Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/0OcTMKfqZJ-JF8yHzYOfNj4BCGs.roa
File:                     0OcTMKfqZJ-JF8yHzYOfNj4BCGs.roa (raw, json)
Hash identifier:          G9DVjHl3dYWNpASTB/hzgtz2f5Y/mNWJU2GvZBVL2Tk=
Subject key identifier:   D0:E7:13:30:A7:EA:64:9F:89:17:CC:87:CD:83:9F:36:3E:01:08:6B
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295C8172BD7EDEE1F0B4FCE8A81DD0
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/0OcTMKfqZJ-JF8yHzYOfNj4BCGs.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203528
IP address blocks:        2a0e:8f02:21d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5c:81:72:bd:7e:de:e1:f0:b4:fc:e8:a8:1d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0e71330a7ea649f8917cc87cd839f363e01086b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:08:8b:68:1d:37:da:c0:b3:6c:0f:f0:de:dd:
                    93:4d:76:b7:b4:3a:d4:62:f6:33:96:eb:75:eb:67:
                    11:c7:29:14:93:91:20:ec:19:5f:52:b7:93:66:24:
                    70:66:15:bd:b6:ca:e4:d6:f1:0c:11:2d:02:07:15:
                    53:de:59:12:8a:c8:b4:45:59:7d:ec:9f:7c:87:c1:
                    c9:d9:9e:61:3e:55:47:bc:f5:9c:4b:49:41:45:f2:
                    4d:69:cb:e6:bd:29:88:ae:cf:e4:dc:ab:f0:69:66:
                    3e:55:4f:dd:74:24:c2:15:4c:e7:8b:a8:ca:79:71:
                    2d:3e:db:03:7e:d8:7e:30:f0:6b:a2:6e:d9:14:f1:
                    5f:cf:88:23:2a:e9:60:52:d7:84:6c:8a:13:09:7c:
                    70:25:63:df:2f:41:30:a3:ee:c3:b3:26:e6:fc:1f:
                    db:45:a3:4b:09:eb:36:6d:e2:5c:6f:71:f7:a8:7c:
                    c4:95:69:f4:a1:fd:d9:bb:04:da:4e:d1:3f:f5:83:
                    c1:84:00:13:3f:7b:4d:ea:3a:51:92:a0:b4:ec:bf:
                    f5:7b:a0:66:4f:ec:73:c0:ee:6a:bc:30:4d:84:46:
                    ad:73:f0:33:55:00:84:c2:90:22:43:51:1b:25:3e:
                    8b:33:04:ee:b6:a5:73:6a:13:5c:69:bc:f4:12:47:
                    8c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E7:13:30:A7:EA:64:9F:89:17:CC:87:CD:83:9F:36:3E:01:08:6B
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/0OcTMKfqZJ-JF8yHzYOfNj4BCGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:21d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         19:f9:e6:2e:54:43:54:aa:80:8a:ff:c5:c8:3b:65:66:3e:3b:
         0d:94:a0:f4:f2:97:b2:e0:e5:52:52:e3:0b:93:05:e7:83:59:
         ee:00:5c:38:e8:e4:23:ec:e2:62:85:17:2e:75:b3:d3:6b:db:
         1b:e5:2c:f1:e6:2b:78:a8:c8:d0:f0:1c:93:31:01:7b:42:be:
         16:3e:96:2a:3f:4e:f9:07:cd:2f:2f:f9:cd:09:25:5a:08:5d:
         07:8d:8b:e5:58:40:f4:3d:ba:54:1b:5a:11:80:82:38:cb:17:
         d2:48:58:eb:4c:26:5e:1a:7f:c9:5f:3a:53:df:c0:bb:0c:4e:
         a8:85:6b:0d:a0:4f:dd:a6:80:1e:0f:e6:82:e3:28:45:b9:87:
         18:18:fe:11:c9:48:9f:65:66:7e:42:2f:52:58:7e:43:1d:87:
         80:be:63:30:11:1a:1e:6e:2b:7a:b5:8d:21:ca:1c:78:6d:02:
         6c:8b:14:5e:56:a3:4e:89:b0:70:1f:d7:3d:fb:53:4a:e9:f1:
         4d:ab:41:25:dd:e3:fd:5b:02:19:63:f6:c8:f5:50:e0:36:a8:
         6b:7a:1d:84:04:71:9e:5f:26:20:0f:ac:01:82:46:74:db:d5:
         29:2a:21:1e:af:b3:04:f5:8b:b9:22:16:22:47:67:a5:69:0f:
         16:5a:17:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVyBcr1+3uHwtPzoqB3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGU3MTMzMGE3ZWE2NDlmODkxN2NjODdjZDgzOWYzNjNlMDEwODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQiLaB032sCzbA/w3t2TTXa3tDrU
YvYzlut162cRxykUk5Eg7BlfUreTZiRwZhW9tsrk1vEMES0CBxVT3lkSisi0RVl9
7J98h8HJ2Z5hPlVHvPWcS0lBRfJNacvmvSmIrs/k3KvwaWY+VU/ddCTCFUzni6jK
eXEtPtsDfth+MPBrom7ZFPFfz4gjKulgUteEbIoTCXxwJWPfL0Ewo+7Dsybm/B/b
RaNLCes2beJcb3H3qHzElWn0of3ZuwTaTtE/9YPBhAATP3tN6jpRkqC07L/1e6Bm
T+xzwO5qvDBNhEatc/AzVQCEwpAiQ1EbJT6LMwTutqVzahNcabz0EkeM7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNDnEzCn6mSfiRfMh82DnzY+AQhrMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvME9jVE1LZnFaSi1KRjh5SHpZT2ZOajRCQ0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAZ+eYuVENUqoCK/8XIO2VmPjsNlKD08pey4OVS
UuMLkwXng1nuAFw46OQj7OJihRcudbPTa9sb5Szx5it4qMjQ8ByTMQF7Qr4WPpYq
P075B80vL/nNCSVaCF0HjYvlWED0PbpUG1oRgII4yxfSSFjrTCZeGn/JXzpT38C7
DE6ohWsNoE/dpoAeD+aC4yhFuYcYGP4RyUifZWZ+Qi9SWH5DHYeAvmMwERoebit6
tY0hyhx4bQJsixReVqNOibBwH9c9+1NK6fFNq0El3eP9WwIZY/bI9VDgNqhreh2E
BHGeXyYgD6wBgkZ029UpKiEer7ME9Yu5IhYiR2elaQ8WWhcC
-----END CERTIFICATE-----