Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/pfPWWlcBtiGxaeBCUSHbnkwsCdk.roa
File:                     pfPWWlcBtiGxaeBCUSHbnkwsCdk.roa (raw, json)
Hash identifier:          zQoEdED6AYoVcQkVVcqEyfBHCn5tdVpdTBqjGWsxaYY=
Subject key identifier:   A5:F3:D6:5A:57:01:B6:21:B1:69:E0:42:51:21:DB:9E:4C:2C:09:D9
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295827B28DBFA480E6F53AFB65F1CD
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/pfPWWlcBtiGxaeBCUSHbnkwsCdk.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199310
IP address blocks:        2a0e:8f02:f058::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:58:27:b2:8d:bf:a4:80:e6:f5:3a:fb:65:f1:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5f3d65a5701b621b169e0425121db9e4c2c09d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:30:50:bb:1d:25:c9:ec:ea:b3:49:2b:d7:81:
                    fb:33:ed:8e:99:35:f5:b3:d4:b7:5f:dd:9f:1e:88:
                    8a:f1:78:28:d2:c1:fb:db:ac:6e:87:7e:2b:79:64:
                    34:f4:c6:83:e2:14:cb:7a:d6:cb:65:3f:61:ca:7e:
                    f8:18:ec:8f:ec:cf:4c:d6:ad:a2:13:ca:09:ef:e2:
                    d5:e6:6e:12:2d:d1:5c:ec:5c:53:36:a3:be:f3:6f:
                    ba:45:af:e3:ff:99:b0:2b:3e:d5:47:00:cb:50:b6:
                    2a:a2:48:b0:d1:03:ec:a3:b8:83:54:ba:82:c5:fb:
                    cb:99:10:86:a9:39:41:76:9a:5f:92:cb:f9:f2:0e:
                    fb:d9:f2:d1:54:2b:9e:ee:7c:47:47:f9:6e:40:f1:
                    05:4f:32:ef:ad:ba:6c:17:4a:89:50:13:c7:23:1a:
                    52:66:e0:25:83:55:65:43:a0:f6:a6:45:69:39:f8:
                    f1:d0:f5:98:07:8d:28:c9:4a:5d:b6:a5:e0:ed:ec:
                    1a:27:89:c0:da:d1:28:6d:e0:8d:d4:3c:f2:44:a2:
                    69:02:78:75:c1:5f:d2:70:66:cc:38:55:e5:b3:56:
                    24:bb:45:6f:e3:fe:8c:e9:d4:05:55:70:9d:3f:57:
                    cd:f3:bf:0c:ec:73:dc:f5:b7:28:9f:8d:6b:35:72:
                    4f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F3:D6:5A:57:01:B6:21:B1:69:E0:42:51:21:DB:9E:4C:2C:09:D9
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/pfPWWlcBtiGxaeBCUSHbnkwsCdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f058::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:75:0e:56:9c:23:76:fc:be:64:b1:ee:3e:2e:b4:f2:91:81:
         77:18:37:8b:61:75:78:15:34:24:61:3a:6c:bc:3e:cb:35:1c:
         b4:07:80:2c:94:d3:7c:b3:a6:9f:0f:d4:b1:52:37:c0:d9:01:
         b4:3f:0b:06:f2:63:08:58:9d:f5:73:2c:51:9c:ff:80:47:f1:
         a9:ba:0e:ed:45:d3:ff:88:a6:66:13:ad:c4:35:c2:12:8e:5d:
         fe:55:cd:03:41:b5:97:64:ad:07:d4:11:c7:1f:eb:43:36:64:
         6d:aa:76:0f:38:34:d5:3c:e1:a4:24:35:a6:ef:b4:7b:b6:1d:
         47:7f:6f:f1:8d:52:a6:50:ce:9e:23:7d:51:43:77:38:e9:b4:
         38:e4:41:4c:fe:7c:05:83:e7:96:99:1d:98:bc:6c:f1:59:e4:
         08:87:54:5d:db:16:f7:03:49:44:6d:71:63:e5:43:58:a5:6d:
         e2:c7:e2:24:72:e4:57:12:60:9a:dd:bf:a4:29:e9:b6:11:7c:
         c8:8a:5e:9a:27:23:84:e5:2d:3b:e9:d5:a8:2f:5d:34:d2:76:
         6e:42:6d:76:b0:60:98:b1:7e:f1:36:4b:f8:c9:9a:01:c1:a1:
         df:b1:a7:25:9d:c5:9c:9c:fe:49:f3:69:ae:7a:bf:1b:ee:4e:
         aa:77:fb:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVgnso2/pIDm9Tr7ZfHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWYzZDY1YTU3MDFiNjIxYjE2OWUwNDI1MTIxZGI5ZTRjMmMwOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTBQux0lyezqs0kr14H7M+2OmTX1
s9S3X92fHoiK8Xgo0sH726xuh34reWQ09MaD4hTLetbLZT9hyn74GOyP7M9M1q2i
E8oJ7+LV5m4SLdFc7FxTNqO+82+6Ra/j/5mwKz7VRwDLULYqokiw0QPso7iDVLqC
xfvLmRCGqTlBdppfksv58g772fLRVCue7nxHR/luQPEFTzLvrbpsF0qJUBPHIxpS
ZuAlg1VlQ6D2pkVpOfjx0PWYB40oyUpdtqXg7ewaJ4nA2tEobeCN1DzyRKJpAnh1
wV/ScGbMOFXls1Yku0Vv4/6M6dQFVXCdP1fN878M7HPc9bcon41rNXJPyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKXz1lpXAbYhsWngQlEh255MLAnZMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvcGZQV1dsY0J0aUd4YWVCQ1VTSGJua3dzQ2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBY
MA0GCSqGSIb3DQEBCwUAA4IBAQCldQ5WnCN2/L5kse4+LrTykYF3GDeLYXV4FTQk
YTpsvD7LNRy0B4AslNN8s6afD9SxUjfA2QG0PwsG8mMIWJ31cyxRnP+AR/Gpug7t
RdP/iKZmE63ENcISjl3+Vc0DQbWXZK0H1BHHH+tDNmRtqnYPODTVPOGkJDWm77R7
th1Hf2/xjVKmUM6eI31RQ3c46bQ45EFM/nwFg+eWmR2YvGzxWeQIh1Rd2xb3A0lE
bXFj5UNYpW3ix+IkcuRXEmCa3b+kKem2EXzIil6aJyOE5S076dWoL1000nZuQm12
sGCYsX7xNkv4yZoBwaHfsaclncWcnP5J82muer8b7k6qd/v6
-----END CERTIFICATE-----