Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/i0CDNhRVz5fDA9JUYLAwrCgOqVI.roa
File:                     i0CDNhRVz5fDA9JUYLAwrCgOqVI.roa (raw, json)
Hash identifier:          cm6yGn3dQ92sfI1qpgxbo6EzOEDgKttoA7YSmIUWvXA=
Subject key identifier:   8B:40:83:36:14:55:CF:97:C3:03:D2:54:60:B0:30:AC:28:0E:A9:52
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2959DC2633FAABC9E1DA80D411DB67
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/i0CDNhRVz5fDA9JUYLAwrCgOqVI.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200224
IP address blocks:        2a0e:8f02:f053::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:59:dc:26:33:fa:ab:c9:e1:da:80:d4:11:db:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b4083361455cf97c303d25460b030ac280ea952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6a:ff:47:fc:f7:d6:dd:af:e3:5d:d0:f0:d1:
                    21:1d:30:5b:92:c7:c8:55:90:6c:70:f5:d8:53:cb:
                    38:db:96:b9:73:7d:5b:08:97:c6:13:02:41:29:8c:
                    fd:2e:88:65:db:34:58:46:19:21:f4:42:57:73:eb:
                    a1:6b:c6:29:f8:46:2d:14:1d:9b:13:ba:e3:a3:c0:
                    d4:48:84:38:35:0a:ba:7e:71:05:9e:88:e5:56:cf:
                    57:00:7e:3e:2a:e1:93:ea:ee:e0:eb:7d:5c:09:70:
                    05:9e:a3:11:c2:f2:30:4b:ec:bf:d4:85:a5:a3:8d:
                    0e:91:bb:d6:35:40:26:42:54:ee:05:09:0e:c7:6c:
                    17:27:6e:2a:6d:89:63:75:22:eb:e5:5a:60:4e:cf:
                    74:8b:da:bf:a1:78:d8:cc:62:70:7c:8c:ff:28:84:
                    4e:5c:cd:24:de:6b:21:fe:4e:80:c4:98:b1:c7:24:
                    47:7c:c0:06:35:f4:8b:eb:7c:36:90:60:60:7f:e2:
                    1d:50:78:06:52:1e:92:75:d5:a6:ec:c9:e4:02:cf:
                    84:0e:7d:f3:87:fe:24:cf:ff:03:cb:72:c7:4e:6b:
                    3a:30:cb:ff:fa:ce:6f:6b:25:fe:f6:86:2e:e4:71:
                    cb:87:55:37:97:cf:2c:9c:0e:9a:a6:c9:d8:09:e4:
                    42:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:40:83:36:14:55:CF:97:C3:03:D2:54:60:B0:30:AC:28:0E:A9:52
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/i0CDNhRVz5fDA9JUYLAwrCgOqVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f053::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:02:6f:53:0d:64:7c:80:28:f6:16:97:87:05:20:df:34:96:
         ab:d4:d5:a4:13:78:c1:2c:1d:86:8a:64:74:43:ee:39:0e:23:
         56:1d:d8:2a:fa:df:db:d9:e0:37:cf:3a:5a:61:8b:9c:26:35:
         14:66:b3:42:7e:74:d1:4c:b2:ef:d0:63:7a:2c:64:31:2f:81:
         7a:32:fc:b1:e9:c6:57:ab:ab:fe:ba:2a:d1:9a:72:4f:23:58:
         9b:a9:4e:e1:ec:9b:ec:50:d9:68:19:f6:e5:e6:29:ec:92:02:
         9c:be:8f:26:b6:f5:0b:12:17:3d:00:0b:f3:19:90:62:0e:a0:
         db:ac:5d:c0:11:b0:c0:32:a3:7d:3f:c5:e5:4a:70:b0:0d:2e:
         07:6e:4a:28:34:39:38:d4:74:b8:76:84:00:1d:64:c8:1d:9a:
         f1:c2:de:13:b0:f6:1c:1e:ff:ac:56:2c:26:2d:af:2e:46:23:
         5c:45:7d:13:06:96:a7:3f:63:97:18:0e:99:97:3c:b0:3b:c6:
         04:8a:c2:fd:1c:2b:5a:0a:e9:a3:42:eb:b2:e4:9b:aa:a7:61:
         08:60:71:71:02:1b:28:ea:c4:b1:6f:9e:3a:9d:cf:4c:68:f1:
         b6:c8:a1:2c:25:d8:d8:d6:bf:e5:2d:a6:d1:d5:03:41:3f:9c:
         96:a2:d1:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVncJjP6q8nh2oDUEdtnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjQwODMzNjE0NTVjZjk3YzMwM2QyNTQ2MGIwMzBhYzI4MGVhOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2r/R/z31t2v413Q8NEhHTBbksfI
VZBscPXYU8s425a5c31bCJfGEwJBKYz9Lohl2zRYRhkh9EJXc+uha8Yp+EYtFB2b
E7rjo8DUSIQ4NQq6fnEFnojlVs9XAH4+KuGT6u7g631cCXAFnqMRwvIwS+y/1IWl
o40OkbvWNUAmQlTuBQkOx2wXJ24qbYljdSLr5VpgTs90i9q/oXjYzGJwfIz/KIRO
XM0k3msh/k6AxJixxyRHfMAGNfSL63w2kGBgf+IdUHgGUh6SddWm7MnkAs+EDn3z
h/4kz/8Dy3LHTms6MMv/+s5vayX+9oYu5HHLh1U3l88snA6apsnYCeRCXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFItAgzYUVc+XwwPSVGCwMKwoDqlSMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaTBDRE5oUlZ6NWZEQTlKVVlMQXdyQ2dPcVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBT
MA0GCSqGSIb3DQEBCwUAA4IBAQAbAm9TDWR8gCj2FpeHBSDfNJar1NWkE3jBLB2G
imR0Q+45DiNWHdgq+t/b2eA3zzpaYYucJjUUZrNCfnTRTLLv0GN6LGQxL4F6Mvyx
6cZXq6v+uirRmnJPI1ibqU7h7JvsUNloGfbl5inskgKcvo8mtvULEhc9AAvzGZBi
DqDbrF3AEbDAMqN9P8XlSnCwDS4HbkooNDk41HS4doQAHWTIHZrxwt4TsPYcHv+s
ViwmLa8uRiNcRX0TBpanP2OXGA6ZlzywO8YEisL9HCtaCumjQuuy5Juqp2EIYHFx
Ahso6sSxb546nc9MaPG2yKEsJdjY1r/lLabR1QNBP5yWotFM
-----END CERTIFICATE-----