Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/RdqeiqNFhLyc8AuIVnUaW7UCCgo.roa
File:                     RdqeiqNFhLyc8AuIVnUaW7UCCgo.roa (raw, json)
Hash identifier:          Ughlr3UjWkVh1JcuzPI9zP3TGGu1IycHNS72s/hwETw=
Subject key identifier:   45:DA:9E:8A:A3:45:84:BC:9C:F0:0B:88:56:75:1A:5B:B5:02:0A:0A
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29632A2C77655EA3314CBCA16F6414
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/RdqeiqNFhLyc8AuIVnUaW7UCCgo.roa
Signing time:             Tue 02 Jan 2024 12:32:39 +0000
ROA not before:           Tue 02 Jan 2024 12:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210826
IP address blocks:        2a0e:8f02:f039::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:63:2a:2c:77:65:5e:a3:31:4c:bc:a1:6f:64:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45da9e8aa34584bc9cf00b8856751a5bb5020a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:47:ef:82:bf:91:0e:82:06:07:94:b5:6f:ac:
                    75:d7:ed:93:5c:28:7b:22:c9:c3:a8:aa:c2:d5:8c:
                    98:8f:71:71:dd:b9:a8:6f:7d:06:2f:50:f3:cf:c5:
                    da:ff:16:6c:87:49:c8:fb:d8:a4:a5:9c:45:c0:fc:
                    2e:d8:f2:09:ee:b6:a0:db:b2:e4:89:06:98:be:52:
                    bb:39:b3:7c:1d:fc:49:4d:98:07:39:69:de:f5:d1:
                    da:79:cb:13:ea:b3:c8:cb:a0:9b:ce:2f:4a:22:7d:
                    5b:46:6e:6f:2a:91:8f:52:dd:ad:e6:61:8d:e8:31:
                    db:9c:67:64:8c:53:6c:4f:f1:22:90:da:fc:cb:13:
                    e4:86:ac:cf:2e:4e:1b:8f:b4:2a:55:45:bf:ef:17:
                    d7:68:26:13:25:c4:04:49:40:56:7f:4c:5e:45:41:
                    26:21:4c:03:cb:87:68:5f:72:d8:1c:f3:52:20:89:
                    93:ee:23:87:1a:2e:1e:cb:b0:d0:3a:e7:09:a3:32:
                    8b:af:ce:0d:f1:0d:ab:e2:d5:d2:a7:c1:0c:65:1f:
                    0e:ff:55:01:6f:35:42:d8:fa:02:30:b4:14:f9:3a:
                    e8:e0:c3:72:a8:b4:6d:9e:79:f8:b7:20:62:0c:4c:
                    81:75:4b:c2:f2:37:5b:05:a9:2f:84:e4:27:cc:90:
                    e9:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:DA:9E:8A:A3:45:84:BC:9C:F0:0B:88:56:75:1A:5B:B5:02:0A:0A
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/RdqeiqNFhLyc8AuIVnUaW7UCCgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f039::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:ce:90:85:18:0a:6f:1f:76:bc:ba:3f:6c:80:a0:2f:91:d3:
         62:f2:d9:9f:da:95:fb:79:6a:9e:8f:35:ad:a5:89:50:30:7d:
         e5:d1:2c:10:40:7e:fc:aa:63:e8:fb:f7:0b:eb:8e:05:e6:ef:
         0d:78:10:df:0f:d4:37:4b:64:de:b5:92:30:a3:e3:13:83:c5:
         37:00:5d:06:50:43:4d:d7:eb:f2:de:fb:42:34:ac:26:82:b2:
         2b:9c:f1:2e:52:36:a5:86:8e:db:6b:dd:03:2b:98:f4:e6:74:
         9c:18:fd:54:84:3c:3c:cb:d5:ac:72:20:5b:54:a4:f5:19:84:
         a8:b2:be:d2:bb:cb:bd:ad:14:c5:09:92:35:1a:2e:d9:ee:09:
         fc:f6:d0:aa:c2:4d:93:9c:46:9e:f7:71:c6:3d:1c:b1:f6:c2:
         26:09:39:c2:e2:14:49:59:a6:4d:59:ee:72:c2:aa:77:9b:61:
         d2:f0:1d:80:81:a7:89:76:b6:53:c8:e4:d0:9d:be:c4:8a:5b:
         25:4b:5a:c0:51:d9:ba:5f:95:48:14:04:ec:03:b8:5c:48:0f:
         35:b1:40:ad:f3:5b:d0:10:df:c6:7f:10:10:ed:76:a5:c1:5f:
         1d:39:c2:a1:20:7c:e5:12:04:fc:c3:ec:ac:32:2c:14:aa:58:
         87:5b:64:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWMqLHdlXqMxTLyhb2QUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWRhOWU4YWEzNDU4NGJjOWNmMDBiODg1Njc1MWE1YmI1MDIwYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Efvgr+RDoIGB5S1b6x11+2TXCh7
IsnDqKrC1YyYj3Fx3bmob30GL1Dzz8Xa/xZsh0nI+9ikpZxFwPwu2PIJ7rag27Lk
iQaYvlK7ObN8HfxJTZgHOWne9dHaecsT6rPIy6Cbzi9KIn1bRm5vKpGPUt2t5mGN
6DHbnGdkjFNsT/EikNr8yxPkhqzPLk4bj7QqVUW/7xfXaCYTJcQESUBWf0xeRUEm
IUwDy4doX3LYHPNSIImT7iOHGi4ey7DQOucJozKLr84N8Q2r4tXSp8EMZR8O/1UB
bzVC2PoCMLQU+Tro4MNyqLRtnnn4tyBiDEyBdUvC8jdbBakvhOQnzJDpOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEXanoqjRYS8nPALiFZ1Glu1AgoKMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvUmRxZWlxTkZoTHljOEF1SVZuVWFXN1VDQ2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvA5
MA0GCSqGSIb3DQEBCwUAA4IBAQBkzpCFGApvH3a8uj9sgKAvkdNi8tmf2pX7eWqe
jzWtpYlQMH3l0SwQQH78qmPo+/cL644F5u8NeBDfD9Q3S2TetZIwo+MTg8U3AF0G
UENN1+vy3vtCNKwmgrIrnPEuUjalho7ba90DK5j05nScGP1UhDw8y9WsciBbVKT1
GYSosr7Su8u9rRTFCZI1Gi7Z7gn89tCqwk2TnEae93HGPRyx9sImCTnC4hRJWaZN
We5ywqp3m2HS8B2AgaeJdrZTyOTQnb7EilslS1rAUdm6X5VIFATsA7hcSA81sUCt
81vQEN/GfxAQ7XalwV8dOcKhIHzlEgT8w+ysMiwUqliHW2Ss
-----END CERTIFICATE-----