Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/H-2H0NF7RSiv-Cg2I1PAB2v85zY.roa
File:                     H-2H0NF7RSiv-Cg2I1PAB2v85zY.roa (raw, json)
Hash identifier:          5Zujsq25PNulErvG1T3mKGQR4X+qEt6nzNCbudrtPWs=
Subject key identifier:   1F:ED:87:D0:D1:7B:45:28:AF:F8:28:36:23:53:C0:07:6B:FC:E7:36
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295DF11C3101B2EBA4FBB058F00E73
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/H-2H0NF7RSiv-Cg2I1PAB2v85zY.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205441
IP address blocks:        2a0e:8f02:21b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5d:f1:1c:31:01:b2:eb:a4:fb:b0:58:f0:0e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fed87d0d17b4528aff828362353c0076bfce736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1e:40:76:94:3c:a4:b8:32:6d:fe:f1:2f:03:
                    70:46:b3:2b:9b:cb:f5:68:2a:bf:05:1e:1d:c1:64:
                    f1:f6:2f:ca:6d:a6:b8:af:94:ab:4a:f5:b5:b4:31:
                    9c:3a:e6:9e:9e:93:fd:d1:be:0d:03:4d:1b:8d:e9:
                    e1:42:18:73:01:3e:b3:a3:f3:69:d2:6f:f4:30:2e:
                    13:99:25:fa:d5:2c:bf:63:66:a3:36:c9:75:a9:78:
                    a6:30:7b:a0:dc:3f:ad:38:ac:a2:31:fc:89:04:44:
                    89:e4:2b:f7:b9:80:ff:55:c5:15:61:f7:a9:28:a1:
                    a2:a7:91:69:9b:d3:e4:bf:44:6e:14:bc:8b:bf:3c:
                    24:ea:64:27:a0:e6:13:4b:7a:f3:f2:77:bf:e2:6c:
                    4f:0f:5c:cc:db:d0:37:ed:53:bf:b0:97:08:49:8e:
                    37:6f:83:a6:5f:ae:3a:4b:5a:46:6c:60:47:96:17:
                    7f:cd:11:a6:7c:d9:12:e7:2b:56:8f:50:91:5c:bc:
                    66:8c:3b:56:27:3b:3a:62:c1:ec:56:10:72:a3:14:
                    7d:29:b1:7b:25:17:b4:51:fb:80:5e:0f:7e:b9:df:
                    9e:7f:81:60:7a:4a:8f:fc:e2:31:6f:81:d3:b8:51:
                    04:43:66:f2:2c:c1:54:72:20:a9:11:c3:e6:2f:f3:
                    00:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:ED:87:D0:D1:7B:45:28:AF:F8:28:36:23:53:C0:07:6B:FC:E7:36
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/H-2H0NF7RSiv-Cg2I1PAB2v85zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:21b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:6e:99:60:34:35:2c:35:fc:01:58:c8:e5:24:c2:00:05:0a:
         2f:73:2c:c9:83:0e:7d:8f:f5:ec:8c:d5:3e:41:72:65:4f:01:
         64:73:29:51:f9:11:e5:11:2c:b9:36:89:92:41:08:8e:17:19:
         d1:a7:2b:ff:e8:fd:c7:c8:a8:3f:bf:80:2c:0e:66:cd:b8:fb:
         9d:ac:32:ee:74:4e:4b:37:88:d9:20:75:b2:11:5c:d0:d0:59:
         5e:10:11:08:9c:2a:44:ac:85:4d:e5:46:65:b0:b8:61:76:1b:
         f9:23:7b:cb:d6:19:13:94:0b:e5:b6:e7:e4:a3:24:9a:77:9b:
         72:61:49:55:d6:15:3b:43:56:bc:85:eb:89:e1:5f:50:33:7f:
         5e:e1:e7:76:2d:8a:6b:83:51:3d:4f:7d:5a:ca:40:85:73:15:
         5d:6d:7f:a6:09:86:3a:db:f0:e7:25:4e:60:57:b4:07:c4:6f:
         3b:8f:7f:35:69:18:db:4c:15:63:7c:76:99:e2:f9:16:0d:74:
         2e:0c:6f:b0:9d:94:f3:22:4a:43:dc:16:34:61:d0:24:89:d7:
         cc:9a:a1:7a:bd:32:4b:b2:a1:fc:00:ca:44:d2:36:10:50:c0:
         f6:f8:f1:e8:8c:f7:d7:af:05:cd:24:a6:52:9c:23:c3:3f:20:
         5a:08:a1:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKV3xHDEBsuuk+7BY8A5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmVkODdkMGQxN2I0NTI4YWZmODI4MzYyMzUzYzAwNzZiZmNlNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwB5AdpQ8pLgybf7xLwNwRrMrm8v1
aCq/BR4dwWTx9i/Kbaa4r5SrSvW1tDGcOuaenpP90b4NA00bjenhQhhzAT6zo/Np
0m/0MC4TmSX61Sy/Y2ajNsl1qXimMHug3D+tOKyiMfyJBESJ5Cv3uYD/VcUVYfep
KKGip5Fpm9Pkv0RuFLyLvzwk6mQnoOYTS3rz8ne/4mxPD1zM29A37VO/sJcISY43
b4OmX646S1pGbGBHlhd/zRGmfNkS5ytWj1CRXLxmjDtWJzs6YsHsVhByoxR9KbF7
JRe0UfuAXg9+ud+ef4FgekqP/OIxb4HTuFEEQ2byLMFUciCpEcPmL/MA2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB/th9DRe0Uor/goNiNTwAdr/Oc2MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvSC0ySDBORjdSU2l2LUNnMkkxUEFCMnY4NXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiGw
MA0GCSqGSIb3DQEBCwUAA4IBAQBrbplgNDUsNfwBWMjlJMIABQovcyzJgw59j/Xs
jNU+QXJlTwFkcylR+RHlESy5NomSQQiOFxnRpyv/6P3HyKg/v4AsDmbNuPudrDLu
dE5LN4jZIHWyEVzQ0FleEBEInCpErIVN5UZlsLhhdhv5I3vL1hkTlAvltufkoySa
d5tyYUlV1hU7Q1a8heuJ4V9QM39e4ed2LYprg1E9T31aykCFcxVdbX+mCYY62/Dn
JU5gV7QHxG87j381aRjbTBVjfHaZ4vkWDXQuDG+wnZTzIkpD3BY0YdAkidfMmqF6
vTJLsqH8AMpE0jYQUMD2+PHojPfXrwXNJKZSnCPDPyBaCKHU
-----END CERTIFICATE-----