Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/IqKmN1RLL8Kc0UJNiqFrk_CyfIQ.roa
File:                     IqKmN1RLL8Kc0UJNiqFrk_CyfIQ.roa (raw, json)
Hash identifier:          ciA/GONv7kK/LNlO2a/jk6wDQWZH68DiRZiLZUxFrtU=
Subject key identifier:   22:A2:A6:37:54:4B:2F:C2:9C:D1:42:4D:8A:A1:6B:93:F0:B2:7C:84
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2967C38E926F33B29301E02F8C5132
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/IqKmN1RLL8Kc0UJNiqFrk_CyfIQ.roa
Signing time:             Tue 02 Jan 2024 12:32:40 +0000
ROA not before:           Tue 02 Jan 2024 12:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211581
IP address blocks:        2a0e:8f02:f020::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:67:c3:8e:92:6f:33:b2:93:01:e0:2f:8c:51:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22a2a637544b2fc29cd1424d8aa16b93f0b27c84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:76:32:26:42:dc:13:4f:b1:f9:83:82:7a:d9:
                    6a:4a:54:73:6a:90:76:94:51:da:ed:60:69:b2:64:
                    41:00:87:52:94:e0:bc:33:e9:e7:66:b1:88:0d:9f:
                    ca:78:dc:88:4e:ca:44:cf:08:f3:4d:cf:a4:06:03:
                    89:00:05:72:8c:b9:81:5e:61:93:15:e2:bd:b1:81:
                    8f:ba:00:63:c7:3c:22:30:60:2f:d3:59:96:0f:aa:
                    b3:07:9c:e8:a1:0f:17:f5:ea:4c:62:16:2b:e9:f4:
                    cf:08:57:14:8d:93:60:ee:e2:63:3d:a1:8e:7e:56:
                    d2:7f:43:d0:18:3b:ea:3e:29:77:01:79:4b:60:40:
                    41:6d:72:12:54:f5:dc:15:35:64:03:fa:ea:d8:e7:
                    05:a0:0a:26:bc:c3:6c:bc:2f:89:a6:4a:df:ff:f9:
                    b4:76:bd:f5:64:45:be:eb:e9:65:7e:19:ce:84:64:
                    70:f7:f4:e2:3b:c2:a2:1b:de:d4:a2:3a:35:56:d1:
                    69:fc:87:ef:ca:e5:12:76:42:83:17:07:91:2c:94:
                    e3:ec:f6:94:e2:af:c4:35:44:fe:8e:eb:f9:24:a3:
                    02:00:f8:58:62:96:2e:9b:a0:fc:8d:c1:15:28:13:
                    90:37:c9:5e:5e:d4:53:66:29:f6:ef:9d:e1:60:67:
                    90:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A2:A6:37:54:4B:2F:C2:9C:D1:42:4D:8A:A1:6B:93:F0:B2:7C:84
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/IqKmN1RLL8Kc0UJNiqFrk_CyfIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f020::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:2a:d6:2d:f0:48:05:b7:6e:d7:db:5d:d4:78:f9:ec:cf:82:
         6e:17:4e:47:bd:76:26:8a:7d:9b:2a:c3:23:48:d3:21:03:d5:
         83:d8:33:4d:bd:73:6d:cf:fb:2c:d7:57:f7:25:a5:58:ed:30:
         a5:bd:92:b1:13:15:3c:2b:8b:2f:0f:81:ab:85:f0:9d:04:d7:
         33:34:55:c6:a6:a0:cf:b6:22:97:ea:ca:43:b6:9d:29:f3:6d:
         97:7c:1d:61:2d:3e:85:8d:fe:b0:b5:85:3e:fc:0d:5b:b1:c9:
         3e:f1:70:ca:39:e5:bf:07:92:ab:4c:11:13:46:eb:ff:31:a4:
         ac:d2:73:d8:48:9d:0e:f9:a9:8a:1e:ab:9a:d6:3c:fa:86:6f:
         9e:0d:d3:62:10:24:3b:07:f7:fd:06:ac:64:0d:8e:99:c7:5e:
         92:73:e9:0d:ce:6c:da:20:2a:11:73:84:d9:84:b4:e1:c7:08:
         4f:f3:78:e2:cb:6e:1f:db:d7:00:65:37:08:8d:6c:2f:3f:b6:
         a3:ca:f1:57:f3:b3:d2:09:4f:0a:aa:ff:dc:51:7e:6d:7a:9c:
         58:8a:1d:b7:b8:f4:40:75:a9:24:ab:20:b3:60:7b:85:1e:ab:
         43:9f:74:c3:45:2c:19:59:10:ef:88:6e:15:00:6d:fa:af:9c:
         6d:27:35:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWfDjpJvM7KTAeAvjFEyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmEyYTYzNzU0NGIyZmMyOWNkMTQyNGQ4YWExNmI5M2YwYjI3Yzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnYyJkLcE0+x+YOCetlqSlRzapB2
lFHa7WBpsmRBAIdSlOC8M+nnZrGIDZ/KeNyITspEzwjzTc+kBgOJAAVyjLmBXmGT
FeK9sYGPugBjxzwiMGAv01mWD6qzB5zooQ8X9epMYhYr6fTPCFcUjZNg7uJjPaGO
flbSf0PQGDvqPil3AXlLYEBBbXISVPXcFTVkA/rq2OcFoAomvMNsvC+Jpkrf//m0
dr31ZEW+6+llfhnOhGRw9/TiO8KiG97Uojo1VtFp/IfvyuUSdkKDFweRLJTj7PaU
4q/ENUT+juv5JKMCAPhYYpYum6D8jcEVKBOQN8leXtRTZin2753hYGeQEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCKipjdUSy/CnNFCTYqha5PwsnyEMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvSXFLbU4xUkxMOEtjMFVKTmlxRnJrX0N5ZklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBWKtYt8EgFt27X213UePnsz4JuF05HvXYmin2b
KsMjSNMhA9WD2DNNvXNtz/ss11f3JaVY7TClvZKxExU8K4svD4GrhfCdBNczNFXG
pqDPtiKX6spDtp0p822XfB1hLT6Fjf6wtYU+/A1bsck+8XDKOeW/B5KrTBETRuv/
MaSs0nPYSJ0O+amKHqua1jz6hm+eDdNiECQ7B/f9BqxkDY6Zx16Sc+kNzmzaICoR
c4TZhLThxwhP83jiy24f29cAZTcIjWwvP7ajyvFX87PSCU8Kqv/cUX5tepxYih23
uPRAdakkqyCzYHuFHqtDn3TDRSwZWRDviG4VAG36r5xtJzWP
-----END CERTIFICATE-----