Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tPxrjoC6Ylo63rag4qBfye_dBMQ.roa
File:                     tPxrjoC6Ylo63rag4qBfye_dBMQ.roa (raw, json)
Hash identifier:          0Ozq3GswjapvnlgO+3fLFY7TqybC9AVhQS5deCIfYek=
Subject key identifier:   B4:FC:6B:8E:80:BA:62:5A:3A:DE:B6:A0:E2:A0:5F:C9:EF:DD:04:C4
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2972792AA908D733BF6ACC7761CBCB
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tPxrjoC6Ylo63rag4qBfye_dBMQ.roa
Signing time:             Tue 02 Jan 2024 12:32:42 +0000
ROA not before:           Tue 02 Jan 2024 12:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212519
IP address blocks:        2a0e:8f02:f027::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:72:79:2a:a9:08:d7:33:bf:6a:cc:77:61:cb:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4fc6b8e80ba625a3adeb6a0e2a05fc9efdd04c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:12:1f:96:19:35:a9:7c:dd:7c:61:45:a0:ef:
                    c7:ce:7a:fb:5e:50:88:f1:d5:8d:07:2f:20:42:b7:
                    8d:63:23:76:fa:83:ae:1c:a6:73:02:d2:56:7a:ef:
                    cc:0b:f4:81:26:1e:ad:09:8c:b6:ef:01:de:b3:0c:
                    98:ae:eb:c8:a2:40:8b:c0:a1:fd:44:ed:16:35:69:
                    8d:34:a1:03:ad:ce:8c:01:92:ab:32:71:e1:5b:0a:
                    1b:d9:6a:b6:27:d4:e6:98:15:66:19:01:d0:ac:f6:
                    40:f4:c8:48:5b:12:cb:95:3b:92:37:4a:78:b4:bd:
                    e1:14:68:be:9b:01:0c:6d:4f:b7:4c:6e:7a:9d:60:
                    45:79:e5:b7:d7:f8:e4:d8:15:bc:d8:68:cf:22:86:
                    77:8c:09:00:dc:8e:ad:a5:43:57:8e:80:94:d8:91:
                    00:72:5c:6e:3a:3a:63:cb:33:29:9f:cd:de:b9:ba:
                    b6:aa:26:36:61:1e:65:fd:d4:92:70:2d:ff:97:fd:
                    0f:5b:19:a4:fa:d8:9e:ed:37:1e:7d:e5:0e:c1:a8:
                    52:f6:79:19:25:2b:04:2d:31:6b:e1:4d:60:d0:a9:
                    e6:82:e2:52:9d:9f:84:cc:68:46:c5:ce:76:79:46:
                    eb:a1:c0:a1:38:97:c3:6b:91:eb:00:13:11:35:55:
                    e9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:FC:6B:8E:80:BA:62:5A:3A:DE:B6:A0:E2:A0:5F:C9:EF:DD:04:C4
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tPxrjoC6Ylo63rag4qBfye_dBMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f027::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:72:3f:ea:e1:19:eb:12:de:bc:a7:3b:7e:61:d8:0f:91:c8:
         c9:9f:3d:9d:ad:52:84:aa:85:9c:78:1e:02:41:79:69:8e:74:
         c1:ae:28:ae:aa:16:84:80:a7:51:92:d6:66:47:7f:b8:c6:4e:
         9d:d3:76:bf:a6:81:9d:54:21:23:2c:8d:05:06:92:23:f1:6f:
         7f:8a:d6:8a:7b:86:b3:1c:fc:fa:2b:c9:97:39:df:47:99:5a:
         ae:34:32:62:a1:8e:23:4a:9d:8c:32:4e:79:82:7d:af:ea:28:
         c9:7a:cf:9d:97:8e:8a:de:94:c5:2f:a5:db:a7:de:bd:42:69:
         69:5e:b8:9e:88:6f:6d:e0:8b:ff:11:85:0b:27:55:d0:9c:97:
         e9:b1:a1:5c:bd:ec:b6:f3:e0:b5:12:b8:67:6b:1e:e8:58:d0:
         80:16:a5:85:84:22:6b:1e:05:39:39:e0:2a:1b:8a:be:cf:b7:
         61:56:fb:79:bd:ea:0a:45:13:78:a3:e4:73:03:14:8f:70:da:
         30:f4:1c:63:48:09:fa:44:68:99:fc:d6:10:49:7d:4f:85:75:
         dc:5d:23:99:cb:c5:41:86:13:e5:c1:84:dd:cb:79:c1:86:ca:
         fe:70:89:fb:1c:37:36:ac:42:fb:c3:cc:15:b3:6b:0d:78:30:
         f4:0e:df:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXJ5KqkI1zO/asx3YcvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGZjNmI4ZTgwYmE2MjVhM2FkZWI2YTBlMmEwNWZjOWVmZGQwNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRIflhk1qXzdfGFFoO/Hznr7XlCI
8dWNBy8gQreNYyN2+oOuHKZzAtJWeu/MC/SBJh6tCYy27wHeswyYruvIokCLwKH9
RO0WNWmNNKEDrc6MAZKrMnHhWwob2Wq2J9TmmBVmGQHQrPZA9MhIWxLLlTuSN0p4
tL3hFGi+mwEMbU+3TG56nWBFeeW31/jk2BW82GjPIoZ3jAkA3I6tpUNXjoCU2JEA
clxuOjpjyzMpn83eubq2qiY2YR5l/dSScC3/l/0PWxmk+tie7TcefeUOwahS9nkZ
JSsELTFr4U1g0KnmguJSnZ+EzGhGxc52eUbrocChOJfDa5HrABMRNVXpHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLT8a46AumJaOt62oOKgX8nv3QTEMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvdFB4cmpvQzZZbG82M3JhZzRxQmZ5ZV9kQk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAn
MA0GCSqGSIb3DQEBCwUAA4IBAQCNcj/q4RnrEt68pzt+YdgPkcjJnz2drVKEqoWc
eB4CQXlpjnTBriiuqhaEgKdRktZmR3+4xk6d03a/poGdVCEjLI0FBpIj8W9/itaK
e4azHPz6K8mXOd9HmVquNDJioY4jSp2MMk55gn2v6ijJes+dl46K3pTFL6Xbp969
QmlpXrieiG9t4Iv/EYULJ1XQnJfpsaFcvey28+C1Erhnax7oWNCAFqWFhCJrHgU5
OeAqG4q+z7dhVvt5veoKRRN4o+RzAxSPcNow9BxjSAn6RGiZ/NYQSX1PhXXcXSOZ
y8VBhhPlwYTdy3nBhsr+cIn7HDc2rEL7w8wVs2sNeDD0Dt/X
-----END CERTIFICATE-----