Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UrY25FdpJVLhoXZb3uCCfBT18gA.roa
File:                     UrY25FdpJVLhoXZb3uCCfBT18gA.roa (raw, json)
Hash identifier:          YwJERCv8bOFQ8ZmGeuNZZYhhAJSQFQLm4ubSbmBkc1M=
Subject key identifier:   52:B6:36:E4:57:69:25:52:E1:A1:76:5B:DE:E0:82:7C:14:F5:F2:00
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29600A14503DC35CEA76D794C15DD7
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UrY25FdpJVLhoXZb3uCCfBT18gA.roa
Signing time:             Tue 02 Jan 2024 12:32:38 +0000
ROA not before:           Tue 02 Jan 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207618
IP address blocks:        2a0e:8f02:21c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:60:0a:14:50:3d:c3:5c:ea:76:d7:94:c1:5d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52b636e457692552e1a1765bdee0827c14f5f200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:21:15:61:32:98:41:a1:7e:00:a4:b3:78:f5:
                    5c:2a:13:5e:41:03:ac:1f:67:34:dd:9a:af:56:8b:
                    d3:60:96:c1:8d:68:bb:4e:8c:b4:cb:3a:f6:1e:24:
                    81:5c:fe:8a:bc:a1:6d:5e:d0:2c:e1:0e:92:b8:ff:
                    a4:2c:06:8d:e9:2c:6e:70:f0:c3:2a:a0:ad:14:b6:
                    3f:05:2c:53:5a:5f:28:c1:46:8c:03:53:b1:b9:a6:
                    de:d1:91:e0:20:bc:fc:34:fe:2b:0d:5c:ed:87:18:
                    17:a8:03:3a:b8:36:68:b2:c8:5c:29:55:3b:00:09:
                    f6:64:3b:f4:54:49:ff:71:4d:65:55:be:fa:c1:8c:
                    dc:3d:ee:d5:ab:06:de:de:20:cb:be:60:ed:79:91:
                    8b:b9:72:84:09:40:4d:cd:b2:6f:b8:a3:80:42:69:
                    ee:cf:5a:25:e3:0d:71:1e:27:2e:06:f2:61:0c:2b:
                    8b:bb:6b:6b:6a:a4:11:16:aa:41:90:3c:e9:ba:1d:
                    97:5b:d3:36:aa:f1:a0:2e:6f:f5:b1:4e:26:54:fd:
                    0d:25:9c:fe:04:ba:00:9a:18:8f:c4:e1:39:30:61:
                    07:ba:1b:e8:ee:1d:d8:ee:bf:a0:19:29:e3:94:1d:
                    ea:18:5e:5e:6f:44:dd:6b:f0:b4:00:f0:f9:1f:1d:
                    fa:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B6:36:E4:57:69:25:52:E1:A1:76:5B:DE:E0:82:7C:14:F5:F2:00
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UrY25FdpJVLhoXZb3uCCfBT18gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:21c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:7f:7d:0b:02:62:30:6e:20:24:af:ca:e4:c4:01:21:57:08:
         d1:e5:7c:e5:c4:89:ee:a5:9c:d3:10:80:0a:78:43:1b:b8:34:
         ed:8b:af:57:85:72:76:02:6b:a8:b7:5a:fb:f0:fb:df:ed:5f:
         1f:10:76:7e:a3:b5:fc:5d:f9:cb:80:cb:06:df:df:1d:23:bc:
         75:a9:ab:7b:ce:ef:44:00:84:a0:5f:19:ee:b8:3b:64:0a:69:
         86:40:d0:73:d3:98:52:57:81:dc:bd:da:30:4c:41:80:74:a2:
         9d:af:7d:a9:79:9a:2f:b0:68:27:09:e5:17:18:6a:99:8a:9f:
         30:4b:64:27:32:ad:1d:b3:05:38:2b:fe:bc:5b:87:95:5e:62:
         3b:0a:d9:b2:80:13:67:12:07:ca:7a:30:58:7e:21:bc:99:0c:
         00:ab:b3:84:0b:a6:ba:3d:3d:39:03:7d:32:e2:f1:92:f8:45:
         85:54:57:7d:ff:18:29:04:8b:e3:b2:e4:ec:b6:60:3f:ba:db:
         d5:d2:c9:78:56:ec:30:3f:0b:55:52:2f:be:37:d7:87:1f:92:
         1f:5f:c1:f1:12:44:86:c4:cb:96:21:df:b7:7a:cb:92:10:01:
         04:9e:87:fb:f1:a7:c3:cf:ee:ca:a0:ec:ba:49:97:95:35:f5:
         92:ab:c0:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWAKFFA9w1zqdteUwV3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmI2MzZlNDU3NjkyNTUyZTFhMTc2NWJkZWUwODI3YzE0ZjVmMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCEVYTKYQaF+AKSzePVcKhNeQQOs
H2c03ZqvVovTYJbBjWi7Toy0yzr2HiSBXP6KvKFtXtAs4Q6SuP+kLAaN6SxucPDD
KqCtFLY/BSxTWl8owUaMA1Oxuabe0ZHgILz8NP4rDVzthxgXqAM6uDZosshcKVU7
AAn2ZDv0VEn/cU1lVb76wYzcPe7Vqwbe3iDLvmDteZGLuXKECUBNzbJvuKOAQmnu
z1ol4w1xHicuBvJhDCuLu2traqQRFqpBkDzpuh2XW9M2qvGgLm/1sU4mVP0NJZz+
BLoAmhiPxOE5MGEHuhvo7h3Y7r+gGSnjlB3qGF5eb0Tda/C0APD5Hx36dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFK2NuRXaSVS4aF2W97ggnwU9fIAMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVXJZMjVGZHBKVkxob1haYjN1Q0NmQlQxOGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiHA
MA0GCSqGSIb3DQEBCwUAA4IBAQARf30LAmIwbiAkr8rkxAEhVwjR5XzlxInupZzT
EIAKeEMbuDTti69XhXJ2Amuot1r78Pvf7V8fEHZ+o7X8XfnLgMsG398dI7x1qat7
zu9EAISgXxnuuDtkCmmGQNBz05hSV4HcvdowTEGAdKKdr32peZovsGgnCeUXGGqZ
ip8wS2QnMq0dswU4K/68W4eVXmI7CtmygBNnEgfKejBYfiG8mQwAq7OEC6a6PT05
A30y4vGS+EWFVFd9/xgpBIvjsuTstmA/utvV0sl4VuwwPwtVUi++N9eHH5IfX8Hx
EkSGxMuWId+3esuSEAEEnof78afDz+7KoOy6SZeVNfWSq8Bi
-----END CERTIFICATE-----