Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tRZBkJxRZ3qrfq8k2FYtctN72Gk.roa
File:                     tRZBkJxRZ3qrfq8k2FYtctN72Gk.roa (raw, json)
Hash identifier:          JcTfkZ5MDSk64UJNm8XdUI2C74E0osn7Bn9bCQ7UugE=
Subject key identifier:   B5:16:41:90:9C:51:67:7A:AB:7E:AF:24:D8:56:2D:72:D3:7B:D8:69
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2957FDB4BA39C4114278C5D340D67E
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tRZBkJxRZ3qrfq8k2FYtctN72Gk.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198886
IP address blocks:        2a0e:8f02:2250::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:57:fd:b4:ba:39:c4:11:42:78:c5:d3:40:d6:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b51641909c51677aab7eaf24d8562d72d37bd869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:09:07:55:e2:05:56:81:00:fb:3c:52:a6:42:
                    5c:34:c5:c1:47:23:84:4e:08:11:44:a2:d0:2b:aa:
                    c2:84:96:82:dd:85:eb:95:6a:0a:50:de:3b:b1:78:
                    e2:97:b4:33:3a:f4:72:5c:cb:8a:ad:ac:ba:82:f8:
                    54:ab:23:3a:ab:38:4f:0f:00:51:58:af:d1:f6:21:
                    d9:fb:4f:fa:65:99:97:7d:65:c0:66:aa:9c:7e:5a:
                    17:30:97:50:9a:d7:e4:d8:9c:a1:56:45:b4:37:38:
                    33:9a:d0:29:5b:82:a1:0c:e4:19:0b:2d:8a:e5:b4:
                    33:ca:ed:f3:0d:7d:9c:e3:c4:88:ef:5b:f0:89:ad:
                    f2:a0:7e:ed:cc:7f:ff:d6:d5:a5:81:0f:66:0d:1d:
                    cf:74:81:7c:a6:28:a8:5a:22:81:29:b2:3c:f2:31:
                    45:eb:c2:51:74:f6:dc:02:26:85:84:e5:57:ae:ac:
                    5e:f3:12:75:09:8a:f3:03:5c:d0:f7:f8:0e:46:f6:
                    55:dc:88:6a:98:60:22:3b:13:39:10:91:16:32:75:
                    59:cb:98:57:84:d3:4d:06:19:1d:1e:a1:1f:90:27:
                    ba:4d:be:91:38:67:a6:b8:e0:73:8e:9b:5a:55:c9:
                    2e:ca:89:97:a4:ba:b6:1c:49:34:00:dd:95:17:f3:
                    43:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:16:41:90:9C:51:67:7A:AB:7E:AF:24:D8:56:2D:72:D3:7B:D8:69
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tRZBkJxRZ3qrfq8k2FYtctN72Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2250::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:dd:07:c3:69:5d:a4:bb:c7:a9:b7:6e:3f:44:5a:bc:4a:e6:
         98:4f:00:8e:7a:c6:c3:67:1a:18:5d:64:a5:ae:64:45:eb:07:
         0a:cf:93:9f:e0:12:da:54:d8:03:17:6f:a5:1c:0e:1c:8d:41:
         12:74:86:70:4b:a0:91:89:92:dd:db:f6:70:6e:72:75:9e:03:
         50:3c:5e:7c:7f:e9:ab:55:82:e1:ab:3b:f2:d9:65:94:e7:28:
         88:3a:cb:a2:47:bc:34:26:f1:46:e8:49:2e:38:62:93:07:3d:
         4f:af:86:a0:bd:5e:cd:75:85:47:b8:22:fa:8d:40:e1:c9:b6:
         51:56:45:c1:d2:97:8b:fc:c2:72:3f:84:77:c4:b1:1c:15:07:
         76:e3:04:80:63:13:fd:66:59:12:77:b8:7f:76:c0:9f:ea:45:
         63:1f:39:ec:c9:5f:05:67:75:d9:06:c9:9a:f5:be:23:fc:40:
         87:f0:b1:9e:3d:e0:d4:fd:10:5b:c8:0b:e8:b9:96:bb:9b:87:
         8d:c5:03:56:21:42:c0:98:dd:ef:2f:9c:33:a7:c5:15:ff:c2:
         cf:63:81:2e:52:a6:6c:8d:d4:4b:b1:88:dc:d0:e2:b6:46:d0:
         98:c4:17:cb:82:88:e4:2e:f4:7c:00:ac:55:06:08:51:5c:3d:
         a8:c9:8d:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVf9tLo5xBFCeMXTQNZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE2NDE5MDljNTE2NzdhYWI3ZWFmMjRkODU2MmQ3MmQzN2JkODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgkHVeIFVoEA+zxSpkJcNMXBRyOE
TggRRKLQK6rChJaC3YXrlWoKUN47sXjil7QzOvRyXMuKray6gvhUqyM6qzhPDwBR
WK/R9iHZ+0/6ZZmXfWXAZqqcfloXMJdQmtfk2JyhVkW0NzgzmtApW4KhDOQZCy2K
5bQzyu3zDX2c48SI71vwia3yoH7tzH//1tWlgQ9mDR3PdIF8piioWiKBKbI88jFF
68JRdPbcAiaFhOVXrqxe8xJ1CYrzA1zQ9/gORvZV3IhqmGAiOxM5EJEWMnVZy5hX
hNNNBhkdHqEfkCe6Tb6ROGemuOBzjptaVckuyomXpLq2HEk0AN2VF/NDhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLUWQZCcUWd6q36vJNhWLXLTe9hpMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvdFJaQmtKeFJaM3FyZnE4azJGWXRjdE43MkdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBO3QfDaV2ku8ept24/RFq8SuaYTwCOesbDZxoY
XWSlrmRF6wcKz5Of4BLaVNgDF2+lHA4cjUESdIZwS6CRiZLd2/ZwbnJ1ngNQPF58
f+mrVYLhqzvy2WWU5yiIOsuiR7w0JvFG6EkuOGKTBz1Pr4agvV7NdYVHuCL6jUDh
ybZRVkXB0peL/MJyP4R3xLEcFQd24wSAYxP9ZlkSd7h/dsCf6kVjHznsyV8FZ3XZ
Bsma9b4j/ECH8LGePeDU/RBbyAvouZa7m4eNxQNWIULAmN3vL5wzp8UV/8LPY4Eu
UqZsjdRLsYjc0OK2RtCYxBfLgojkLvR8AKxVBghRXD2oyY3t
-----END CERTIFICATE-----