Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ZZFJX3BrWkWHI5zTaYf9rZgfvK0.roa
File:                     ZZFJX3BrWkWHI5zTaYf9rZgfvK0.roa (raw, json)
Hash identifier:          m2eWJNWw9chfCSuHZ9xVz8Xt2LZOFmZQU1Hv5Q3uBl0=
Subject key identifier:   65:91:49:5F:70:6B:5A:45:87:23:9C:D3:69:87:FD:AD:98:1F:BC:AD
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2955CA9F7A5EAD6646BCE9007D8F0C
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ZZFJX3BrWkWHI5zTaYf9rZgfvK0.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49933
IP address blocks:        2a0e:8f00:f100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:55:ca:9f:7a:5e:ad:66:46:bc:e9:00:7d:8f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6591495f706b5a4587239cd36987fdad981fbcad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:82:96:8b:27:4f:20:25:fa:f8:98:5b:f1:c4:
                    c4:33:58:15:81:76:6d:95:4b:b1:83:47:56:96:69:
                    3d:22:1a:87:fb:02:6b:ed:8d:0b:00:fe:28:eb:85:
                    30:43:1d:59:bb:78:52:34:1e:b0:3c:03:a1:ca:a8:
                    c9:f4:d0:20:27:93:7e:c8:cd:86:49:e0:99:3e:87:
                    48:6b:ac:9e:4e:89:44:0e:3c:7d:ca:12:0b:e9:39:
                    87:a8:e1:51:11:81:e9:6a:95:04:3b:87:c7:bd:22:
                    43:b5:ed:96:2b:fe:90:d9:ad:f8:48:95:f2:a4:fb:
                    bd:b5:89:98:a4:97:23:d7:0c:66:a7:cc:5f:5d:97:
                    72:92:a6:4f:63:3b:ad:65:89:5e:60:ef:04:d3:03:
                    9c:e3:71:d7:fc:e3:fa:05:1a:b6:75:c2:27:8e:2d:
                    8a:4d:86:83:1f:01:6b:60:48:3f:cd:8b:3d:76:09:
                    e5:0f:58:44:90:74:80:bf:a2:67:6c:d1:4d:86:95:
                    18:ee:da:e0:db:52:bf:0f:17:cd:a9:0f:65:49:eb:
                    ab:d6:4f:6d:f9:ad:55:a7:9e:48:56:32:a9:88:69:
                    0e:80:a1:4b:45:78:ed:73:93:26:74:55:5a:88:7c:
                    77:33:4f:b0:1b:ac:52:25:44:57:32:7b:4b:78:06:
                    b4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:91:49:5F:70:6B:5A:45:87:23:9C:D3:69:87:FD:AD:98:1F:BC:AD
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ZZFJX3BrWkWHI5zTaYf9rZgfvK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f00:f100::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:0c:2f:b1:b3:d9:78:27:5f:55:79:fe:e9:93:f4:63:32:49:
         25:a2:1c:55:bb:1b:34:08:ff:c6:9e:5e:26:8d:40:29:0e:8a:
         e2:dd:c3:8e:f6:8a:e7:0c:27:60:7a:df:ad:a0:9d:4d:70:e7:
         38:e1:e7:b9:4f:a1:32:83:d8:80:f9:da:7e:ed:52:19:ad:88:
         09:58:a0:c7:14:c1:26:fc:e5:7f:80:15:3f:09:dc:d8:c2:ad:
         15:68:95:65:ba:fb:66:6f:33:b3:39:3d:52:31:48:e2:27:0a:
         8a:f2:aa:88:46:ba:20:94:c5:d7:c4:c7:43:c3:f1:c8:e0:17:
         82:e9:96:48:e7:3e:b4:3e:7a:d9:f6:fd:b6:9f:9d:04:4b:6f:
         47:cc:f7:4c:25:f0:43:ea:17:99:6e:5b:93:86:f6:04:b2:56:
         f8:5e:24:b9:24:41:15:0f:1b:14:a1:3b:45:5c:2a:46:ce:b1:
         7e:36:ba:28:a0:89:8a:45:1a:c5:dc:3a:55:88:7a:74:38:42:
         1d:8f:38:d4:d9:17:4d:ad:2b:f3:0b:c6:56:16:f5:66:63:a5:
         43:6c:32:68:02:72:5d:8c:74:e9:0b:fa:3c:47:e1:36:0d:2a:
         48:da:80:cc:d9:32:60:49:f9:87:1f:fc:d9:db:fe:5f:c3:22:
         bb:60:6f:49
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKVXKn3perWZGvOkAfY8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTkxNDk1ZjcwNmI1YTQ1ODcyMzljZDM2OTg3ZmRhZDk4MWZiY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4KWiydPICX6+Jhb8cTEM1gVgXZt
lUuxg0dWlmk9IhqH+wJr7Y0LAP4o64UwQx1Zu3hSNB6wPAOhyqjJ9NAgJ5N+yM2G
SeCZPodIa6yeTolEDjx9yhIL6TmHqOFREYHpapUEO4fHvSJDte2WK/6Q2a34SJXy
pPu9tYmYpJcj1wxmp8xfXZdykqZPYzutZYleYO8E0wOc43HX/OP6BRq2dcInji2K
TYaDHwFrYEg/zYs9dgnlD1hEkHSAv6JnbNFNhpUY7trg21K/DxfNqQ9lSeur1k9t
+a1Vp55IVjKpiGkOgKFLRXjtc5MmdFVaiHx3M0+wG6xSJURXMntLeAa0CQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGWRSV9wa1pFhyOc02mH/a2YH7ytMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvWlpGSlgzQnJXa1dISTV6VGFZZjlyWmdmdkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg6PAPEw
DQYJKoZIhvcNAQELBQADggEBACQML7Gz2XgnX1V5/umT9GMySSWiHFW7GzQI/8ae
XiaNQCkOiuLdw472iucMJ2B6362gnU1w5zjh57lPoTKD2ID52n7tUhmtiAlYoMcU
wSb85X+AFT8J3NjCrRVolWW6+2ZvM7M5PVIxSOInCoryqohGuiCUxdfEx0PD8cjg
F4LplkjnPrQ+etn2/bafnQRLb0fM90wl8EPqF5luW5OG9gSyVvheJLkkQRUPGxSh
O0VcKkbOsX42uiigiYpFGsXcOlWIenQ4Qh2PONTZF02tK/MLxlYW9WZjpUNsMmgC
cl2MdOkL+jxH4TYNKkjagMzZMmBJ+Ycf/Nnb/l/DIrtgb0k=
-----END CERTIFICATE-----