Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/fC84A_E7YvYfcJ7Men_RnD0U0Ys.roa
File:                     fC84A_E7YvYfcJ7Men_RnD0U0Ys.roa (raw, json)
Hash identifier:          9x2zYZD+5t2V5fcF6cFixI3WJmfPuGyrqhacnT9xAPY=
Subject key identifier:   7C:2F:38:03:F1:3B:62:F6:1F:70:9E:CC:7A:7F:D1:9C:3D:14:D1:8B
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296F35833ECB157E9ABF6C06B4C72D
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/fC84A_E7YvYfcJ7Men_RnD0U0Ys.roa
Signing time:             Tue 02 Jan 2024 12:32:42 +0000
ROA not before:           Tue 02 Jan 2024 12:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212279
IP address blocks:        2a0e:8f02:f013::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:6f:35:83:3e:cb:15:7e:9a:bf:6c:06:b4:c7:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c2f3803f13b62f61f709ecc7a7fd19c3d14d18b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0a:d9:aa:00:a6:f2:ea:00:b6:bb:74:2e:8f:
                    8f:c3:07:4e:82:59:58:3f:16:d5:85:8b:ec:46:d8:
                    35:0d:95:49:7a:f0:ec:91:64:1f:17:04:f7:8d:96:
                    39:6b:8f:c2:4e:72:b9:6e:69:72:09:89:b0:1a:8f:
                    d9:e8:b4:eb:fa:bd:74:65:41:27:1c:fe:b7:16:02:
                    6c:62:ef:42:c9:8d:56:6b:a6:e6:f7:1e:d6:7a:80:
                    d3:82:3c:61:02:ea:9d:bd:e9:bd:b0:a0:c4:ef:49:
                    c2:ab:f7:da:34:b2:91:ae:e1:fd:f2:1e:f9:0d:43:
                    fa:60:56:d3:1b:60:6b:22:c0:aa:56:7e:97:42:f7:
                    08:8b:93:f6:2c:8c:f9:56:7c:b5:9b:92:ff:58:29:
                    04:39:39:93:4e:14:6d:1c:d6:b4:78:ca:a4:36:50:
                    80:d9:a8:1d:75:43:47:5d:c2:93:6b:1c:e6:ba:af:
                    b9:16:25:f4:c2:de:c8:a6:5d:d5:45:9f:0f:9f:06:
                    98:81:69:fd:c4:ed:73:c8:6b:05:b2:cf:3f:31:2f:
                    7e:6c:6d:17:94:79:f0:5d:79:79:a3:86:a2:dc:05:
                    a1:e7:20:b4:85:f8:46:b4:f9:35:a0:dd:e3:38:e7:
                    41:51:67:2d:ff:fa:49:b5:55:38:79:bd:41:0e:30:
                    bd:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:2F:38:03:F1:3B:62:F6:1F:70:9E:CC:7A:7F:D1:9C:3D:14:D1:8B
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/fC84A_E7YvYfcJ7Men_RnD0U0Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f013::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:17:72:ac:73:92:f6:5e:30:8f:be:eb:bd:11:07:38:ba:a6:
         30:da:cb:fb:6a:7e:3d:bb:f8:10:87:06:76:9f:0b:40:48:e9:
         06:51:8c:f9:72:b8:c4:2f:0e:75:cc:9c:77:08:ad:e4:ad:2f:
         b5:48:2a:b4:91:a3:10:e5:99:8e:af:7d:6c:93:ab:eb:f2:41:
         be:0d:9f:86:55:84:f5:4e:6d:00:83:da:5f:b3:ca:31:d0:7c:
         89:02:e0:02:38:ba:c1:ce:4e:69:9f:f6:6f:5f:38:df:cd:d0:
         d6:67:0b:d4:e1:75:ba:79:fe:f6:50:62:8e:c4:fe:4c:cc:fc:
         aa:e2:46:5b:f1:62:2f:a5:43:b9:3f:84:65:7b:96:37:3d:4a:
         aa:09:6e:a0:18:8e:d6:fd:f3:35:4f:9c:2d:69:6d:9e:f7:af:
         4e:57:c7:93:98:58:00:21:13:9c:f7:00:ea:9e:44:72:03:dd:
         bc:d1:8c:34:89:c7:a1:e3:bc:6c:3f:6e:dc:aa:d8:39:5f:7d:
         05:ed:fc:9e:fc:6c:f7:76:1e:90:78:cb:56:15:f1:90:e5:58:
         30:59:11:e3:22:5e:84:8f:b6:1b:2f:b4:dc:34:71:de:cc:06:
         77:34:13:ee:7d:df:a8:03:e3:56:f5:69:08:ef:68:50:e7:11:
         98:72:f6:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKW81gz7LFX6av2wGtMctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzJmMzgwM2YxM2I2MmY2MWY3MDllY2M3YTdmZDE5YzNkMTRkMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgArZqgCm8uoAtrt0Lo+PwwdOgllY
PxbVhYvsRtg1DZVJevDskWQfFwT3jZY5a4/CTnK5bmlyCYmwGo/Z6LTr+r10ZUEn
HP63FgJsYu9CyY1Wa6bm9x7WeoDTgjxhAuqdvem9sKDE70nCq/faNLKRruH98h75
DUP6YFbTG2BrIsCqVn6XQvcIi5P2LIz5Vny1m5L/WCkEOTmTThRtHNa0eMqkNlCA
2agddUNHXcKTaxzmuq+5FiX0wt7Ipl3VRZ8PnwaYgWn9xO1zyGsFss8/MS9+bG0X
lHnwXXl5o4ai3AWh5yC0hfhGtPk1oN3jOOdBUWct//pJtVU4eb1BDjC9bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHwvOAPxO2L2H3CezHp/0Zw9FNGLMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvZkM4NEFfRTdZdllmY0o3TWVuX1JuRDBVMFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAT
MA0GCSqGSIb3DQEBCwUAA4IBAQBEF3Ksc5L2XjCPvuu9EQc4uqYw2sv7an49u/gQ
hwZ2nwtASOkGUYz5crjELw51zJx3CK3krS+1SCq0kaMQ5ZmOr31sk6vr8kG+DZ+G
VYT1Tm0Ag9pfs8ox0HyJAuACOLrBzk5pn/ZvXzjfzdDWZwvU4XW6ef72UGKOxP5M
zPyq4kZb8WIvpUO5P4Rle5Y3PUqqCW6gGI7W/fM1T5wtaW2e969OV8eTmFgAIROc
9wDqnkRyA9280Yw0iceh47xsP27cqtg5X30F7fye/Gz3dh6QeMtWFfGQ5VgwWRHj
Il6Ej7YbL7TcNHHezAZ3NBPufd+oA+NW9WkI72hQ5xGYcvbT
-----END CERTIFICATE-----