Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/MQdqvR-Eu-z5lDH94-lmbIv5ZHE.roa
File:                     MQdqvR-Eu-z5lDH94-lmbIv5ZHE.roa (raw, json)
Hash identifier:          ycKrLE2emal6f/0RqP4o4adEhZH6aYOW8nTI9FaklXA=
Subject key identifier:   31:07:6A:BD:1F:84:BB:EC:F9:94:31:FD:E3:E9:66:6C:8B:F9:64:71
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2964FE4BAD4BAC2D867AD6803F2C7A
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/MQdqvR-Eu-z5lDH94-lmbIv5ZHE.roa
Signing time:             Tue 02 Jan 2024 12:32:39 +0000
ROA not before:           Tue 02 Jan 2024 12:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211242
IP address blocks:        2a0e:8f02:f032::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:64:fe:4b:ad:4b:ac:2d:86:7a:d6:80:3f:2c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31076abd1f84bbecf99431fde3e9666c8bf96471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:08:15:b2:6c:45:a1:a2:85:ac:aa:2c:48:96:
                    89:ce:50:37:05:6d:6a:57:48:de:30:75:98:a7:c7:
                    29:09:3d:55:b7:1e:e4:2b:c1:03:fd:81:40:2b:10:
                    a3:54:fd:e7:97:1b:3d:92:64:6b:16:99:8c:5a:d1:
                    2f:07:49:33:86:b6:ec:26:1a:cd:71:0a:b6:af:ee:
                    3d:eb:55:b6:c0:24:da:fa:4a:06:78:ef:99:38:7d:
                    dc:7b:79:70:18:97:94:5e:7d:a4:74:93:29:23:8a:
                    2c:95:d8:44:b2:60:8f:1f:2f:bf:4e:00:7f:ac:fe:
                    e7:b5:83:91:c5:6c:35:8a:f2:a2:94:3f:43:fb:19:
                    3b:8f:63:35:a4:a3:8d:93:8c:70:a5:1f:2c:6f:06:
                    9f:61:a5:da:a3:1b:25:88:ff:4c:b8:1a:7e:73:8d:
                    f8:a2:3b:91:66:9b:1e:46:42:c0:32:75:0e:92:6f:
                    20:b8:c9:96:0a:01:d2:d7:8b:e4:2a:71:ac:3a:d7:
                    be:b5:27:4b:22:ec:73:bd:d2:bd:1b:5d:fe:8e:5c:
                    a3:a3:c9:3c:e4:91:fa:1b:02:6b:23:f6:3e:d5:d1:
                    c9:12:2a:69:72:35:a1:4d:39:94:f9:91:55:a4:aa:
                    75:bb:90:c6:08:3e:b5:57:52:0a:54:54:5c:3e:c2:
                    9f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:07:6A:BD:1F:84:BB:EC:F9:94:31:FD:E3:E9:66:6C:8B:F9:64:71
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/MQdqvR-Eu-z5lDH94-lmbIv5ZHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f032::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:05:a3:aa:78:ec:e7:50:78:bf:25:0a:b7:4f:69:27:74:66:
         3c:3f:6d:bd:b1:6c:95:76:2b:c7:7e:a3:12:16:7c:2d:13:62:
         df:cc:8f:42:41:1a:13:e1:53:9d:3b:25:5e:c4:d6:b9:de:37:
         05:9e:bb:00:a2:0e:52:54:7b:51:1a:ec:f8:88:5c:f1:79:9e:
         0e:df:10:de:94:38:d9:0b:cd:47:71:5c:6f:86:b7:2f:fe:08:
         01:2a:df:82:a3:74:6c:20:d8:ad:74:c0:22:af:61:75:da:a9:
         e5:4b:22:e6:87:72:39:e9:f7:fb:bd:45:04:64:27:c3:1b:d3:
         fd:86:4d:c1:24:f9:ae:7f:b8:77:07:e0:8f:be:80:5c:fc:80:
         64:d1:46:a4:8e:0a:d2:7b:30:1d:92:07:67:2d:20:3b:7a:b4:
         b8:67:0d:5d:3c:97:55:a1:94:b0:c7:39:a0:05:c1:bf:22:da:
         f3:79:73:b1:ef:2f:6d:21:0f:8b:7a:38:9e:48:93:b4:ba:36:
         9f:2a:bd:e8:6f:5a:14:da:d9:1a:76:1f:96:3f:55:07:eb:5b:
         69:86:ac:82:97:eb:83:ab:ac:d0:7d:7c:e4:df:b0:9f:59:51:
         bd:b5:88:84:3c:79:76:77:a2:14:7c:ed:8e:83:d5:59:71:25:
         d8:2b:0b:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWT+S61LrC2GetaAPyx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA3NmFiZDFmODRiYmVjZjk5NDMxZmRlM2U5NjY2YzhiZjk2NDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwgVsmxFoaKFrKosSJaJzlA3BW1q
V0jeMHWYp8cpCT1Vtx7kK8ED/YFAKxCjVP3nlxs9kmRrFpmMWtEvB0kzhrbsJhrN
cQq2r+4961W2wCTa+koGeO+ZOH3ce3lwGJeUXn2kdJMpI4osldhEsmCPHy+/TgB/
rP7ntYORxWw1ivKilD9D+xk7j2M1pKONk4xwpR8sbwafYaXaoxsliP9MuBp+c434
ojuRZpseRkLAMnUOkm8guMmWCgHS14vkKnGsOte+tSdLIuxzvdK9G13+jlyjo8k8
5JH6GwJrI/Y+1dHJEippcjWhTTmU+ZFVpKp1u5DGCD61V1IKVFRcPsKf5QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDEHar0fhLvs+ZQx/ePpZmyL+WRxMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvTVFkcXZSLUV1LXo1bERIOTQtbG1iSXY1WkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAy
MA0GCSqGSIb3DQEBCwUAA4IBAQBOBaOqeOznUHi/JQq3T2kndGY8P229sWyVdivH
fqMSFnwtE2LfzI9CQRoT4VOdOyVexNa53jcFnrsAog5SVHtRGuz4iFzxeZ4O3xDe
lDjZC81HcVxvhrcv/ggBKt+Co3RsINitdMAir2F12qnlSyLmh3I56ff7vUUEZCfD
G9P9hk3BJPmuf7h3B+CPvoBc/IBk0UakjgrSezAdkgdnLSA7erS4Zw1dPJdVoZSw
xzmgBcG/ItrzeXOx7y9tIQ+LejieSJO0ujafKr3ob1oU2tkadh+WP1UH61tphqyC
l+uDq6zQfXzk37CfWVG9tYiEPHl2d6IUfO2Og9VZcSXYKwsG
-----END CERTIFICATE-----