Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/eP5EXrmsPf2u3XppyC1gJ_4iUqw.roa
File:                     eP5EXrmsPf2u3XppyC1gJ_4iUqw.roa (raw, json)
Hash identifier:          XirZL7369pcfsx3BhOb6HQSq8ymcMEWJRpAjO/xHljo=
Subject key identifier:   78:FE:44:5E:B9:AC:3D:FD:AE:DD:7A:69:C8:2D:60:27:FE:22:52:AC
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F226C1CEC7069026CBF71FB9B54E8
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/eP5EXrmsPf2u3XppyC1gJ_4iUqw.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38191
IP address blocks:        2a01:3e0:d01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:22:6c:1c:ec:70:69:02:6c:bf:71:fb:9b:54:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78fe445eb9ac3dfdaedd7a69c82d6027fe2252ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cc:b2:62:11:50:e1:ff:4d:35:dc:c2:11:12:
                    6b:8e:40:a7:e5:95:95:d4:d8:39:d7:84:92:b7:1c:
                    09:c4:00:7f:a0:64:1a:45:52:8b:8f:c7:c6:29:f8:
                    dc:ed:ff:c6:af:00:3a:c1:1b:21:a6:23:20:ab:59:
                    26:c0:6a:19:74:b4:95:46:2f:a4:30:04:5a:c9:07:
                    37:cd:71:51:e8:19:ca:84:3b:ea:6b:6b:8c:0a:50:
                    f4:6b:0f:19:9a:55:ae:d9:86:40:d4:bf:74:c3:74:
                    64:ef:6f:dd:49:af:62:04:1c:af:69:91:9a:a5:08:
                    62:55:93:a5:4b:5c:72:8c:44:55:17:f6:02:a1:ae:
                    78:77:23:2e:18:3b:73:61:a7:ec:f3:e0:f9:fa:e7:
                    f3:b5:6f:f4:77:30:f8:83:33:61:55:03:09:86:0f:
                    48:13:bb:58:43:3d:78:35:ed:f8:d3:f0:82:ad:e6:
                    0b:29:d4:99:95:43:9b:ad:27:f3:78:c9:13:3c:1d:
                    b2:9c:16:7c:64:ba:2a:1f:87:c9:c8:d7:60:9a:7f:
                    a9:5e:2e:12:03:88:4a:3c:de:a3:9f:cb:92:a9:f2:
                    77:ab:ff:11:eb:08:cf:b9:27:4a:99:d4:41:37:e2:
                    49:81:04:ed:8e:ae:85:75:5e:25:57:8f:f1:db:c3:
                    46:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:FE:44:5E:B9:AC:3D:FD:AE:DD:7A:69:C8:2D:60:27:FE:22:52:AC
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/eP5EXrmsPf2u3XppyC1gJ_4iUqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3e0:d01::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:26:84:76:02:67:49:23:6a:db:8e:94:8b:38:71:7c:e8:0e:
         71:c4:d6:45:e0:ea:05:0d:cd:83:4b:11:05:a6:2b:e2:74:95:
         0e:0b:02:45:32:c5:1e:41:25:66:ba:55:97:59:d0:62:7d:81:
         68:96:88:0e:92:ec:e9:9c:65:cd:1c:a3:81:70:2b:0b:d2:ff:
         0a:c0:a3:02:8c:86:b7:8b:ef:e1:4d:cc:f6:0e:cb:cf:ab:2f:
         b4:ad:1b:60:f0:6b:e5:e0:bf:8a:2d:95:a3:f8:18:bf:a0:5a:
         0a:bb:49:40:4a:c8:21:18:38:4c:84:a3:2d:e5:6b:1f:29:9e:
         b3:fd:1f:e6:73:e0:1b:a8:60:80:cd:f0:dd:ed:54:85:47:38:
         56:6c:00:f0:74:d1:2f:c4:18:f0:11:d5:d3:a4:89:9c:18:e9:
         23:41:b1:fa:2c:1f:d2:71:1a:ff:ff:56:65:56:ad:5f:c0:78:
         0b:c8:56:35:a0:67:7e:4d:2c:f5:bd:d5:aa:1c:7b:4f:a0:fa:
         86:db:35:a1:bc:f9:3c:5a:24:de:6a:76:f2:05:aa:bd:79:9c:
         a4:df:ef:a2:09:66:7d:99:f2:e0:01:ce:3b:5f:e7:75:fe:e2:
         1c:47:7f:89:bc:4c:d8:e4:d8:4c:0d:de:a3:dc:3a:19:7b:11:
         61:d1:1f:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbyJsHOxwaQJsv3H7m1ToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGZlNDQ1ZWI5YWMzZGZkYWVkZDdhNjljODJkNjAyN2ZlMjI1MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8yyYhFQ4f9NNdzCERJrjkCn5ZWV
1Ng514SStxwJxAB/oGQaRVKLj8fGKfjc7f/GrwA6wRshpiMgq1kmwGoZdLSVRi+k
MARayQc3zXFR6BnKhDvqa2uMClD0aw8ZmlWu2YZA1L90w3Rk72/dSa9iBByvaZGa
pQhiVZOlS1xyjERVF/YCoa54dyMuGDtzYafs8+D5+ufztW/0dzD4gzNhVQMJhg9I
E7tYQz14Ne340/CCreYLKdSZlUObrSfzeMkTPB2ynBZ8ZLoqH4fJyNdgmn+pXi4S
A4hKPN6jn8uSqfJ3q/8R6wjPuSdKmdRBN+JJgQTtjq6FdV4lV4/x28NGWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHj+RF65rD39rt16acgtYCf+IlKsMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvZVA1RVhybXNQZjJ1M1hwcHlDMWdKXzRpVXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgED4A0B
MA0GCSqGSIb3DQEBCwUAA4IBAQBtJoR2AmdJI2rbjpSLOHF86A5xxNZF4OoFDc2D
SxEFpividJUOCwJFMsUeQSVmulWXWdBifYFologOkuzpnGXNHKOBcCsL0v8KwKMC
jIa3i+/hTcz2DsvPqy+0rRtg8Gvl4L+KLZWj+Bi/oFoKu0lASsghGDhMhKMt5Wsf
KZ6z/R/mc+AbqGCAzfDd7VSFRzhWbADwdNEvxBjwEdXTpImcGOkjQbH6LB/ScRr/
/1ZlVq1fwHgLyFY1oGd+TSz1vdWqHHtPoPqG2zWhvPk8WiTeanbyBaq9eZyk3++i
CWZ9mfLgAc47X+d1/uIcR3+JvEzY5NhMDd6j3DoZexFh0R+3
-----END CERTIFICATE-----