Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/tff3n2uoHwgUSRAFoOtxGXRIYis.roa
File:                     tff3n2uoHwgUSRAFoOtxGXRIYis.roa (raw, json)
Hash identifier:          NEjSwFtworZYaH3yGQD9jG8+DlvyxWNQvZHRUJ+Bzh0=
Subject key identifier:   B5:F7:F7:9F:6B:A8:1F:08:14:49:10:05:A0:EB:71:19:74:48:62:2B
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018CCA99EEC3061CEE25051565F55992DEDD
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/tff3n2uoHwgUSRAFoOtxGXRIYis.roa
Signing time:             Tue 02 Jan 2024 14:35:34 +0000
ROA not before:           Tue 02 Jan 2024 14:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209083
IP address blocks:        2a0e:800:ff00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ee:c3:06:1c:ee:25:05:15:65:f5:59:92:de:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 14:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5f7f79f6ba81f0814491005a0eb71197448622b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:56:73:73:58:b9:93:f6:dc:1f:c2:2a:5c:f3:
                    fa:24:14:3b:c6:f9:2c:72:20:58:cd:98:97:b6:0d:
                    1a:f8:d9:60:e3:d1:bb:36:07:6b:98:ab:e0:4e:c3:
                    b0:ec:b5:49:7c:96:46:ba:1d:e9:8b:01:a2:f6:85:
                    5d:3c:8d:23:d4:61:7c:58:11:0d:9d:a8:32:32:e2:
                    59:f1:48:b5:8c:ec:bd:4e:7c:a9:63:88:42:77:3e:
                    1f:71:99:d5:58:03:2f:a0:91:c6:1c:0d:71:07:b8:
                    63:85:21:37:91:55:ab:fe:3a:7f:86:d9:d8:b5:f9:
                    94:2f:58:45:b6:7f:4d:46:78:bc:e1:45:17:41:2e:
                    4b:68:2f:33:bd:66:e9:cb:10:b1:c2:fb:32:c1:30:
                    59:29:38:2b:13:f3:ff:d9:9e:ca:4b:a3:e5:1c:60:
                    c4:af:1e:ef:8a:fc:ab:21:fd:20:7a:94:d5:6a:d2:
                    64:e3:02:ee:ab:95:23:88:f2:12:94:59:81:ba:01:
                    30:51:33:98:83:8d:cb:11:03:9f:81:0b:95:28:ed:
                    d9:dd:d6:39:ff:bd:4f:ac:48:13:0b:3c:cd:81:72:
                    1e:61:1e:bd:b3:43:f6:35:37:3f:00:c9:f8:99:56:
                    86:03:63:d0:6e:01:3a:ce:21:3c:93:99:84:4b:16:
                    61:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F7:F7:9F:6B:A8:1F:08:14:49:10:05:A0:EB:71:19:74:48:62:2B
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/tff3n2uoHwgUSRAFoOtxGXRIYis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:800:ff00::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:56:45:5f:cf:a5:c2:18:f5:c9:62:33:a9:7c:23:62:5f:a3:
         12:97:13:9a:c8:f4:72:4b:ac:3b:25:2f:47:c5:f2:f5:26:9a:
         ab:27:65:97:ad:2f:2b:90:0a:8e:39:a3:59:fe:e5:98:5e:5a:
         f5:89:08:f0:6d:6e:f1:b4:3a:6d:fe:2a:89:91:ae:f9:87:6c:
         b5:9f:5b:3d:ce:94:6f:4a:14:92:6a:8a:7c:53:9a:15:2c:0f:
         4c:f7:8f:77:18:df:f0:06:6c:60:6e:38:80:64:16:e9:5a:35:
         74:51:30:72:30:77:98:74:c5:83:58:b9:37:e9:49:d2:ee:46:
         e0:b9:e0:f3:30:24:e6:46:bb:60:b2:11:59:ed:fa:20:5a:e5:
         53:e7:81:b5:e9:11:28:8c:f8:eb:6b:05:e9:fa:74:7b:b6:28:
         cf:62:ac:cc:a6:10:84:2f:dc:26:ef:5f:28:13:f8:65:ca:67:
         f6:39:b3:92:2d:07:7e:dc:4f:eb:b2:f4:23:da:d9:7e:19:04:
         88:f8:01:58:49:b8:e9:59:6a:62:98:97:43:0c:f7:41:f4:0e:
         e2:1c:b3:b1:68:26:32:b3:fb:d1:88:c6:fc:b1:33:b9:6f:ff:
         c6:90:ea:dd:96:6a:97:15:f3:a5:7a:4f:4b:a8:0b:94:7f:4a:
         1b:33:b4:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKme7DBhzuJQUVZfVZkt7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTAyMTQzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY3Zjc5ZjZiYTgxZjA4MTQ0OTEwMDVhMGViNzExOTc0NDg2MjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VZzc1i5k/bcH8IqXPP6JBQ7xvks
ciBYzZiXtg0a+Nlg49G7NgdrmKvgTsOw7LVJfJZGuh3piwGi9oVdPI0j1GF8WBEN
nagyMuJZ8Ui1jOy9TnypY4hCdz4fcZnVWAMvoJHGHA1xB7hjhSE3kVWr/jp/htnY
tfmUL1hFtn9NRni84UUXQS5LaC8zvWbpyxCxwvsywTBZKTgrE/P/2Z7KS6PlHGDE
rx7vivyrIf0gepTVatJk4wLuq5UjiPISlFmBugEwUTOYg43LEQOfgQuVKO3Z3dY5
/71PrEgTCzzNgXIeYR69s0P2NTc/AMn4mVaGA2PQbgE6ziE8k5mESxZhKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLX3959rqB8IFEkQBaDrcRl0SGIrMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvdGZmM24ydW9Id2dVU1JBRm9PdHhHWFJJWWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg4IAP8A
MA0GCSqGSIb3DQEBCwUAA4IBAQCUVkVfz6XCGPXJYjOpfCNiX6MSlxOayPRyS6w7
JS9HxfL1JpqrJ2WXrS8rkAqOOaNZ/uWYXlr1iQjwbW7xtDpt/iqJka75h2y1n1s9
zpRvShSSaop8U5oVLA9M9493GN/wBmxgbjiAZBbpWjV0UTByMHeYdMWDWLk36UnS
7kbgueDzMCTmRrtgshFZ7fogWuVT54G16REojPjrawXp+nR7tijPYqzMphCEL9wm
718oE/hlymf2ObOSLQd+3E/rsvQj2tl+GQSI+AFYSbjpWWpimJdDDPdB9A7iHLOx
aCYys/vRiMb8sTO5b//GkOrdlmqXFfOlek9LqAuUf0obM7T6
-----END CERTIFICATE-----