Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9OgJwGAt6BU5P6BGbxAVfm6x8CY.roa
File:                     9OgJwGAt6BU5P6BGbxAVfm6x8CY.roa (raw, json)
Hash identifier:          p/fPwooIfjLNGH0shB5HR3Br5sQK+ovEQOgWgAYWYGg=
Subject key identifier:   F4:E8:09:C0:60:2D:E8:15:39:3F:A0:46:6F:10:15:7E:6E:B1:F0:26
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2958FA22AE12265EE72A6FE1E201CE
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9OgJwGAt6BU5P6BGbxAVfm6x8CY.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200160
IP address blocks:        2a0e:8f02:f057::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 18:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:58:fa:22:ae:12:26:5e:e7:2a:6f:e1:e2:01:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4e809c0602de815393fa0466f10157e6eb1f026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:0c:71:ed:a3:e6:d1:da:59:a7:30:a3:35:ae:
                    fd:bb:ea:fe:e3:83:22:33:99:61:3b:5f:45:dc:a5:
                    12:f3:54:51:d8:7d:86:2c:d1:2c:82:8a:8f:73:73:
                    69:c0:f0:19:f8:73:4a:e6:0a:cf:53:27:57:f5:d6:
                    3e:90:86:15:28:56:af:32:08:b2:d1:af:29:7f:dc:
                    99:ff:fc:a4:57:e4:d7:c0:e5:63:17:92:f4:5d:89:
                    68:41:7b:20:c9:75:50:1a:67:81:92:0b:06:4d:3c:
                    f7:50:2e:34:65:a7:af:26:be:ba:60:f0:ff:a8:9a:
                    08:62:44:bd:7d:2d:81:f6:8d:8a:87:f0:c4:ef:c1:
                    a8:f2:24:8f:83:9e:80:51:de:79:a3:5a:c9:d3:89:
                    33:16:63:3a:dd:1e:b7:64:9a:2a:45:6c:95:c5:a2:
                    fd:34:4f:49:c9:09:78:d8:e9:92:8f:bb:b0:5f:04:
                    3c:57:12:9c:f4:0e:2a:f0:28:09:e5:0c:fa:f6:2e:
                    4f:08:15:71:75:b1:dc:a3:67:da:11:9c:42:03:d9:
                    67:60:a0:62:cc:03:1b:86:bc:5b:bc:81:11:d0:ec:
                    fa:22:6c:e9:73:e0:6c:b5:e3:91:68:38:d6:87:ba:
                    8a:18:2a:17:35:b1:15:70:68:4f:0c:e5:13:15:36:
                    51:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:E8:09:C0:60:2D:E8:15:39:3F:A0:46:6F:10:15:7E:6E:B1:F0:26
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9OgJwGAt6BU5P6BGbxAVfm6x8CY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f057::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:cc:7a:af:44:2d:3d:f0:1d:c8:30:ae:cf:ad:16:b7:2f:57:
         1c:83:b4:4e:09:85:91:1f:90:07:ca:ec:a2:2a:b4:df:39:14:
         25:2e:55:24:b7:7b:6e:77:b1:29:9b:02:9a:71:8f:af:f7:97:
         41:8e:cd:89:bd:f3:83:9b:02:a3:df:d0:55:54:ac:60:80:a2:
         59:15:9a:eb:b5:d6:b5:34:3c:88:e5:dc:95:99:f8:2b:80:94:
         f3:ef:6d:a2:1c:ee:22:a6:ef:be:57:5b:6a:94:7d:3f:a1:bb:
         37:7c:01:30:e6:6a:89:bd:c1:70:59:cd:50:c1:50:f9:04:50:
         cd:27:db:51:04:f4:2a:4b:13:60:88:fd:7f:1c:fb:71:c4:92:
         61:a0:c8:2d:ab:d4:89:76:78:b2:b2:a2:5c:a1:67:5c:66:59:
         82:17:3b:cc:59:0d:41:e6:bb:29:81:ba:b2:38:75:16:09:4c:
         a0:94:20:21:ac:b3:ec:c7:3a:25:9f:90:f6:1f:53:90:5c:c8:
         d6:be:14:2f:22:26:00:83:83:3d:cc:2c:56:53:0b:07:ed:32:
         fe:1d:d3:bb:d0:90:fa:ab:bf:c8:03:85:f8:8b:f0:c1:e6:1d:
         af:58:f2:12:dd:1e:8a:54:37:74:85:90:f2:f8:3d:73:37:90:
         11:3b:8d:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVj6Iq4SJl7nKm/h4gHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGU4MDljMDYwMmRlODE1MzkzZmEwNDY2ZjEwMTU3ZTZlYjFmMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAxx7aPm0dpZpzCjNa79u+r+44Mi
M5lhO19F3KUS81RR2H2GLNEsgoqPc3NpwPAZ+HNK5grPUydX9dY+kIYVKFavMgiy
0a8pf9yZ//ykV+TXwOVjF5L0XYloQXsgyXVQGmeBkgsGTTz3UC40ZaevJr66YPD/
qJoIYkS9fS2B9o2Kh/DE78Go8iSPg56AUd55o1rJ04kzFmM63R63ZJoqRWyVxaL9
NE9JyQl42OmSj7uwXwQ8VxKc9A4q8CgJ5Qz69i5PCBVxdbHco2faEZxCA9lnYKBi
zAMbhrxbvIER0Oz6Imzpc+BsteORaDjWh7qKGCoXNbEVcGhPDOUTFTZRHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPToCcBgLegVOT+gRm8QFX5usfAmMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvOU9nSndHQXQ2QlU1UDZCR2J4QVZmbTZ4OENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBX
MA0GCSqGSIb3DQEBCwUAA4IBAQAHzHqvRC098B3IMK7PrRa3L1ccg7ROCYWRH5AH
yuyiKrTfORQlLlUkt3tud7EpmwKacY+v95dBjs2JvfODmwKj39BVVKxggKJZFZrr
tda1NDyI5dyVmfgrgJTz722iHO4ipu++V1tqlH0/obs3fAEw5mqJvcFwWc1QwVD5
BFDNJ9tRBPQqSxNgiP1/HPtxxJJhoMgtq9SJdniysqJcoWdcZlmCFzvMWQ1B5rsp
gbqyOHUWCUyglCAhrLPsxzoln5D2H1OQXMjWvhQvIiYAg4M9zCxWUwsH7TL+HdO7
0JD6q7/IA4X4i/DB5h2vWPIS3R6KVDd0hZDy+D1zN5ARO420
-----END CERTIFICATE-----