Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hrqRWdJ1Q_7hs4Zrmk_UIU9iT4k.roa
File:                     hrqRWdJ1Q_7hs4Zrmk_UIU9iT4k.roa (raw, json)
Hash identifier:          B+lVVBc6fdjOtdkARAY5Y3+Q0S2muJg80h1aVgPhTVs=
Subject key identifier:   86:BA:91:59:D2:75:43:FE:E1:B3:86:6B:9A:4F:D4:21:4F:62:4F:89
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018D414DC426021665798DD32EC3DF823255
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hrqRWdJ1Q_7hs4Zrmk_UIU9iT4k.roa
Signing time:             Thu 25 Jan 2024 15:47:11 +0000
ROA not before:           Thu 25 Jan 2024 15:47:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207071
IP address blocks:        2a0e:8f02:2280::/44 maxlen: 48
                          2a0e:8f02:f029::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:4d:c4:26:02:16:65:79:8d:d3:2e:c3:df:82:32:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan 25 15:47:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86ba9159d27543fee1b3866b9a4fd4214f624f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:89:a3:20:c1:66:df:a3:a4:4c:e7:55:75:6f:
                    4f:d7:c8:48:00:ac:3e:ee:42:8b:8c:9c:d8:dd:34:
                    bf:f3:8d:99:67:0f:f6:2a:f5:f4:40:b9:af:a3:fe:
                    aa:26:c1:39:87:90:9d:82:54:06:ed:86:e6:c4:d5:
                    44:c6:e4:53:3c:96:70:8c:44:b8:65:9f:c4:1e:f3:
                    ca:27:d7:62:de:d7:99:84:af:62:4c:b5:e7:a2:0d:
                    e0:9b:b8:51:77:06:1b:d5:6a:d9:70:76:ef:09:76:
                    4e:b4:9d:f7:e8:ba:ee:a8:e1:f7:f9:0f:05:93:2b:
                    64:64:a1:6d:8f:13:23:e3:f3:da:61:ad:b9:61:cf:
                    e0:fe:b4:89:d8:52:df:c2:7e:69:a5:a0:32:a9:1a:
                    98:fa:a4:0d:fc:36:2e:36:bd:e5:0f:d8:4e:20:5c:
                    bb:d2:4b:ab:48:18:fe:a4:41:9a:9d:20:fc:be:1c:
                    e3:ac:42:23:57:db:1b:dd:5b:37:bd:b3:82:ec:82:
                    2b:d5:3a:71:b0:11:be:7e:5a:31:f1:ba:11:bb:94:
                    66:9f:42:98:5f:ad:af:28:31:46:95:13:36:7a:01:
                    af:36:5d:f5:99:14:db:50:da:a4:c9:63:9b:b7:f3:
                    f1:48:de:51:e0:26:7f:34:6a:fd:e4:8d:dd:3e:5e:
                    fd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BA:91:59:D2:75:43:FE:E1:B3:86:6B:9A:4F:D4:21:4F:62:4F:89
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hrqRWdJ1Q_7hs4Zrmk_UIU9iT4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2280::/44
                  2a0e:8f02:f029::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:4b:88:ac:7c:80:cb:7b:47:19:1c:2c:b2:09:df:58:ed:f3:
         4f:e7:0b:9d:d0:54:ff:84:ea:42:7a:2a:1e:dd:b4:4a:13:1c:
         72:e9:31:2d:7e:86:25:94:1d:32:a6:9d:f1:be:9b:7c:f0:99:
         9a:31:9a:66:2e:f0:3d:84:b4:da:bd:1a:77:24:b4:5f:1d:43:
         d6:40:43:18:20:b0:50:13:61:c8:25:d8:46:4a:18:a9:4c:cf:
         10:df:5e:14:2f:a8:05:58:83:bc:6b:64:cf:a2:4c:b0:98:ad:
         5e:36:c9:8d:51:84:e4:75:d8:69:de:fb:01:a3:bf:b9:80:e4:
         f0:8d:c5:45:b7:e9:88:cc:99:0a:a4:d2:09:0e:af:ae:69:86:
         29:a6:63:50:40:71:9b:05:11:e8:07:e3:77:06:e0:ce:fc:bc:
         fd:d3:e7:33:e3:0b:aa:b5:f9:c9:58:34:bd:3c:19:96:fd:cf:
         ce:34:b0:f1:56:be:ea:a7:83:ac:52:c9:25:98:00:0c:f1:8e:
         00:b3:5c:cc:b8:98:eb:82:29:a2:75:af:46:29:55:7f:07:a3:
         44:ce:4e:81:88:6d:51:ca:95:ce:7a:51:62:db:20:f0:de:2a:
         14:91:e6:95:fb:1a:ef:54:b0:6b:3e:23:d9:88:b4:f2:b4:ee:
         86:45:23:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1BTcQmAhZleY3TLsPfgjJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTI1MTU0NzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJhOTE1OWQyNzU0M2ZlZTFiMzg2NmI5YTRmZDQyMTRmNjI0Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhomjIMFm36OkTOdVdW9P18hIAKw+
7kKLjJzY3TS/842ZZw/2KvX0QLmvo/6qJsE5h5CdglQG7YbmxNVExuRTPJZwjES4
ZZ/EHvPKJ9di3teZhK9iTLXnog3gm7hRdwYb1WrZcHbvCXZOtJ336LruqOH3+Q8F
kytkZKFtjxMj4/PaYa25Yc/g/rSJ2FLfwn5ppaAyqRqY+qQN/DYuNr3lD9hOIFy7
0kurSBj+pEGanSD8vhzjrEIjV9sb3Vs3vbOC7IIr1TpxsBG+flox8boRu5Rmn0KY
X62vKDFGlRM2egGvNl31mRTbUNqkyWObt/PxSN5R4CZ/NGr95I3dPl79pwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIa6kVnSdUP+4bOGa5pP1CFPYk+JMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaHJxUldkSjFRXzdoczRacm1rX1VJVTlpVDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6PAiKA
AwcAKg6PAvApMA0GCSqGSIb3DQEBCwUAA4IBAQBoS4isfIDLe0cZHCyyCd9Y7fNP
5wud0FT/hOpCeioe3bRKExxy6TEtfoYllB0ypp3xvpt88JmaMZpmLvA9hLTavRp3
JLRfHUPWQEMYILBQE2HIJdhGShipTM8Q314UL6gFWIO8a2TPokywmK1eNsmNUYTk
ddhp3vsBo7+5gOTwjcVFt+mIzJkKpNIJDq+uaYYppmNQQHGbBRHoB+N3BuDO/Lz9
0+cz4wuqtfnJWDS9PBmW/c/ONLDxVr7qp4OsUsklmAAM8Y4As1zMuJjrgimida9G
KVV/B6NEzk6BiG1RypXOelFi2yDw3ioUkeaV+xrvVLBrPiPZiLTytO6GRSMO
-----END CERTIFICATE-----