Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/98LdscGNan3OtxLptWDq0TgVmPE.roa
File:                     98LdscGNan3OtxLptWDq0TgVmPE.roa (raw, json)
Hash identifier:          l7ZnHJmzYymyNpOVqlTShr1zbjOtZn/L8RrxGNzsmxU=
Subject key identifier:   F7:C2:DD:B1:C1:8D:6A:7D:CE:B7:12:E9:B5:60:EA:D1:38:15:98:F1
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296307B6F4AB4AD4C96D78603D2197
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/98LdscGNan3OtxLptWDq0TgVmPE.roa
Signing time:             Tue 02 Jan 2024 12:32:38 +0000
ROA not before:           Tue 02 Jan 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210714
IP address blocks:        2a0e:8f02:2180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:63:07:b6:f4:ab:4a:d4:c9:6d:78:60:3d:21:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7c2ddb1c18d6a7dceb712e9b560ead1381598f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1a:57:da:56:65:c0:e3:db:11:a0:a1:54:d0:
                    72:aa:70:df:a0:f9:80:28:0e:af:6f:a4:27:0b:81:
                    50:33:c0:1a:c1:ac:36:39:ad:28:6e:90:bb:73:54:
                    b7:0b:9b:07:ae:a0:66:de:52:08:32:70:28:40:be:
                    1d:4b:7a:b0:f7:c9:2a:79:14:88:42:6a:26:4a:86:
                    d8:0e:f2:0d:cb:5e:19:98:21:02:b1:1c:51:87:4d:
                    39:d5:23:13:69:aa:56:c5:f1:53:60:29:b2:3c:d8:
                    6e:da:61:1a:23:8b:3c:ea:93:18:76:b4:a9:f5:02:
                    ca:9c:7d:7e:10:f3:ef:15:6d:25:e7:b7:ea:1c:41:
                    87:82:e0:e4:ea:fe:0c:a6:63:3b:34:11:cb:59:cf:
                    f6:fc:48:86:bc:b5:36:2b:fa:87:78:23:95:6c:60:
                    13:50:4a:95:b4:d0:cb:fa:3f:22:86:9b:ef:dd:0a:
                    86:df:a7:66:90:d0:c2:ce:ab:48:61:09:77:e2:e6:
                    dd:96:e1:bb:63:43:74:31:a3:b8:ca:a1:66:3b:c0:
                    1f:8a:5a:b4:50:9a:8e:18:88:fd:32:7a:48:e9:8f:
                    8c:e0:cf:38:e3:22:a5:22:cf:a7:9a:c4:04:18:5b:
                    06:6f:ee:f8:48:01:f7:86:fd:55:b3:dd:d2:d2:d0:
                    44:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:C2:DD:B1:C1:8D:6A:7D:CE:B7:12:E9:B5:60:EA:D1:38:15:98:F1
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/98LdscGNan3OtxLptWDq0TgVmPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2180::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:36:73:d0:73:25:46:66:ce:09:57:8b:91:3d:f0:fa:ab:40:
         f8:61:66:62:e6:c0:b6:17:55:7e:7a:5f:db:50:f2:38:d1:c2:
         01:7c:66:48:14:2e:14:84:74:8d:bf:3a:ec:39:35:7b:92:d3:
         4a:4a:5d:e5:63:c3:51:6f:fc:f2:8e:e4:b3:4b:b7:de:4c:37:
         64:50:e3:41:3c:b7:78:b7:c3:aa:7e:c1:68:3e:54:89:1b:e3:
         60:6d:b6:43:54:21:31:68:81:9a:9f:f0:19:92:1f:43:17:9c:
         0c:72:0b:55:ad:1f:99:0a:52:f3:69:34:f6:5e:02:a5:a2:15:
         12:a9:b3:86:8d:e0:8a:79:ce:bd:c9:f1:f3:ac:97:0a:66:8e:
         10:f4:32:aa:67:a9:b3:9d:1b:b3:2d:4d:c1:8e:07:54:c7:2a:
         14:c0:21:2c:c0:0c:e2:ba:a9:88:f8:49:9e:37:1a:0c:69:a1:
         9d:42:39:81:12:25:8f:30:55:fb:7b:7b:51:0c:32:20:42:89:
         5d:48:53:c1:2c:5f:9d:a0:47:26:07:2a:c4:90:f4:10:4d:44:
         1b:c7:97:74:ca:0e:3e:e5:d2:c3:04:d4:52:ba:75:53:3c:86:
         49:8a:fa:b4:b6:26:0f:8f:71:b8:69:a3:f8:47:f1:c9:29:a9:
         48:e5:38:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWMHtvSrStTJbXhgPSGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2MyZGRiMWMxOGQ2YTdkY2ViNzEyZTliNTYwZWFkMTM4MTU5OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphpX2lZlwOPbEaChVNByqnDfoPmA
KA6vb6QnC4FQM8Aawaw2Oa0obpC7c1S3C5sHrqBm3lIIMnAoQL4dS3qw98kqeRSI
QmomSobYDvINy14ZmCECsRxRh0051SMTaapWxfFTYCmyPNhu2mEaI4s86pMYdrSp
9QLKnH1+EPPvFW0l57fqHEGHguDk6v4MpmM7NBHLWc/2/EiGvLU2K/qHeCOVbGAT
UEqVtNDL+j8ihpvv3QqG36dmkNDCzqtIYQl34ubdluG7Y0N0MaO4yqFmO8Afilq0
UJqOGIj9MnpI6Y+M4M844yKlIs+nmsQEGFsGb+74SAH3hv1Vs93S0tBEtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPfC3bHBjWp9zrcS6bVg6tE4FZjxMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvOThMZHNjR05hbjNPdHhMcHRXRHEwVGdWbVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiGA
MA0GCSqGSIb3DQEBCwUAA4IBAQAHNnPQcyVGZs4JV4uRPfD6q0D4YWZi5sC2F1V+
el/bUPI40cIBfGZIFC4UhHSNvzrsOTV7ktNKSl3lY8NRb/zyjuSzS7feTDdkUONB
PLd4t8OqfsFoPlSJG+NgbbZDVCExaIGan/AZkh9DF5wMcgtVrR+ZClLzaTT2XgKl
ohUSqbOGjeCKec69yfHzrJcKZo4Q9DKqZ6mznRuzLU3BjgdUxyoUwCEswAziuqmI
+EmeNxoMaaGdQjmBEiWPMFX7e3tRDDIgQoldSFPBLF+doEcmByrEkPQQTUQbx5d0
yg4+5dLDBNRSunVTPIZJivq0tiYPj3G4aaP4R/HJKalI5TiL
-----END CERTIFICATE-----