Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UhZlPNdmppeG0EuqrlhDTHAx_o8.roa
File:                     UhZlPNdmppeG0EuqrlhDTHAx_o8.roa (raw, json)
Hash identifier:          RDWdydql3HCHBxrdUd76Yr2twSJci/76C46Opabh6cI=
Subject key identifier:   52:16:65:3C:D7:66:A6:97:86:D0:4B:AA:AE:58:43:4C:70:31:FE:8F
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       0192B836461F819459FA92EF724DFE42D19D
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UhZlPNdmppeG0EuqrlhDTHAx_o8.roa
Signing time:             Wed 23 Oct 2024 07:10:17 +0000
ROA not before:           Wed 23 Oct 2024 07:10:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214901
IP address blocks:        2a0e:8f02:f070::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 04:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:36:46:1f:81:94:59:fa:92:ef:72:4d:fe:42:d1:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Oct 23 07:10:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5216653cd766a69786d04baaae58434c7031fe8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ba:1c:01:2d:81:e3:f1:d6:07:bc:dd:ad:9e:
                    3a:a4:56:50:a3:c4:af:cf:15:a8:41:95:34:bf:3e:
                    72:5f:44:1d:d2:88:c9:f1:e2:a5:00:45:3e:f0:ae:
                    1e:b8:dc:db:46:6d:6b:0b:d6:34:bc:7d:fb:6a:e9:
                    69:98:3e:a6:16:5e:91:36:2c:53:1d:b0:55:d8:a5:
                    27:f6:10:22:0d:dc:51:b7:17:27:71:ee:c3:49:3e:
                    5b:33:47:45:dc:99:ad:bd:99:24:32:b6:9c:6e:11:
                    71:e7:ea:bf:97:e6:c4:bd:25:00:b4:a8:5d:18:89:
                    2e:e2:f8:05:6b:15:ac:64:11:60:c5:76:8d:3e:ec:
                    6b:3b:93:be:d2:f0:43:70:33:9d:23:35:f8:c0:bc:
                    9f:d2:51:f6:26:f9:ef:76:fe:ff:85:2b:90:29:27:
                    a9:20:96:58:de:80:20:1f:85:22:0f:44:1e:c5:19:
                    a5:30:fc:ae:82:c3:93:3e:e3:fc:e9:32:ab:4b:c5:
                    5d:48:7e:59:49:0a:ef:5d:5a:67:e1:cd:63:7c:bd:
                    59:9e:c1:fe:c8:56:b0:6f:89:f4:db:4e:0d:0c:a1:
                    57:99:66:b0:aa:74:28:5e:9c:58:c9:c1:70:49:1c:
                    01:85:e5:9c:b9:a6:6e:d0:6d:65:43:d0:76:56:a3:
                    f6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:16:65:3C:D7:66:A6:97:86:D0:4B:AA:AE:58:43:4C:70:31:FE:8F
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UhZlPNdmppeG0EuqrlhDTHAx_o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f070::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:42:4a:e7:fa:00:a5:4d:7b:c3:22:ad:04:e4:68:01:3f:59:
         aa:4b:c6:79:07:50:3f:57:e8:04:9d:98:74:33:5e:d5:78:96:
         22:a1:84:35:9b:c1:9d:1a:e6:4e:17:e6:1c:1b:11:0e:80:7e:
         dc:d9:95:8a:9c:1e:3f:a7:f8:d2:59:55:02:a5:ce:89:d8:57:
         e7:80:fc:51:ee:e1:0a:1e:f6:45:d4:55:d6:df:a3:ee:c4:15:
         25:c6:bc:8b:73:94:a2:46:7e:9e:b3:cb:6e:5a:d6:a1:cb:9b:
         d2:46:57:d6:3b:fb:66:7c:3b:a8:b2:75:39:f3:68:77:48:4b:
         f1:23:1b:90:13:b0:3d:22:81:0f:54:70:c0:fd:82:62:ce:74:
         bb:a1:91:2c:2f:d5:cf:6c:10:00:7b:c7:21:e3:e5:ad:ef:8f:
         a0:19:cb:62:58:bb:bd:1f:1c:49:1c:c0:82:f5:8a:f7:c3:97:
         15:f7:03:d7:ff:61:33:79:51:a8:ee:a0:67:a9:99:11:6b:d9:
         a4:09:b4:43:f6:84:66:2c:d1:01:ad:6a:6b:38:6c:75:ae:ae:
         d3:6d:ae:93:9d:89:a2:7c:93:cc:d7:af:7e:fb:1b:37:1d:a0:
         59:d0:26:ce:cb:f5:ef:b4:4c:86:af:02:ee:70:39:27:b0:16:
         5c:90:d3:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZK4NkYfgZRZ+pLvck3+QtGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQxMDIzMDcxMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjE2NjUzY2Q3NjZhNjk3ODZkMDRiYWFhZTU4NDM0YzcwMzFmZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLocAS2B4/HWB7zdrZ46pFZQo8Sv
zxWoQZU0vz5yX0Qd0ojJ8eKlAEU+8K4euNzbRm1rC9Y0vH37aulpmD6mFl6RNixT
HbBV2KUn9hAiDdxRtxcnce7DST5bM0dF3JmtvZkkMracbhFx5+q/l+bEvSUAtKhd
GIku4vgFaxWsZBFgxXaNPuxrO5O+0vBDcDOdIzX4wLyf0lH2Jvnvdv7/hSuQKSep
IJZY3oAgH4UiD0QexRmlMPyugsOTPuP86TKrS8VdSH5ZSQrvXVpn4c1jfL1ZnsH+
yFawb4n0204NDKFXmWawqnQoXpxYycFwSRwBheWcuaZu0G1lQ9B2VqP2IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFIWZTzXZqaXhtBLqq5YQ0xwMf6PMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVWhabFBOZG1wcGVHMEV1cXJsaERUSEF4X284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBw
MA0GCSqGSIb3DQEBCwUAA4IBAQCdQkrn+gClTXvDIq0E5GgBP1mqS8Z5B1A/V+gE
nZh0M17VeJYioYQ1m8GdGuZOF+YcGxEOgH7c2ZWKnB4/p/jSWVUCpc6J2FfngPxR
7uEKHvZF1FXW36PuxBUlxryLc5SiRn6es8tuWtahy5vSRlfWO/tmfDuosnU582h3
SEvxIxuQE7A9IoEPVHDA/YJiznS7oZEsL9XPbBAAe8ch4+Wt74+gGctiWLu9HxxJ
HMCC9Yr3w5cV9wPX/2EzeVGo7qBnqZkRa9mkCbRD9oRmLNEBrWprOGx1rq7Tba6T
nYmifJPM169++xs3HaBZ0CbOy/XvtEyGrwLucDknsBZckNPk
-----END CERTIFICATE-----