Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9YZWg68Xds6XczgyHNjbndXYUv8.roa
File:                     9YZWg68Xds6XczgyHNjbndXYUv8.roa (raw, json)
Hash identifier:          QIBxb+vVoMsK10si82NPQCiga6p2P1A4DVe9g/sAV4M=
Subject key identifier:   F5:86:56:83:AF:17:76:CE:97:73:38:32:1C:D8:DB:9D:D5:D8:52:FF
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2953A48668ACF0B8CD77C22B5EBDFE
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9YZWg68Xds6XczgyHNjbndXYUv8.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2a0e:8f02:f05a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:53:a4:86:68:ac:f0:b8:cd:77:c2:2b:5e:bd:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5865683af1776ce977338321cd8db9dd5d852ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d9:d9:b7:52:20:25:42:d8:4f:bd:0d:55:bf:
                    15:bf:ab:26:5a:21:64:99:46:bf:14:f9:a0:9b:a9:
                    e8:f7:fe:57:6c:53:0a:f5:e8:5c:d3:b9:26:14:ae:
                    30:68:c1:84:c6:88:e6:cd:de:11:f0:53:8f:4c:c3:
                    17:ee:7c:38:cd:ec:88:cb:4e:dd:dc:b8:ac:a5:96:
                    80:e3:0b:00:a3:cb:2d:32:75:dc:21:47:3a:c8:92:
                    76:e1:d9:7c:5f:1a:74:e7:7a:87:db:e8:7e:ac:42:
                    41:49:01:90:72:77:89:22:48:ce:28:0a:1c:0c:c2:
                    15:e5:4a:ce:e4:d5:76:7b:8f:fa:b1:24:40:84:bb:
                    ce:ea:04:e4:54:51:85:47:9e:3c:83:c5:20:06:ed:
                    56:30:a7:ae:a4:16:1c:d7:c5:35:2e:76:2b:b5:41:
                    89:81:3a:88:25:90:ef:b5:51:ab:8c:0b:3f:87:84:
                    a2:03:77:23:fd:36:b0:82:01:4b:50:9a:2f:13:82:
                    4f:c4:c1:85:c3:d0:c7:d6:f5:8e:ac:71:51:67:d3:
                    97:13:47:c1:f3:84:3d:94:c9:20:aa:d3:ae:e9:de:
                    85:1a:e0:56:10:4f:24:dd:9e:03:fb:75:1a:45:a6:
                    b7:3b:c5:45:c3:b3:24:50:30:9a:ea:a5:71:f3:c7:
                    ab:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:86:56:83:AF:17:76:CE:97:73:38:32:1C:D8:DB:9D:D5:D8:52:FF
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9YZWg68Xds6XczgyHNjbndXYUv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f05a::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:1b:7b:2f:c2:ef:31:6e:4e:c9:c4:24:88:cf:57:dc:d2:c1:
         1f:99:1e:fd:f1:6a:ab:36:e3:3c:d8:e5:c4:dc:52:3f:cb:eb:
         51:d3:ec:76:27:34:75:80:f6:d6:79:ce:61:98:e5:0b:f0:2f:
         ee:1e:d2:a2:6a:06:c4:4d:8d:3c:52:8a:b1:23:d7:45:5a:42:
         c8:dc:cf:d8:28:37:22:fb:a0:0e:9d:70:cb:e2:80:87:6e:a9:
         8f:41:3f:cf:57:48:cf:76:01:e0:37:75:0d:67:df:93:90:f0:
         5e:92:84:de:a1:e6:9d:57:e5:cd:e2:49:df:4a:d4:25:52:36:
         b9:b9:8c:ee:64:d1:ad:44:ea:de:a9:aa:38:73:d6:9d:3a:e3:
         1c:ec:a8:3d:69:5e:c2:20:d1:b3:12:cc:65:8b:bd:b9:95:0d:
         e9:4b:6f:b5:fd:4c:4b:33:44:ab:5b:d3:43:11:f8:63:76:ea:
         a4:82:9b:29:70:3d:64:55:cd:f1:01:c1:12:cd:3f:f4:38:1b:
         67:36:54:73:88:17:e1:03:5d:c6:c2:e5:8d:9d:43:0f:0c:e9:
         87:03:b5:a1:66:bf:a0:17:7d:f1:ce:b9:e2:d3:a1:80:41:32:
         66:9f:62:82:35:cf:d9:31:5b:ae:1a:24:c0:60:10:75:ff:ab:
         b2:de:b5:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVOkhmis8LjNd8IrXr3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTg2NTY4M2FmMTc3NmNlOTc3MzM4MzIxY2Q4ZGI5ZGQ1ZDg1MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9nZt1IgJULYT70NVb8Vv6smWiFk
mUa/FPmgm6no9/5XbFMK9ehc07kmFK4waMGExojmzd4R8FOPTMMX7nw4zeyIy07d
3LispZaA4wsAo8stMnXcIUc6yJJ24dl8Xxp053qH2+h+rEJBSQGQcneJIkjOKAoc
DMIV5UrO5NV2e4/6sSRAhLvO6gTkVFGFR548g8UgBu1WMKeupBYc18U1LnYrtUGJ
gTqIJZDvtVGrjAs/h4SiA3cj/TawggFLUJovE4JPxMGFw9DH1vWOrHFRZ9OXE0fB
84Q9lMkgqtOu6d6FGuBWEE8k3Z4D+3UaRaa3O8VFw7MkUDCa6qVx88erwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPWGVoOvF3bOl3M4MhzY253V2FL/MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvOVlaV2c2OFhkczZYY3pneUhOamJuZFhZVXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBa
MA0GCSqGSIb3DQEBCwUAA4IBAQAkG3svwu8xbk7JxCSIz1fc0sEfmR798WqrNuM8
2OXE3FI/y+tR0+x2JzR1gPbWec5hmOUL8C/uHtKiagbETY08UoqxI9dFWkLI3M/Y
KDci+6AOnXDL4oCHbqmPQT/PV0jPdgHgN3UNZ9+TkPBekoTeoeadV+XN4knfStQl
Uja5uYzuZNGtROreqao4c9adOuMc7Kg9aV7CINGzEsxli725lQ3pS2+1/UxLM0Sr
W9NDEfhjduqkgpspcD1kVc3xAcESzT/0OBtnNlRziBfhA13GwuWNnUMPDOmHA7Wh
Zr+gF33xzrni06GAQTJmn2KCNc/ZMVuuGiTAYBB1/6uy3rU3
-----END CERTIFICATE-----