Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/Sa6rB6IxcP_AZr7yKYGsR0Ev4XU.roa
File:                     Sa6rB6IxcP_AZr7yKYGsR0Ev4XU.roa (raw, json)
Hash identifier:          AMtxRcg76hBkUgrpzJ6LhDqm83wRFa7qtpBuEu3/X/I=
Subject key identifier:   49:AE:AB:07:A2:31:70:FF:C0:66:BE:F2:29:81:AC:47:41:2F:E1:75
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295D59181022CB67EF70EA40047283
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/Sa6rB6IxcP_AZr7yKYGsR0Ev4XU.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204406
IP address blocks:        2a0e:8f02:f04b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5d:59:18:10:22:cb:67:ef:70:ea:40:04:72:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49aeab07a23170ffc066bef22981ac47412fe175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:09:04:96:0e:d6:d4:90:d6:af:f4:7d:b8:1a:
                    4d:4a:ef:5f:c0:47:ee:53:0c:c3:b5:79:b5:31:26:
                    57:0a:b5:f1:ce:96:1c:c2:8f:83:bf:7a:dd:81:23:
                    53:53:6f:9a:79:14:5b:df:7c:c9:1d:bf:0a:ec:63:
                    52:11:8e:92:37:91:61:10:58:ae:be:c9:b1:cd:47:
                    f5:46:13:bb:79:00:2e:07:6c:98:bb:ff:6e:f1:4f:
                    fd:7a:e4:39:83:ab:c4:73:ff:34:ba:82:7a:76:53:
                    c2:c8:5f:3b:28:0b:c2:bf:d5:a4:ca:7f:d9:8a:66:
                    62:2f:ba:dd:22:79:82:84:32:ce:2a:87:6a:71:26:
                    77:55:75:13:8f:26:31:e8:40:13:1a:db:92:4a:00:
                    03:9c:23:d4:8b:70:61:17:30:b8:ba:6b:0b:22:e5:
                    22:c6:76:22:5d:62:96:53:8d:61:d0:30:5f:72:f5:
                    2c:a1:02:43:ef:f5:a3:bf:66:42:7a:40:6f:00:24:
                    3e:b5:80:f7:b3:ec:ca:19:0c:56:d3:2b:f2:28:59:
                    a4:52:44:a0:f6:f1:f1:da:8a:3e:0a:2a:57:d7:f6:
                    f8:2f:4a:26:8c:d4:77:52:41:6a:24:72:7b:ce:fd:
                    b7:db:db:0c:d7:bb:01:e9:d5:92:17:17:b0:34:3e:
                    6b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:AE:AB:07:A2:31:70:FF:C0:66:BE:F2:29:81:AC:47:41:2F:E1:75
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/Sa6rB6IxcP_AZr7yKYGsR0Ev4XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f04b::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:21:ad:3c:7f:82:f0:8b:78:b3:93:6c:91:43:2a:28:a4:70:
         41:a0:cb:aa:2d:3e:a8:71:fb:27:02:75:22:55:53:4e:6e:7f:
         5b:b9:95:af:9d:b5:b5:3d:df:69:a7:a4:22:02:c8:ff:e4:9f:
         6a:82:27:ad:42:82:e2:93:0e:99:8d:8b:d0:27:07:71:df:db:
         6b:8e:45:6e:7f:f1:c3:11:19:ef:a7:0c:39:3b:9c:1c:3d:58:
         f8:bf:39:da:4d:c9:44:c6:c1:99:40:2f:8a:18:94:f7:42:a4:
         91:92:d2:84:72:6f:fe:8b:90:10:fb:4a:08:40:1a:c7:03:34:
         bb:24:bf:90:5f:5d:53:87:1c:f3:e1:81:86:df:08:56:d4:1d:
         ac:c2:bb:d0:50:ab:15:df:b6:d1:f3:ad:07:b5:8f:e5:12:b8:
         31:d7:55:02:58:23:2c:3b:73:52:45:10:8c:9b:af:b2:b9:40:
         33:e7:f9:7c:4b:1b:9a:3c:4d:3e:af:3a:26:e3:8a:49:cf:23:
         77:e9:e4:24:d1:34:c8:43:80:b5:38:36:dc:db:22:dd:62:04:
         94:9c:af:81:9b:f9:73:a2:89:36:e5:b0:f7:fe:02:db:cd:fc:
         ba:f8:fc:95:c0:fd:b7:c7:8d:48:ec:ae:e9:0c:32:b4:72:ea:
         57:f1:8a:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKV1ZGBAiy2fvcOpABHKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWFlYWIwN2EyMzE3MGZmYzA2NmJlZjIyOTgxYWM0NzQxMmZlMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8QkElg7W1JDWr/R9uBpNSu9fwEfu
UwzDtXm1MSZXCrXxzpYcwo+Dv3rdgSNTU2+aeRRb33zJHb8K7GNSEY6SN5FhEFiu
vsmxzUf1RhO7eQAuB2yYu/9u8U/9euQ5g6vEc/80uoJ6dlPCyF87KAvCv9Wkyn/Z
imZiL7rdInmChDLOKodqcSZ3VXUTjyYx6EATGtuSSgADnCPUi3BhFzC4umsLIuUi
xnYiXWKWU41h0DBfcvUsoQJD7/Wjv2ZCekBvACQ+tYD3s+zKGQxW0yvyKFmkUkSg
9vHx2oo+CipX1/b4L0omjNR3UkFqJHJ7zv2329sM17sB6dWSFxewND5r8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEmuqweiMXD/wGa+8imBrEdBL+F1MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvU2E2ckI2SXhjUF9BWnI3eUtZR3NSMEV2NFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBL
MA0GCSqGSIb3DQEBCwUAA4IBAQArIa08f4Lwi3izk2yRQyoopHBBoMuqLT6ocfsn
AnUiVVNObn9buZWvnbW1Pd9pp6QiAsj/5J9qgietQoLikw6ZjYvQJwdx39trjkVu
f/HDERnvpww5O5wcPVj4vznaTclExsGZQC+KGJT3QqSRktKEcm/+i5AQ+0oIQBrH
AzS7JL+QX11Thxzz4YGG3whW1B2swrvQUKsV37bR860HtY/lErgx11UCWCMsO3NS
RRCMm6+yuUAz5/l8SxuaPE0+rzom44pJzyN36eQk0TTIQ4C1ODbc2yLdYgSUnK+B
m/lzook25bD3/gLbzfy6+PyVwP23x41I7K7pDDK0cupX8Yrs
-----END CERTIFICATE-----