Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/qbUMg3hkfSmdHRbqRSGjVEWAADs.roa
File:                     qbUMg3hkfSmdHRbqRSGjVEWAADs.roa (raw, json)
Hash identifier:          gl6e7Xs5RsObYABthQjmS+tFGeQ6IpTe6+f2BZkEpXA=
Subject key identifier:   A9:B5:0C:83:78:64:7D:29:9D:1D:16:EA:45:21:A3:54:45:80:00:3B
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29769F37AA268FC8CABF0398F34CA1
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/qbUMg3hkfSmdHRbqRSGjVEWAADs.roa
Signing time:             Tue 02 Jan 2024 12:32:44 +0000
ROA not before:           Tue 02 Jan 2024 12:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213244
IP address blocks:        2a0e:8f02:f031::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:76:9f:37:aa:26:8f:c8:ca:bf:03:98:f3:4c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9b50c8378647d299d1d16ea4521a3544580003b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ad:d7:ee:d6:c0:c4:2c:ab:a5:c3:ab:1c:46:
                    03:06:43:fc:0e:eb:8f:04:0c:d6:d4:0c:57:7f:1f:
                    84:87:03:06:a7:dd:12:a1:f7:40:cb:b3:9c:50:78:
                    f6:f0:cd:87:6a:99:65:be:a8:b3:37:02:f2:fb:8f:
                    5f:bb:73:8d:a3:e4:e9:3f:39:5e:b1:86:25:80:0b:
                    e8:3e:06:cd:64:6c:9a:2b:24:a7:cf:b8:41:53:c2:
                    c9:15:c9:4e:3a:c3:62:fb:48:a6:b3:d5:99:fe:01:
                    cc:55:7e:37:04:0f:39:ac:66:a7:23:eb:ff:2e:a7:
                    35:3b:d4:03:d1:3d:03:70:3c:6a:98:51:cb:e0:b3:
                    30:5f:76:ee:1e:90:e1:b0:b9:cf:cb:8f:55:7f:b0:
                    53:97:d9:a2:74:98:6b:c7:ae:cd:26:a2:f8:f1:98:
                    c4:8a:63:fb:14:b7:59:20:23:cd:c6:8d:a6:ea:d3:
                    41:08:df:a3:30:34:c3:4b:c1:8f:b8:0a:0f:5e:1d:
                    02:e3:4a:48:5e:1c:a1:29:6f:a6:be:d4:8c:08:4e:
                    e2:f5:d6:f2:b0:bd:34:50:95:a3:d4:f7:0f:ab:9f:
                    e5:33:0d:a8:42:18:cc:82:72:75:24:4a:e9:f8:a5:
                    f8:05:7f:fa:20:5c:9c:a1:3f:96:20:d3:03:20:8f:
                    a6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B5:0C:83:78:64:7D:29:9D:1D:16:EA:45:21:A3:54:45:80:00:3B
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/qbUMg3hkfSmdHRbqRSGjVEWAADs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f031::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:b8:33:d2:22:98:bc:3a:70:d2:ea:8f:f0:b4:26:e1:df:dd:
         de:95:8d:e4:a5:a0:d3:77:4d:28:35:41:25:72:db:3b:b6:1d:
         f6:81:f5:cc:39:6d:33:cf:6e:38:5b:12:dd:34:b6:3b:32:7e:
         a3:40:68:83:cd:69:63:17:34:25:03:39:a7:63:ba:75:4d:69:
         a0:7e:55:7c:1a:ff:75:61:b4:06:5a:9d:a5:56:a0:8c:43:15:
         eb:e9:6e:80:77:06:10:00:ba:10:5d:c1:9e:3f:5f:2f:51:55:
         bb:18:2c:3e:83:f4:6e:68:68:f2:65:3a:e0:53:ed:a5:0a:be:
         99:d9:f9:27:90:c6:72:09:1a:41:42:2c:47:1f:4a:f1:f8:ed:
         b9:be:29:33:fe:b0:06:e1:0b:4c:f0:26:20:97:29:c8:61:e6:
         9e:d8:07:ca:d1:10:c8:de:89:09:8f:9d:f5:d4:61:48:fd:81:
         eb:9a:2e:d7:50:4a:37:c5:2c:a5:0e:c6:f9:14:16:82:34:09:
         26:29:38:7d:32:81:5d:a6:23:50:e6:2c:ff:2f:80:de:08:b6:
         2d:85:de:f2:79:d6:45:47:8c:52:a2:32:28:45:b5:22:84:c6:
         84:29:c4:ff:09:61:0c:8c:53:7b:17:0b:b8:cf:1c:6b:52:da:
         b6:78:1f:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXafN6omj8jKvwOY80yhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWI1MGM4Mzc4NjQ3ZDI5OWQxZDE2ZWE0NTIxYTM1NDQ1ODAwMDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq3X7tbAxCyrpcOrHEYDBkP8DuuP
BAzW1AxXfx+EhwMGp90SofdAy7OcUHj28M2HapllvqizNwLy+49fu3ONo+TpPzle
sYYlgAvoPgbNZGyaKySnz7hBU8LJFclOOsNi+0ims9WZ/gHMVX43BA85rGanI+v/
Lqc1O9QD0T0DcDxqmFHL4LMwX3buHpDhsLnPy49Vf7BTl9midJhrx67NJqL48ZjE
imP7FLdZICPNxo2m6tNBCN+jMDTDS8GPuAoPXh0C40pIXhyhKW+mvtSMCE7i9dby
sL00UJWj1PcPq5/lMw2oQhjMgnJ1JErp+KX4BX/6IFycoT+WINMDII+m6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKm1DIN4ZH0pnR0W6kUho1RFgAA7MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvcWJVTWczaGtmU21kSFJicVJTR2pWRVdBQURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAx
MA0GCSqGSIb3DQEBCwUAA4IBAQBOuDPSIpi8OnDS6o/wtCbh393elY3kpaDTd00o
NUElcts7th32gfXMOW0zz244WxLdNLY7Mn6jQGiDzWljFzQlAzmnY7p1TWmgflV8
Gv91YbQGWp2lVqCMQxXr6W6AdwYQALoQXcGeP18vUVW7GCw+g/RuaGjyZTrgU+2l
Cr6Z2fknkMZyCRpBQixHH0rx+O25vikz/rAG4QtM8CYglynIYeae2AfK0RDI3okJ
j5311GFI/YHrmi7XUEo3xSylDsb5FBaCNAkmKTh9MoFdpiNQ5iz/L4DeCLYthd7y
edZFR4xSojIoRbUihMaEKcT/CWEMjFN7Fwu4zxxrUtq2eB9k
-----END CERTIFICATE-----