Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/m4GrQ_9oNt1m3xJWS319GoMoUwM.roa
File:                     m4GrQ_9oNt1m3xJWS319GoMoUwM.roa (raw, json)
Hash identifier:          vA6CWzZsyEaB3iSTAKjAjjZmPArvtgjmCMMkdYqLS6o=
Subject key identifier:   9B:81:AB:43:FF:68:36:DD:66:DF:12:56:4B:7D:7D:1A:83:28:53:03
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296E2E5DC61772D8C13E7A1CDE5B5B
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/m4GrQ_9oNt1m3xJWS319GoMoUwM.roa
Signing time:             Tue 02 Jan 2024 12:32:41 +0000
ROA not before:           Tue 02 Jan 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212268
IP address blocks:        2a0e:8f02:f014::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:6e:2e:5d:c6:17:72:d8:c1:3e:7a:1c:de:5b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b81ab43ff6836dd66df12564b7d7d1a83285303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:52:a4:b2:e7:13:65:57:c6:11:11:32:89:3d:
                    2b:85:c6:37:d5:94:bc:30:9b:4a:f4:ff:2d:5c:91:
                    46:b0:7e:65:d8:80:4c:0f:01:c7:55:a9:ef:7c:21:
                    67:4d:19:61:80:04:de:ae:f1:04:16:5c:03:15:c5:
                    f9:c7:9a:73:db:f4:9f:0a:ba:e2:12:ab:1a:b0:dc:
                    6e:df:9f:f8:61:b8:e0:ca:5b:e7:a4:83:13:75:9f:
                    7a:80:87:01:39:ef:31:b3:bb:96:17:1c:6c:c0:8d:
                    0f:a9:1d:f2:e8:5e:5b:dc:e8:98:39:34:8f:53:31:
                    f7:f8:37:75:ef:da:21:75:6b:7f:c2:39:b6:ce:ad:
                    74:28:b0:82:35:10:a1:4a:34:95:af:a8:c5:d7:f8:
                    79:e4:bf:8e:be:2a:3f:de:7d:ee:7f:a3:3b:74:34:
                    50:0f:a7:2f:c6:49:7a:72:05:2d:3f:d4:2a:23:ba:
                    08:0d:a9:b7:22:23:ae:1c:59:a9:a1:dd:db:93:82:
                    6e:6c:3e:31:30:eb:69:15:4d:7d:5e:24:e3:87:11:
                    fa:cc:69:f4:ca:bb:52:46:02:04:22:3a:86:55:ee:
                    8f:a2:7b:8f:a5:c3:5a:ff:47:b7:b8:cd:b5:dd:09:
                    19:d7:3d:1d:7a:40:07:76:f0:e6:8b:ce:e3:62:2e:
                    f5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:81:AB:43:FF:68:36:DD:66:DF:12:56:4B:7D:7D:1A:83:28:53:03
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/m4GrQ_9oNt1m3xJWS319GoMoUwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f014::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:c7:90:59:36:c4:3b:f7:64:3b:77:55:6f:ff:54:47:82:bd:
         92:da:cb:31:f5:7e:64:fb:06:7b:9d:c0:6d:5b:23:a5:1c:4d:
         f7:6c:a8:50:fd:cb:20:a0:dc:bd:7f:dd:6e:cb:08:8a:a0:9d:
         9c:ff:73:90:fb:78:0a:99:c3:a1:f8:2b:44:69:fe:b3:72:9a:
         29:0f:d2:6e:c7:df:97:9b:e0:ad:1a:e5:2d:90:fa:fc:6d:58:
         da:cb:2c:19:9c:cf:ad:21:bc:3f:ba:4c:a0:f5:bb:2c:a5:fe:
         dc:dc:84:75:36:f7:90:49:40:ee:b9:c7:2d:5b:45:57:70:35:
         21:61:44:e1:e2:fa:ce:66:ae:61:90:c1:20:c3:74:7d:f8:52:
         2a:b1:83:97:cd:03:4a:c9:48:38:ae:b9:9d:f9:cd:7f:76:5a:
         b5:97:23:a0:19:7d:66:7b:15:d5:4d:f9:4b:3c:09:42:26:e4:
         bc:e5:0a:bd:86:07:89:a4:b7:c9:22:e6:73:3d:e5:31:92:14:
         93:f0:71:d2:49:11:00:3d:db:10:2a:27:84:47:56:d0:df:e2:
         6c:ce:dd:e4:07:1c:7d:2c:f3:02:17:21:7a:5e:3c:24:c2:88:
         1a:74:e3:b6:1c:53:c9:73:b9:27:6e:ab:92:30:38:cd:07:e2:
         c4:a9:00:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKW4uXcYXctjBPnoc3ltbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjgxYWI0M2ZmNjgzNmRkNjZkZjEyNTY0YjdkN2QxYTgzMjg1MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVKksucTZVfGEREyiT0rhcY31ZS8
MJtK9P8tXJFGsH5l2IBMDwHHVanvfCFnTRlhgATervEEFlwDFcX5x5pz2/SfCrri
EqsasNxu35/4YbjgylvnpIMTdZ96gIcBOe8xs7uWFxxswI0PqR3y6F5b3OiYOTSP
UzH3+Dd179ohdWt/wjm2zq10KLCCNRChSjSVr6jF1/h55L+Ovio/3n3uf6M7dDRQ
D6cvxkl6cgUtP9QqI7oIDam3IiOuHFmpod3bk4JubD4xMOtpFU19XiTjhxH6zGn0
yrtSRgIEIjqGVe6PonuPpcNa/0e3uM213QkZ1z0dekAHdvDmi87jYi717wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJuBq0P/aDbdZt8SVkt9fRqDKFMDMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbTRHclFfOW9OdDFtM3hKV1MzMTlHb01vVXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAU
MA0GCSqGSIb3DQEBCwUAA4IBAQAxx5BZNsQ792Q7d1Vv/1RHgr2S2ssx9X5k+wZ7
ncBtWyOlHE33bKhQ/csgoNy9f91uywiKoJ2c/3OQ+3gKmcOh+CtEaf6zcpopD9Ju
x9+Xm+CtGuUtkPr8bVjayywZnM+tIbw/ukyg9bsspf7c3IR1NveQSUDuucctW0VX
cDUhYUTh4vrOZq5hkMEgw3R9+FIqsYOXzQNKyUg4rrmd+c1/dlq1lyOgGX1mexXV
TflLPAlCJuS85Qq9hgeJpLfJIuZzPeUxkhST8HHSSREAPdsQKieER1bQ3+Jszt3k
Bxx9LPMCFyF6XjwkwogadOO2HFPJc7knbquSMDjNB+LEqQAs
-----END CERTIFICATE-----