Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/KXzt00Awy5THdHueHFFuLIM5I3o.roa
File:                     KXzt00Awy5THdHueHFFuLIM5I3o.roa (raw, json)
Hash identifier:          5r9WM4Vr8M2ZCTt+MvkmK2BqlG/N9faEkkZK1B4wAM0=
Subject key identifier:   29:7C:ED:D3:40:30:CB:94:C7:74:7B:9E:1C:51:6E:2C:83:39:23:7A
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018DD507182EBBE0940C3290F0B53487EBA8
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/KXzt00Awy5THdHueHFFuLIM5I3o.roa
Signing time:             Fri 23 Feb 2024 08:13:48 +0000
ROA not before:           Fri 23 Feb 2024 08:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215478
IP address blocks:        2a0e:8f02:f064::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:07:18:2e:bb:e0:94:0c:32:90:f0:b5:34:87:eb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Feb 23 08:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=297cedd34030cb94c7747b9e1c516e2c8339237a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a0:5b:38:ad:55:eb:42:bb:9b:87:aa:7b:69:
                    69:2a:35:05:6f:b8:2b:c3:26:80:39:c3:9d:d5:4e:
                    00:dc:90:4d:70:a4:74:c7:37:d9:ff:89:52:1b:04:
                    57:8f:5e:02:01:db:e0:fc:00:1e:5c:17:06:8a:2c:
                    f7:b8:2e:5f:bf:f1:3d:1d:91:20:83:e3:b9:1c:81:
                    22:87:e9:41:b1:2f:20:0a:5a:93:4c:32:f5:0d:86:
                    1c:92:cb:fe:6c:02:ab:9c:bd:ad:a9:89:73:d4:76:
                    97:ee:09:d2:b6:d1:b4:bc:6e:a1:9f:d7:41:1e:0c:
                    ba:9d:a1:6a:55:7e:30:23:d6:13:e2:4a:46:70:dd:
                    25:bc:08:e0:30:8f:5f:66:8b:63:2e:f4:28:8d:7b:
                    e9:88:d7:b0:a2:73:02:33:2b:4c:c5:a1:31:bf:96:
                    0e:fd:60:65:86:0f:09:c1:03:4a:2a:08:95:23:ae:
                    b2:3d:dc:a0:7c:5a:45:10:75:38:a7:47:fd:f0:6d:
                    83:ab:d5:ec:eb:ea:81:86:5a:aa:d5:84:34:23:1b:
                    1b:eb:29:f9:1d:9b:9c:49:73:32:78:1b:bd:89:64:
                    0d:de:57:b4:c1:ad:4a:c2:bf:23:b1:e5:d9:03:2a:
                    6f:1f:2b:70:a2:62:c6:aa:79:3f:53:f2:fa:6d:98:
                    f1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:7C:ED:D3:40:30:CB:94:C7:74:7B:9E:1C:51:6E:2C:83:39:23:7A
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/KXzt00Awy5THdHueHFFuLIM5I3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f064::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:58:df:29:3d:70:95:e2:cf:0a:f6:94:f8:21:87:7d:82:0d:
         fb:48:2e:11:3e:f3:35:0e:a2:87:c3:6c:7c:e9:00:71:fa:ab:
         df:5a:34:81:69:b6:75:86:ee:4c:11:54:d6:69:aa:88:a7:c8:
         dc:0b:a8:ef:3f:f2:5d:61:a8:1a:36:a8:1e:32:9f:32:53:f6:
         37:61:4a:29:a1:a0:80:74:95:07:0d:75:a3:c5:c9:d1:0e:b0:
         82:d3:c6:d2:27:29:bf:7d:31:de:db:e8:c2:d4:5e:a3:46:58:
         5a:bf:b1:16:b5:0a:1e:75:41:96:90:36:4f:d0:06:ea:84:cd:
         1b:79:e1:2a:ea:cf:ec:30:91:bd:b0:9b:11:e9:61:37:7f:4c:
         6f:55:1c:fa:89:76:cf:46:8d:a6:45:17:9a:09:30:64:c5:a2:
         64:d7:47:f2:fe:95:53:6c:bd:b7:19:81:c8:d1:39:e0:df:0e:
         4e:90:4d:8c:db:df:78:14:a3:78:89:2e:61:2b:8c:30:09:f0:
         08:19:a1:6d:91:f3:48:6f:d7:13:3a:c9:29:be:d1:dd:7d:e2:
         62:a4:32:48:fa:f2:ee:5d:f0:89:a8:10:18:8e:c2:05:91:7f:
         a6:40:f3:85:33:ee:96:e1:68:59:a0:67:e7:fd:64:05:d8:c0:
         ec:22:26:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3VBxguu+CUDDKQ8LU0h+uoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMjIzMDgxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdjZWRkMzQwMzBjYjk0Yzc3NDdiOWUxYzUxNmUyYzgzMzkyMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKBbOK1V60K7m4eqe2lpKjUFb7gr
wyaAOcOd1U4A3JBNcKR0xzfZ/4lSGwRXj14CAdvg/AAeXBcGiiz3uC5fv/E9HZEg
g+O5HIEih+lBsS8gClqTTDL1DYYcksv+bAKrnL2tqYlz1HaX7gnSttG0vG6hn9dB
Hgy6naFqVX4wI9YT4kpGcN0lvAjgMI9fZotjLvQojXvpiNewonMCMytMxaExv5YO
/WBlhg8JwQNKKgiVI66yPdygfFpFEHU4p0f98G2Dq9Xs6+qBhlqq1YQ0Ixsb6yn5
HZucSXMyeBu9iWQN3le0wa1Kwr8jseXZAypvHytwomLGqnk/U/L6bZjxwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCl87dNAMMuUx3R7nhxRbiyDOSN6MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvS1h6dDAwQXd5NVRIZEh1ZUhGRnVMSU01STNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBk
MA0GCSqGSIb3DQEBCwUAA4IBAQBGWN8pPXCV4s8K9pT4IYd9gg37SC4RPvM1DqKH
w2x86QBx+qvfWjSBabZ1hu5MEVTWaaqIp8jcC6jvP/JdYagaNqgeMp8yU/Y3YUop
oaCAdJUHDXWjxcnRDrCC08bSJym/fTHe2+jC1F6jRlhav7EWtQoedUGWkDZP0Abq
hM0beeEq6s/sMJG9sJsR6WE3f0xvVRz6iXbPRo2mRReaCTBkxaJk10fy/pVTbL23
GYHI0Tng3w5OkE2M2994FKN4iS5hK4wwCfAIGaFtkfNIb9cTOskpvtHdfeJipDJI
+vLuXfCJqBAYjsIFkX+mQPOFM+6W4WhZoGfn/WQF2MDsIiYt
-----END CERTIFICATE-----