Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SL40tgaA3ZEX8DSeAjUY7X9oj8E.roa
File:                     SL40tgaA3ZEX8DSeAjUY7X9oj8E.roa (raw, json)
Hash identifier:          vGz7X69bLaGgMyi5xM+Y0JkQWnWcEgccBqVQAIW3p5k=
Subject key identifier:   48:BE:34:B6:06:80:DD:91:17:F0:34:9E:02:35:18:ED:7F:68:8F:C1
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29612D051D339A2CFEE0CBDBFC6261
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SL40tgaA3ZEX8DSeAjUY7X9oj8E.roa
Signing time:             Tue 02 Jan 2024 12:32:38 +0000
ROA not before:           Tue 02 Jan 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208137
IP address blocks:        2a0e:8f02:f03c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:61:2d:05:1d:33:9a:2c:fe:e0:cb:db:fc:62:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48be34b60680dd9117f0349e023518ed7f688fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:45:68:ad:9b:d9:17:b3:4b:a4:03:c8:2d:b9:
                    3f:c2:85:cf:2e:c3:a6:04:4e:7d:9d:eb:0c:00:11:
                    c7:2e:8c:39:80:e5:05:ef:6a:49:fe:60:b8:c5:3c:
                    aa:f9:b9:bd:2a:81:5f:94:6e:42:c9:80:06:1e:c2:
                    6a:6e:26:ec:88:28:34:5d:4c:8a:a3:ce:40:e6:be:
                    89:ca:35:0d:dc:d2:4e:b0:95:0f:b5:36:9f:5f:51:
                    e9:68:19:88:09:aa:9a:3c:40:b7:e3:d3:ff:fe:c9:
                    74:3a:a9:a3:52:be:7c:17:f9:fc:9d:13:08:5f:3f:
                    52:ea:00:ab:f8:71:cd:9b:b7:e8:32:bb:68:3d:22:
                    72:b4:6c:af:ae:a9:8e:7b:c9:48:d9:69:0d:88:58:
                    15:9a:65:b3:5e:a8:e0:ed:4d:74:81:7d:67:d5:7c:
                    e7:d4:5c:31:da:e7:61:f8:3c:da:9a:79:14:b7:85:
                    21:ff:35:44:e3:21:5c:9c:b3:01:29:b9:a7:45:50:
                    7e:50:a6:ca:fb:d3:eb:fd:d0:f1:0e:9c:fb:d4:13:
                    97:b1:30:d4:e1:01:32:82:e9:ca:57:39:2c:46:5c:
                    09:ee:02:2a:a7:d0:af:b0:e8:77:a3:0a:34:8e:66:
                    46:84:d1:59:30:be:43:38:a3:4d:22:68:86:96:ab:
                    7e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BE:34:B6:06:80:DD:91:17:F0:34:9E:02:35:18:ED:7F:68:8F:C1
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SL40tgaA3ZEX8DSeAjUY7X9oj8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f03c::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:eb:df:17:71:a1:10:40:26:88:d1:69:7a:75:ca:a2:9c:85:
         b8:3a:82:ff:48:f6:b2:89:49:8d:a4:60:c6:b4:72:e1:7c:47:
         cb:b9:a1:44:e5:f4:0d:6f:b6:9a:05:f1:c0:ff:d5:96:62:8d:
         28:ec:bb:ad:75:e4:4b:67:8e:6f:f2:0b:70:a2:c5:d2:2a:68:
         b9:f3:0f:e2:48:d8:bf:69:b1:66:59:57:cc:f0:a7:e8:f3:dc:
         23:da:d1:8b:13:9a:20:89:d3:17:2c:c1:ee:ef:01:cb:27:34:
         45:51:9b:cb:c7:7e:f4:76:73:d7:c2:12:41:67:03:33:fa:e2:
         23:7a:b8:0a:6e:ce:f9:28:96:32:15:26:eb:d8:d9:df:f1:c7:
         02:d3:c3:18:af:16:8a:b9:4b:3d:e0:63:39:58:fd:c2:cd:2b:
         9d:f1:7b:15:b3:66:d2:c8:47:5e:bb:38:89:9b:79:63:4e:a1:
         a3:ec:ca:df:f2:cc:fd:65:03:f8:da:bb:91:88:76:2b:12:a4:
         c4:28:41:e4:f8:1c:d2:c5:67:c3:ea:ea:50:f5:15:b0:32:c0:
         5c:76:8e:74:95:98:6e:90:80:53:47:91:de:4d:bc:e3:80:3d:
         27:9e:47:c0:c2:ad:17:36:c4:14:45:40:62:2e:a3:2f:f9:d2:
         0f:e0:ff:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWEtBR0zmiz+4Mvb/GJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGJlMzRiNjA2ODBkZDkxMTdmMDM0OWUwMjM1MThlZDdmNjg4ZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkVorZvZF7NLpAPILbk/woXPLsOm
BE59nesMABHHLow5gOUF72pJ/mC4xTyq+bm9KoFflG5CyYAGHsJqbibsiCg0XUyK
o85A5r6JyjUN3NJOsJUPtTafX1HpaBmICaqaPEC349P//sl0OqmjUr58F/n8nRMI
Xz9S6gCr+HHNm7foMrtoPSJytGyvrqmOe8lI2WkNiFgVmmWzXqjg7U10gX1n1Xzn
1Fwx2udh+DzamnkUt4Uh/zVE4yFcnLMBKbmnRVB+UKbK+9Pr/dDxDpz71BOXsTDU
4QEygunKVzksRlwJ7gIqp9CvsOh3owo0jmZGhNFZML5DOKNNImiGlqt+CwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEi+NLYGgN2RF/A0ngI1GO1/aI/BMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvU0w0MHRnYUEzWkVYOERTZUFqVVk3WDlvajhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvA8
MA0GCSqGSIb3DQEBCwUAA4IBAQBB698XcaEQQCaI0Wl6dcqinIW4OoL/SPayiUmN
pGDGtHLhfEfLuaFE5fQNb7aaBfHA/9WWYo0o7LutdeRLZ45v8gtwosXSKmi58w/i
SNi/abFmWVfM8Kfo89wj2tGLE5ogidMXLMHu7wHLJzRFUZvLx370dnPXwhJBZwMz
+uIjergKbs75KJYyFSbr2Nnf8ccC08MYrxaKuUs94GM5WP3CzSud8XsVs2bSyEde
uziJm3ljTqGj7Mrf8sz9ZQP42ruRiHYrEqTEKEHk+BzSxWfD6upQ9RWwMsBcdo50
lZhukIBTR5HeTbzjgD0nnkfAwq0XNsQURUBiLqMv+dIP4P9N
-----END CERTIFICATE-----