Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/jS38T_2w9IAMaqCsZW_2WElk6g8.roa
File:                     jS38T_2w9IAMaqCsZW_2WElk6g8.roa (raw, json)
Hash identifier:          5jdnhgSGpHN0f9n83WZK4eApFA3JF3XlwoW0x9uBj84=
Subject key identifier:   8D:2D:FC:4F:FD:B0:F4:80:0C:6A:A0:AC:65:6F:F6:58:49:64:EA:0F
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01907E5FFF903D13AB0859745589948A5B35
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/jS38T_2w9IAMaqCsZW_2WElk6g8.roa
Signing time:             Thu 04 Jul 2024 15:32:18 +0000
ROA not before:           Thu 04 Jul 2024 15:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214624
IP address blocks:        2a0e:8f02:3000::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7e:5f:ff:90:3d:13:ab:08:59:74:55:89:94:8a:5b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jul  4 15:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d2dfc4ffdb0f4800c6aa0ac656ff6584964ea0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:00:17:b8:40:b9:0f:33:62:1c:27:d1:17:4e:
                    fc:2a:ba:3e:a7:27:4a:13:a2:64:e2:99:04:0d:08:
                    09:a3:47:df:ee:de:db:13:bc:a1:93:2a:33:18:32:
                    a2:cd:b5:25:35:8f:ed:28:b6:93:d8:b2:47:99:27:
                    4d:73:54:7f:6b:f4:8b:c0:42:1f:9a:2b:61:4e:b9:
                    e9:29:18:32:44:0e:85:86:6e:8f:62:55:e3:60:12:
                    a9:5b:3f:5c:48:0d:b2:8a:c3:ae:b9:97:78:6e:87:
                    30:35:c3:93:73:60:6c:38:20:d4:4c:d8:ff:3f:60:
                    54:27:85:85:c6:d9:74:10:f2:08:f3:f4:8e:09:c6:
                    62:4c:ed:c7:76:0a:7a:ab:71:3d:6f:37:17:8c:07:
                    e0:99:06:93:f7:81:4e:98:ce:b9:28:25:60:02:66:
                    af:ff:86:e9:b3:41:7c:43:eb:6d:64:0c:a7:6e:8c:
                    3f:42:9e:2a:ec:5f:38:39:8c:96:c5:50:9f:3e:50:
                    9e:27:3a:49:ae:e5:ed:0e:d3:01:6a:8e:55:75:b4:
                    db:a9:86:fb:ee:cc:60:48:19:16:f5:ba:0b:03:ba:
                    44:e9:7f:9a:6e:33:3d:40:6b:c7:0e:df:68:9b:ca:
                    f0:7e:d5:15:46:d6:e6:69:0f:81:db:7d:b1:a6:69:
                    6b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:2D:FC:4F:FD:B0:F4:80:0C:6A:A0:AC:65:6F:F6:58:49:64:EA:0F
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/jS38T_2w9IAMaqCsZW_2WElk6g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:3000::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:61:ea:0b:13:61:f6:05:de:3e:21:a8:a0:4b:00:c4:c7:c2:
         8e:ec:93:9e:50:de:11:2e:90:75:74:9c:57:6f:3d:5d:47:a4:
         05:fb:02:50:5b:f6:62:df:50:1d:f3:5d:77:f7:eb:47:08:ae:
         fe:3f:cc:69:8b:3d:71:e5:18:f0:f7:77:e3:42:a6:59:f8:a1:
         62:2d:68:f0:56:5d:19:1f:98:3f:28:49:8f:53:c6:4a:07:5f:
         0d:11:45:e5:b6:a8:2a:1f:2d:d4:92:89:c5:e1:0b:9f:b4:f7:
         91:af:ae:04:90:a7:a9:f4:96:8c:09:07:ab:25:7f:a2:11:3b:
         51:06:0c:3d:6f:98:3e:cf:fd:79:c2:ba:46:b3:ba:ac:2a:f0:
         4d:41:0a:89:c2:a7:5d:19:0c:95:3b:86:c4:b0:7a:5a:81:53:
         a6:f4:54:d7:56:90:1f:2d:c7:1b:ef:1c:c6:85:3c:43:56:f9:
         aa:23:a9:0b:a9:2c:ce:52:e5:ad:f2:d1:58:27:c8:36:8a:da:
         01:1f:fe:c2:be:13:4f:c7:cb:08:d7:d4:ee:2a:04:98:6f:80:
         41:42:e2:13:f2:7c:ce:08:c2:47:66:e1:63:22:df:7c:51:cb:
         43:5e:1b:91:12:d7:13:aa:c0:86:2e:b6:d7:a1:6f:4d:82:2c:
         22:b7:eb:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZB+X/+QPROrCFl0VYmUils1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwNzA0MTUzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDJkZmM0ZmZkYjBmNDgwMGM2YWEwYWM2NTZmZjY1ODQ5NjRlYTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQAXuEC5DzNiHCfRF078Kro+pydK
E6Jk4pkEDQgJo0ff7t7bE7yhkyozGDKizbUlNY/tKLaT2LJHmSdNc1R/a/SLwEIf
mithTrnpKRgyRA6Fhm6PYlXjYBKpWz9cSA2yisOuuZd4bocwNcOTc2BsOCDUTNj/
P2BUJ4WFxtl0EPII8/SOCcZiTO3Hdgp6q3E9bzcXjAfgmQaT94FOmM65KCVgAmav
/4bps0F8Q+ttZAynbow/Qp4q7F84OYyWxVCfPlCeJzpJruXtDtMBao5VdbTbqYb7
7sxgSBkW9boLA7pE6X+abjM9QGvHDt9om8rwftUVRtbmaQ+B232xpmlrRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI0t/E/9sPSADGqgrGVv9lhJZOoPMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvalMzOFRfMnc5SUFNYXFDc1pXXzJXRWxrNmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAjAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB0YeoLE2H2Bd4+IaigSwDEx8KO7JOeUN4RLpB1
dJxXbz1dR6QF+wJQW/Zi31Ad81139+tHCK7+P8xpiz1x5Rjw93fjQqZZ+KFiLWjw
Vl0ZH5g/KEmPU8ZKB18NEUXltqgqHy3UkonF4QuftPeRr64EkKep9JaMCQerJX+i
ETtRBgw9b5g+z/15wrpGs7qsKvBNQQqJwqddGQyVO4bEsHpagVOm9FTXVpAfLccb
7xzGhTxDVvmqI6kLqSzOUuWt8tFYJ8g2itoBH/7CvhNPx8sI19TuKgSYb4BBQuIT
8nzOCMJHZuFjIt98UctDXhuREtcTqsCGLrbXoW9Ngiwit+tT
-----END CERTIFICATE-----