Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/82HWMLJNo3A93FATLRaylHbiIJ0.roa
File:                     82HWMLJNo3A93FATLRaylHbiIJ0.roa (raw, json)
Hash identifier:          4XdQJcpkjG8nDnHMLMCdEVHg6iC0rMEZSS9z//uV+YA=
Subject key identifier:   F3:61:D6:30:B2:4D:A3:70:3D:DC:50:13:2D:16:B2:94:76:E2:20:9D
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296D1687151648E6FFC528BACB75A9
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/82HWMLJNo3A93FATLRaylHbiIJ0.roa
Signing time:             Tue 02 Jan 2024 12:32:41 +0000
ROA not before:           Tue 02 Jan 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212191
IP address blocks:        2a0e:8f02:20b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:6d:16:87:15:16:48:e6:ff:c5:28:ba:cb:75:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f361d630b24da3703ddc50132d16b29476e2209d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fd:62:89:0a:e8:a9:b7:87:ab:8d:0d:69:8b:
                    ec:de:86:9c:f7:63:a5:64:82:3e:18:07:20:c3:21:
                    7e:60:ae:71:03:f7:cd:3e:a8:54:d0:99:db:7e:bd:
                    0d:77:72:e1:7b:6d:8f:2c:fa:08:1b:c0:58:66:51:
                    c5:a8:20:cd:91:17:64:11:af:db:db:83:bf:91:24:
                    6a:41:ef:50:66:e0:94:b7:67:50:f3:7d:cc:ed:ce:
                    ba:a1:ca:0f:fb:b8:b3:9a:ea:54:ba:fb:24:2a:5b:
                    d9:04:ad:61:25:f9:b2:96:0e:2b:71:13:e4:38:a3:
                    1d:84:41:84:50:3f:94:6a:21:eb:e2:51:d0:c9:79:
                    3e:22:52:85:dd:02:49:68:8c:b6:c9:96:12:ae:2a:
                    53:8b:5e:94:8d:13:b6:72:a7:48:46:0d:28:67:4c:
                    0a:c6:15:e0:d3:49:20:38:58:6a:b2:66:1f:e0:ea:
                    e7:fe:54:d7:51:11:f6:64:36:10:bb:8f:62:25:de:
                    8e:2a:06:8d:d5:3d:05:64:09:b1:d8:62:f8:53:05:
                    bd:6c:6e:c8:48:30:b1:de:9d:4f:a7:13:84:6e:03:
                    e6:cd:e8:b6:a9:6a:1d:2f:3d:64:ce:37:76:60:95:
                    af:d0:b5:0a:2a:d5:61:42:f2:da:8e:78:82:32:45:
                    f4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:61:D6:30:B2:4D:A3:70:3D:DC:50:13:2D:16:B2:94:76:E2:20:9D
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/82HWMLJNo3A93FATLRaylHbiIJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:20b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:40:48:1a:9f:fe:fb:2c:94:0e:8c:09:c0:3e:76:4e:5a:80:
         be:12:0c:b5:9e:cf:a8:ae:2a:55:85:66:19:88:74:9e:30:a2:
         7d:56:94:c1:9f:25:5d:15:9e:d7:2d:35:bf:c3:48:27:2e:c5:
         12:a0:35:af:a8:84:a7:cb:dc:e7:fb:08:47:74:eb:98:8c:76:
         b2:e2:2f:10:f0:d8:cf:94:7b:aa:37:31:d8:e8:2b:0b:65:0b:
         f4:62:25:89:84:75:02:4a:b0:f3:02:d9:ad:d7:52:23:2d:58:
         09:7f:9b:e3:1a:3f:80:d0:a1:42:a7:23:6c:2b:7d:9d:3f:5c:
         b2:7e:17:c0:f2:98:f3:81:f9:36:6e:f3:9a:c6:52:83:b9:99:
         03:64:bf:15:06:1a:7e:2d:1e:6b:5d:b8:ca:c1:17:38:44:fa:
         31:6c:7a:67:19:a3:42:0f:6d:98:aa:e7:9e:a4:d1:1f:f8:39:
         90:c3:60:52:47:da:ec:af:19:c3:6d:e3:a1:cc:52:1c:ee:f5:
         8d:83:1a:1f:81:50:e7:6c:f0:07:b7:45:72:f8:8b:f3:2a:5a:
         09:b6:fc:d3:34:32:59:37:6b:a6:49:67:bd:4f:e1:b8:c0:ef:
         f4:80:5a:10:1b:06:bc:00:e3:15:4d:23:94:bd:96:ba:50:69:
         23:cf:61:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKW0WhxUWSOb/xSi6y3WpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzYxZDYzMGIyNGRhMzcwM2RkYzUwMTMyZDE2YjI5NDc2ZTIyMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv1iiQroqbeHq40NaYvs3oac92Ol
ZII+GAcgwyF+YK5xA/fNPqhU0Jnbfr0Nd3Lhe22PLPoIG8BYZlHFqCDNkRdkEa/b
24O/kSRqQe9QZuCUt2dQ833M7c66ocoP+7izmupUuvskKlvZBK1hJfmylg4rcRPk
OKMdhEGEUD+UaiHr4lHQyXk+IlKF3QJJaIy2yZYSripTi16UjRO2cqdIRg0oZ0wK
xhXg00kgOFhqsmYf4Orn/lTXURH2ZDYQu49iJd6OKgaN1T0FZAmx2GL4UwW9bG7I
SDCx3p1PpxOEbgPmzei2qWodLz1kzjd2YJWv0LUKKtVhQvLajniCMkX0iQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPNh1jCyTaNwPdxQEy0WspR24iCdMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvODJIV01MSk5vM0E5M0ZBVExSYXlsSGJpSUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiCw
MA0GCSqGSIb3DQEBCwUAA4IBAQAdQEgan/77LJQOjAnAPnZOWoC+Egy1ns+oripV
hWYZiHSeMKJ9VpTBnyVdFZ7XLTW/w0gnLsUSoDWvqISny9zn+whHdOuYjHay4i8Q
8NjPlHuqNzHY6CsLZQv0YiWJhHUCSrDzAtmt11IjLVgJf5vjGj+A0KFCpyNsK32d
P1yyfhfA8pjzgfk2bvOaxlKDuZkDZL8VBhp+LR5rXbjKwRc4RPoxbHpnGaNCD22Y
queepNEf+DmQw2BSR9rsrxnDbeOhzFIc7vWNgxofgVDnbPAHt0Vy+IvzKloJtvzT
NDJZN2umSWe9T+G4wO/0gFoQGwa8AOMVTSOUvZa6UGkjz2FC
-----END CERTIFICATE-----