Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/nsFG4JxsolQAH7yvWK70dw-7-S4.roa
File:                     nsFG4JxsolQAH7yvWK70dw-7-S4.roa (raw, json)
Hash identifier:          38Dt0CkN3JH5za93nX9S1t0rs7hu+xG//kDbPTekClU=
Subject key identifier:   9E:C1:46:E0:9C:6C:A2:54:00:1F:BC:AF:58:AE:F4:77:0F:BB:F9:2E
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018F4C8998AF61E86B4D72551FA882418E32
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/nsFG4JxsolQAH7yvWK70dw-7-S4.roa
Signing time:             Mon 06 May 2024 06:13:56 +0000
ROA not before:           Mon 06 May 2024 06:13:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215006
IP address blocks:        2a0e:8f02:f06c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:89:98:af:61:e8:6b:4d:72:55:1f:a8:82:41:8e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: May  6 06:13:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ec146e09c6ca254001fbcaf58aef4770fbbf92e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bb:1b:e6:71:c3:04:9e:d7:04:f9:55:03:e0:
                    2f:28:00:ea:a3:2f:90:e4:60:55:f3:15:a8:ac:5d:
                    04:16:e1:64:72:1b:d6:47:1c:cf:13:15:04:fe:67:
                    50:33:2a:3d:83:14:36:4d:7c:10:fe:cc:35:3b:65:
                    49:63:18:75:d8:d9:7c:04:6f:3c:9f:fc:da:ec:40:
                    64:c8:f6:87:19:05:0b:be:50:b3:f4:fe:90:11:35:
                    ac:c2:89:77:fb:b3:ea:a0:e1:61:7a:05:46:bb:0a:
                    d6:ef:36:11:f3:b2:84:28:86:f2:43:18:47:9f:11:
                    29:74:64:19:7e:8a:6d:f3:34:88:d8:49:df:a5:ae:
                    e2:03:47:44:b3:31:f5:2c:0d:76:d9:63:65:29:f3:
                    e9:28:70:4b:5f:a4:37:df:cd:a7:7e:66:48:49:03:
                    74:0c:8f:1a:fd:66:e8:89:d8:bf:bf:83:35:5b:0a:
                    a6:38:4c:7c:3a:a3:a4:4d:71:d2:d8:f5:76:75:10:
                    f2:84:ce:db:25:47:24:77:19:6c:c5:34:54:02:cb:
                    aa:48:ef:8b:fd:58:9f:92:e8:55:9d:d0:92:b3:19:
                    68:79:e3:90:15:b2:f9:f9:97:3b:e0:f8:50:81:00:
                    46:2b:4b:1c:8e:6c:e3:d7:2f:4a:57:a1:56:4c:de:
                    bd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C1:46:E0:9C:6C:A2:54:00:1F:BC:AF:58:AE:F4:77:0F:BB:F9:2E
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/nsFG4JxsolQAH7yvWK70dw-7-S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f06c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:4f:92:53:cc:2d:f9:3b:c2:32:b6:ad:b1:96:3f:4f:50:06:
         99:e8:21:a4:34:d5:f0:e0:ca:5a:74:cb:4e:bf:4f:98:fe:2a:
         d6:23:16:a8:9e:77:0b:76:40:fd:2f:b6:f6:b5:d8:47:90:bc:
         4e:aa:69:03:5d:57:a4:f3:ad:a6:af:59:f7:18:c3:af:e4:9a:
         9f:78:09:8f:cb:cc:82:8d:e2:f9:e2:ac:c4:02:58:98:6a:9d:
         8e:06:13:2e:84:74:de:b1:5b:59:d9:95:03:48:8d:16:22:79:
         b9:22:ad:49:d3:6e:67:4a:b9:4d:41:f7:af:32:07:d2:54:44:
         05:f5:38:0a:b0:4e:48:79:e9:3c:32:c5:3e:48:09:a0:23:f5:
         c9:ce:71:52:d2:44:2a:e3:09:10:0b:fc:5b:96:4f:0f:90:53:
         f3:27:d8:24:6c:ee:e5:a4:00:b4:34:17:28:92:9b:72:14:68:
         a2:68:e3:f4:8e:bf:5f:27:32:5d:79:c6:d0:63:31:89:99:a8:
         07:62:f1:dc:41:4e:39:2d:52:fb:a3:7a:25:68:4e:f7:27:7b:
         9b:c2:88:9b:b6:9e:fd:7d:fc:43:a8:7a:72:27:41:f7:cd:b3:
         a6:87:75:ab:34:65:8e:c9:29:50:a5:af:8f:16:0e:eb:5c:17:
         8d:9e:2c:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9MiZivYehrTXJVH6iCQY4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwNTA2MDYxMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWMxNDZlMDljNmNhMjU0MDAxZmJjYWY1OGFlZjQ3NzBmYmJmOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrsb5nHDBJ7XBPlVA+AvKADqoy+Q
5GBV8xWorF0EFuFkchvWRxzPExUE/mdQMyo9gxQ2TXwQ/sw1O2VJYxh12Nl8BG88
n/za7EBkyPaHGQULvlCz9P6QETWswol3+7PqoOFhegVGuwrW7zYR87KEKIbyQxhH
nxEpdGQZfopt8zSI2Enfpa7iA0dEszH1LA122WNlKfPpKHBLX6Q3382nfmZISQN0
DI8a/Wboidi/v4M1WwqmOEx8OqOkTXHS2PV2dRDyhM7bJUckdxlsxTRUAsuqSO+L
/VifkuhVndCSsxloeeOQFbL5+Zc74PhQgQBGK0scjmzj1y9KV6FWTN69jQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ7BRuCcbKJUAB+8r1iu9HcPu/kuMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbnNGRzRKeHNvbFFBSDd5dldLNzBkdy03LVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBs
MA0GCSqGSIb3DQEBCwUAA4IBAQAqT5JTzC35O8Iytq2xlj9PUAaZ6CGkNNXw4Mpa
dMtOv0+Y/irWIxaonncLdkD9L7b2tdhHkLxOqmkDXVek862mr1n3GMOv5JqfeAmP
y8yCjeL54qzEAliYap2OBhMuhHTesVtZ2ZUDSI0WInm5Iq1J025nSrlNQfevMgfS
VEQF9TgKsE5Ieek8MsU+SAmgI/XJznFS0kQq4wkQC/xblk8PkFPzJ9gkbO7lpAC0
NBcokptyFGiiaOP0jr9fJzJdecbQYzGJmagHYvHcQU45LVL7o3olaE73J3ubwoib
tp79ffxDqHpyJ0H3zbOmh3WrNGWOySlQpa+PFg7rXBeNniz4
-----END CERTIFICATE-----