Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/lbZNjsB3aN2wI_uGe4ihB0ChyMI.roa
File:                     lbZNjsB3aN2wI_uGe4ihB0ChyMI.roa (raw, json)
Hash identifier:          vOQgfOTGsah8aRV8rd7AKPKts28GyJqwMJ9AOROPDa4=
Subject key identifier:   95:B6:4D:8E:C0:77:68:DD:B0:23:FB:86:7B:88:A1:07:40:A1:C8:C2
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2976117A4381C00CA99117120451F3
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/lbZNjsB3aN2wI_uGe4ihB0ChyMI.roa
Signing time:             Tue 02 Jan 2024 12:32:43 +0000
ROA not before:           Tue 02 Jan 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213127
IP address blocks:        2a0e:8f02:f000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:76:11:7a:43:81:c0:0c:a9:91:17:12:04:51:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95b64d8ec07768ddb023fb867b88a10740a1c8c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f2:4a:0b:d6:8b:cc:e8:d2:92:8e:df:0c:e1:
                    f3:ee:f2:14:ed:6f:f6:f6:2d:2a:33:44:7b:78:80:
                    99:49:ec:3d:07:c1:99:22:10:49:c5:72:97:ba:62:
                    3f:eb:21:0a:a3:0b:7d:63:71:b3:3f:d8:0c:c4:63:
                    39:b2:ab:ae:94:87:4c:69:c2:fa:f6:a9:2b:2e:3b:
                    19:28:66:69:44:5c:7e:01:47:6a:89:c3:73:c2:14:
                    95:36:93:44:29:da:b9:8f:23:93:4e:17:fb:21:15:
                    ae:c9:9d:74:ab:ca:31:8a:74:80:9d:a0:a0:a0:77:
                    84:2e:33:78:bb:93:3d:6c:98:df:d5:ba:66:f8:4e:
                    b3:d5:c0:01:f3:ac:e7:f7:da:a4:cd:bc:81:ed:42:
                    63:3b:46:93:17:fc:72:57:eb:54:8c:1f:64:7c:b0:
                    7b:12:9e:02:48:aa:53:96:13:01:42:d5:63:aa:1b:
                    05:1e:5e:74:26:19:2b:a9:8c:02:ff:4f:15:b8:ea:
                    2a:5a:08:28:4f:81:d7:67:94:1b:22:4f:68:0d:ed:
                    d0:ea:1c:64:4d:c9:1e:f5:ba:4d:1f:60:9b:6f:a1:
                    a3:24:a8:89:cb:da:f5:0c:e7:2a:a3:f0:57:73:4e:
                    b6:84:51:06:b4:c8:04:8b:e9:3f:7b:49:f9:fa:f0:
                    83:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B6:4D:8E:C0:77:68:DD:B0:23:FB:86:7B:88:A1:07:40:A1:C8:C2
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/lbZNjsB3aN2wI_uGe4ihB0ChyMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f000::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:f2:c5:c7:e4:17:39:b3:e0:87:82:91:88:af:ba:79:40:0a:
         52:98:ef:b2:b3:b4:5c:f9:6c:31:73:0b:e2:f6:06:71:1c:0d:
         51:92:71:15:ab:95:f2:66:81:c2:03:96:69:03:1a:ae:dc:84:
         65:18:45:ea:21:6f:a2:6e:fb:dd:30:c1:96:a5:ba:e1:32:b3:
         8e:30:ca:78:34:af:00:f7:eb:87:b1:20:d4:68:4a:a1:a5:00:
         e4:f8:19:12:a0:e3:3a:46:6a:4b:92:06:19:3c:d5:9b:8e:98:
         2c:eb:77:da:89:93:14:26:28:ab:af:a1:3c:a0:a9:cc:8e:5a:
         7a:af:36:9b:0a:f7:47:1e:e3:49:36:1c:e4:e7:18:7c:28:a3:
         7d:46:25:6c:ee:dc:79:2a:47:40:5a:f1:0c:af:d4:95:3e:97:
         d9:af:09:ff:83:44:db:ee:7d:45:e2:a4:96:74:71:98:f5:82:
         a8:19:49:a5:30:21:fe:68:01:ff:98:1e:3a:f9:29:f2:a9:72:
         f5:63:9c:95:f0:c3:d3:78:f7:c0:6f:63:ba:56:3c:d8:88:aa:
         d1:93:d0:1d:e2:41:08:19:c2:44:4a:69:c6:6a:92:25:5c:fe:
         9c:e4:31:07:3a:fb:fb:3b:dd:44:c5:f2:c0:fd:72:c7:72:ae:
         60:fc:f6:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXYRekOBwAypkRcSBFHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI2NGQ4ZWMwNzc2OGRkYjAyM2ZiODY3Yjg4YTEwNzQwYTFjOGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfJKC9aLzOjSko7fDOHz7vIU7W/2
9i0qM0R7eICZSew9B8GZIhBJxXKXumI/6yEKowt9Y3GzP9gMxGM5squulIdMacL6
9qkrLjsZKGZpRFx+AUdqicNzwhSVNpNEKdq5jyOTThf7IRWuyZ10q8oxinSAnaCg
oHeELjN4u5M9bJjf1bpm+E6z1cAB86zn99qkzbyB7UJjO0aTF/xyV+tUjB9kfLB7
Ep4CSKpTlhMBQtVjqhsFHl50JhkrqYwC/08VuOoqWggoT4HXZ5QbIk9oDe3Q6hxk
Tcke9bpNH2Cbb6GjJKiJy9r1DOcqo/BXc062hFEGtMgEi+k/e0n5+vCDdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJW2TY7Ad2jdsCP7hnuIoQdAocjCMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbGJaTmpzQjNhTjJ3SV91R2U0aWhCMENoeU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB38sXH5Bc5s+CHgpGIr7p5QApSmO+ys7Rc+Wwx
cwvi9gZxHA1RknEVq5XyZoHCA5ZpAxqu3IRlGEXqIW+ibvvdMMGWpbrhMrOOMMp4
NK8A9+uHsSDUaEqhpQDk+BkSoOM6RmpLkgYZPNWbjpgs63faiZMUJiirr6E8oKnM
jlp6rzabCvdHHuNJNhzk5xh8KKN9RiVs7tx5KkdAWvEMr9SVPpfZrwn/g0Tb7n1F
4qSWdHGY9YKoGUmlMCH+aAH/mB46+SnyqXL1Y5yV8MPTePfAb2O6VjzYiKrRk9Ad
4kEIGcJESmnGapIlXP6c5DEHOvv7O91ExfLA/XLHcq5g/PYE
-----END CERTIFICATE-----