKt/8NI1BVExW/DN9E+YJJ4
GqBChiis/wriGOGUSCtyNCJexvHJMor7OgD66Oeo/XebdHE=
-----END CERTIFICATE-----