Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/38cFeRMPEtclSR8MS1y_TLZ6b4g.roa
File:                     38cFeRMPEtclSR8MS1y_TLZ6b4g.roa (raw, json)
Hash identifier:          di3AdrJcFvoer0/dhZgWF1vRmYsiM882VRK7uHRAar4=
Subject key identifier:   DF:C7:05:79:13:0F:12:D7:25:49:1F:0C:4B:5C:BF:4C:B6:7A:6F:88
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29788DDD6256DD05DCE0AF22A7BC01
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/38cFeRMPEtclSR8MS1y_TLZ6b4g.roa
Signing time:             Tue 02 Jan 2024 12:32:44 +0000
ROA not before:           Tue 02 Jan 2024 12:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215829
IP address blocks:        2a0e:8f02:f062::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:78:8d:dd:62:56:dd:05:dc:e0:af:22:a7:bc:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfc70579130f12d725491f0c4b5cbf4cb67a6f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:77:22:6d:cf:56:9e:9c:69:22:a9:58:ce:28:
                    ab:f6:7c:b3:aa:82:c6:36:1e:f7:ce:f6:b6:d2:aa:
                    65:ab:87:f8:80:b1:f8:27:09:17:f2:30:b9:69:85:
                    db:71:63:94:4c:b4:05:44:90:82:03:05:03:74:0f:
                    e0:d0:4f:15:3a:94:7f:da:da:c2:90:53:e8:a4:4d:
                    d9:bf:97:fc:9e:2d:62:6d:45:80:f6:01:c6:21:1b:
                    b8:d2:2b:1d:1b:3d:4f:86:6a:e3:36:f3:16:23:23:
                    63:04:68:15:f1:ed:ce:1d:b6:d6:83:b0:fb:d1:ef:
                    56:7d:50:eb:49:2c:fd:6d:9b:4d:00:7e:5c:54:a9:
                    7b:ab:07:1d:de:ea:86:56:12:ae:56:5e:13:26:3f:
                    d3:fa:64:f4:64:17:d5:7b:14:48:ab:04:15:1e:18:
                    fe:a6:4b:4c:1c:94:27:97:f0:95:b1:c1:0e:81:80:
                    8d:b4:28:6d:d4:a4:7e:35:b3:6c:2a:db:16:dc:72:
                    3b:a8:da:39:51:ad:8a:6b:f1:9e:da:d9:76:69:2b:
                    e5:72:ce:00:b9:06:0a:5d:4a:07:42:e0:67:3f:da:
                    e2:58:97:49:a7:54:63:c5:a7:fe:63:1c:34:fc:f0:
                    33:d2:dd:0d:1f:9b:03:96:73:95:47:5c:ce:ef:33:
                    04:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C7:05:79:13:0F:12:D7:25:49:1F:0C:4B:5C:BF:4C:B6:7A:6F:88
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/38cFeRMPEtclSR8MS1y_TLZ6b4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f062::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:1e:3b:b1:25:60:e8:f8:df:8e:af:b2:a3:df:2b:42:86:81:
         52:53:f5:d4:86:eb:9f:21:58:89:35:d1:a1:ff:a8:ba:e7:7c:
         9b:bf:c3:b7:ce:db:4c:db:e1:bc:f6:34:ff:ae:32:e8:c9:0e:
         f9:7a:24:66:16:47:04:71:cc:43:0d:c6:ab:0b:d6:d0:55:b9:
         41:cb:2b:73:02:af:c8:c3:d9:49:00:3d:de:3a:49:31:93:11:
         b4:58:f0:fb:8a:1d:84:5b:18:1d:16:fe:f7:b9:0e:f8:b3:f4:
         ca:55:d7:b9:50:20:ad:fa:7c:fa:b0:b6:a1:49:2d:01:55:8f:
         a3:57:af:2d:64:17:55:4e:75:28:ba:dd:84:08:79:5a:7c:08:
         06:fc:2d:18:92:e4:36:03:a1:c0:6f:2b:e0:4f:0b:26:87:ab:
         5f:e4:3c:c7:ee:b6:8e:43:28:5e:8a:c5:27:c0:6d:7f:c2:bd:
         2d:0b:bd:d6:9b:6a:99:81:37:e2:2f:09:8f:4a:19:94:b0:2f:
         db:b2:38:48:27:03:8d:37:7a:e7:db:26:83:41:f2:4a:32:9c:
         80:f7:e2:b0:e3:0e:51:01:dc:5f:e9:45:c3:b4:ba:49:20:8c:
         40:52:fe:be:11:01:73:bd:0f:25:8e:13:c3:13:64:ac:ab:0a:
         88:76:b8:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXiN3WJW3QXc4K8ip7wBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmM3MDU3OTEzMGYxMmQ3MjU0OTFmMGM0YjVjYmY0Y2I2N2E2Zjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXcibc9WnpxpIqlYziir9nyzqoLG
Nh73zva20qplq4f4gLH4JwkX8jC5aYXbcWOUTLQFRJCCAwUDdA/g0E8VOpR/2trC
kFPopE3Zv5f8ni1ibUWA9gHGIRu40isdGz1PhmrjNvMWIyNjBGgV8e3OHbbWg7D7
0e9WfVDrSSz9bZtNAH5cVKl7qwcd3uqGVhKuVl4TJj/T+mT0ZBfVexRIqwQVHhj+
pktMHJQnl/CVscEOgYCNtCht1KR+NbNsKtsW3HI7qNo5Ua2Ka/Ge2tl2aSvlcs4A
uQYKXUoHQuBnP9riWJdJp1Rjxaf+Yxw0/PAz0t0NH5sDlnOVR1zO7zMEVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN/HBXkTDxLXJUkfDEtcv0y2em+IMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvMzhjRmVSTVBFdGNsU1I4TVMxeV9UTFo2YjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBi
MA0GCSqGSIb3DQEBCwUAA4IBAQCEHjuxJWDo+N+Or7Kj3ytChoFSU/XUhuufIViJ
NdGh/6i653ybv8O3zttM2+G89jT/rjLoyQ75eiRmFkcEccxDDcarC9bQVblByytz
Aq/Iw9lJAD3eOkkxkxG0WPD7ih2EWxgdFv73uQ74s/TKVde5UCCt+nz6sLahSS0B
VY+jV68tZBdVTnUout2ECHlafAgG/C0YkuQ2A6HAbyvgTwsmh6tf5DzH7raOQyhe
isUnwG1/wr0tC73Wm2qZgTfiLwmPShmUsC/bsjhIJwONN3rn2yaDQfJKMpyA9+Kw
4w5RAdxf6UXDtLpJIIxAUv6+EQFzvQ8ljhPDE2SsqwqIdrh/
-----END CERTIFICATE-----