Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hTS-iiLYA7mZVegSOFSUv9QwRjw.roa
File:                     hTS-iiLYA7mZVegSOFSUv9QwRjw.roa (raw, json)
Hash identifier:          OJ6TpNwWg+dlSf0Ey5jRq37pvg+oMwx+pxNQ8GfanKo=
Subject key identifier:   85:34:BE:8A:22:D8:03:B9:99:55:E8:12:38:54:94:BF:D4:30:46:3C
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295D17B4A6A29C744D60638EEA66A3
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hTS-iiLYA7mZVegSOFSUv9QwRjw.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203915
IP address blocks:        2a0e:8f02:f045::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5d:17:b4:a6:a2:9c:74:4d:60:63:8e:ea:66:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8534be8a22d803b99955e812385494bfd430463c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:20:a8:b8:d0:03:8c:e1:49:42:ed:90:8d:c9:
                    0f:4a:41:2f:90:a4:3b:f9:4f:9b:37:e6:bf:c2:48:
                    a0:aa:09:be:30:66:f0:41:ba:02:dc:df:37:2d:bc:
                    00:d6:db:4a:50:d7:b8:d9:83:92:af:8b:e7:6e:97:
                    86:d3:40:c0:80:55:75:2a:45:36:95:af:ed:95:be:
                    01:49:df:0d:f2:bf:d9:88:4c:be:ec:fe:3d:38:ab:
                    4a:0a:0c:57:ec:da:51:b1:a1:4e:9a:19:0b:19:e3:
                    b6:70:e6:78:cc:e6:d9:bb:42:f4:91:95:c6:cf:28:
                    01:38:67:c2:88:75:76:d0:9f:77:e9:63:92:ce:6a:
                    e9:f9:13:a7:23:07:91:a4:33:79:ea:8c:8c:ec:c1:
                    21:9a:94:97:3b:e2:a4:8b:91:dd:e6:bc:50:91:1f:
                    7d:f1:e3:dd:c0:7f:b4:79:49:cc:e5:3b:6e:d6:90:
                    3a:3f:f2:d6:70:7e:6b:3e:8f:8b:fa:34:3d:aa:f2:
                    69:35:9a:63:87:c5:b4:bb:b7:33:0c:d9:29:45:0d:
                    2e:e9:e2:85:f6:a8:9c:11:31:1f:4b:00:e2:b8:6c:
                    5d:8c:b3:20:91:e0:40:7b:08:7b:4c:cc:75:38:cd:
                    29:d8:54:8f:1e:fe:28:aa:2b:62:52:0f:32:13:4a:
                    fc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:34:BE:8A:22:D8:03:B9:99:55:E8:12:38:54:94:BF:D4:30:46:3C
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hTS-iiLYA7mZVegSOFSUv9QwRjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f045::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:ee:6e:1a:27:e6:a6:02:9a:62:61:9a:bd:ba:fa:0c:ab:40:
         f8:89:7e:ba:aa:3c:27:59:21:a4:ca:f1:ff:cd:71:c0:d2:3e:
         3e:d4:f0:a3:f2:04:e0:4e:f6:5e:88:22:50:9e:4f:b8:e9:cd:
         54:c0:78:0c:57:05:26:fb:77:3f:16:1d:34:de:e8:82:6a:9c:
         58:50:f9:b5:63:ef:6f:7c:d8:6b:aa:ac:e3:64:b3:4f:de:12:
         0d:20:fa:ed:f0:1d:e7:98:8e:2b:55:69:bb:09:e2:9d:87:90:
         31:f3:7d:fd:71:e0:e9:8e:b4:3e:17:9f:cf:1e:62:24:06:38:
         bd:f8:46:75:e5:03:ab:2f:43:99:a3:29:5f:c0:64:81:5b:87:
         de:ed:31:60:e7:4b:89:b6:d1:8e:17:19:e4:0c:d0:92:7b:f3:
         2f:0a:68:f3:90:94:31:15:bf:c9:bd:58:dd:50:32:b1:c0:d4:
         e1:b3:87:65:1c:e0:49:ad:2b:49:a3:1d:87:8b:bf:55:71:c8:
         f2:f1:da:ea:dc:0d:66:26:c0:a8:29:e3:b0:97:29:3a:10:53:
         b0:c5:0f:a9:bc:91:ec:6d:09:71:46:f7:76:d5:3c:c1:e5:56:
         fd:f3:3b:55:cf:bb:11:60:97:b8:68:56:c6:89:cb:ac:68:97:
         6a:41:b7:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKV0XtKainHRNYGOO6majMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTM0YmU4YTIyZDgwM2I5OTk1NWU4MTIzODU0OTRiZmQ0MzA0NjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiCouNADjOFJQu2QjckPSkEvkKQ7
+U+bN+a/wkigqgm+MGbwQboC3N83LbwA1ttKUNe42YOSr4vnbpeG00DAgFV1KkU2
la/tlb4BSd8N8r/ZiEy+7P49OKtKCgxX7NpRsaFOmhkLGeO2cOZ4zObZu0L0kZXG
zygBOGfCiHV20J936WOSzmrp+ROnIweRpDN56oyM7MEhmpSXO+Kki5Hd5rxQkR99
8ePdwH+0eUnM5Ttu1pA6P/LWcH5rPo+L+jQ9qvJpNZpjh8W0u7czDNkpRQ0u6eKF
9qicETEfSwDiuGxdjLMgkeBAewh7TMx1OM0p2FSPHv4oqitiUg8yE0r8SQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIU0vooi2AO5mVXoEjhUlL/UMEY8MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaFRTLWlpTFlBN21aVmVnU09GU1V2OVF3Ump3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBF
MA0GCSqGSIb3DQEBCwUAA4IBAQAn7m4aJ+amAppiYZq9uvoMq0D4iX66qjwnWSGk
yvH/zXHA0j4+1PCj8gTgTvZeiCJQnk+46c1UwHgMVwUm+3c/Fh003uiCapxYUPm1
Y+9vfNhrqqzjZLNP3hINIPrt8B3nmI4rVWm7CeKdh5Ax8339ceDpjrQ+F5/PHmIk
Bji9+EZ15QOrL0OZoylfwGSBW4fe7TFg50uJttGOFxnkDNCSe/MvCmjzkJQxFb/J
vVjdUDKxwNThs4dlHOBJrStJox2Hi79Vccjy8drq3A1mJsCoKeOwlyk6EFOwxQ+p
vJHsbQlxRvd21TzB5Vb98ztVz7sRYJe4aFbGicusaJdqQbez
-----END CERTIFICATE-----