Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tS2eqNwr847R-w2mK9FR0sKYrAE.roa
File:                     tS2eqNwr847R-w2mK9FR0sKYrAE.roa (raw, json)
Hash identifier:          7byvun8Ck9Roem/tGYgD3H06OTX2WzDB5Oj+iZjuuGc=
Subject key identifier:   B5:2D:9E:A8:DC:2B:F3:8E:D1:FB:0D:A6:2B:D1:51:D2:C2:98:AC:01
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295952A111D48F27343AF40E336743
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tS2eqNwr847R-w2mK9FR0sKYrAE.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200169
IP address blocks:        2a0e:8f02:f056::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:59:52:a1:11:d4:8f:27:34:3a:f4:0e:33:67:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b52d9ea8dc2bf38ed1fb0da62bd151d2c298ac01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a5:49:4f:7a:da:aa:d9:39:d0:38:a7:ae:e3:
                    a8:92:74:13:ed:08:c2:42:fb:f4:8b:7f:7a:16:8c:
                    d6:1f:66:07:46:45:dd:22:41:24:b2:9e:bb:44:86:
                    67:7a:9e:67:28:92:bd:53:fa:69:b0:8a:02:ea:44:
                    07:b9:55:09:05:51:3b:b0:36:81:97:49:88:a3:f4:
                    6a:b4:2f:5d:89:a1:c2:8e:c4:20:67:43:0f:d6:40:
                    90:76:89:a7:44:71:34:f5:08:b3:5c:83:5b:8b:6a:
                    d2:74:ae:1c:63:b7:cd:12:c5:e0:9b:4f:bf:e3:79:
                    f0:2c:70:eb:6c:2d:ee:09:3f:21:05:a0:93:74:7e:
                    55:77:4b:3a:6e:4d:6c:3c:da:1f:10:b1:cc:92:ae:
                    87:c0:0e:2e:5f:39:bc:a2:69:f7:10:42:9a:89:9d:
                    48:55:9e:56:94:aa:74:39:b4:1d:e3:9e:7c:bb:8c:
                    f4:b8:3b:4f:a8:a3:62:89:38:a8:4d:9b:f8:f7:8b:
                    72:23:8f:1d:6b:32:a8:6e:ae:dd:b3:31:6e:87:2e:
                    3d:c6:49:fa:df:c8:6a:42:33:d1:0d:78:c2:63:c5:
                    87:21:15:09:b4:79:9f:b5:9c:6f:89:2e:28:a0:be:
                    38:12:e2:b8:4a:ba:52:b6:4e:4f:2b:95:83:2f:98:
                    cd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:2D:9E:A8:DC:2B:F3:8E:D1:FB:0D:A6:2B:D1:51:D2:C2:98:AC:01
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tS2eqNwr847R-w2mK9FR0sKYrAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f056::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:ac:a8:a7:ba:63:4d:31:04:a6:00:91:39:67:7c:a5:fd:9d:
         74:43:e2:5a:a2:93:e9:e8:b4:a7:e9:a6:08:e5:2a:04:96:0b:
         e6:3d:c2:6d:68:1e:3a:a9:fe:f6:8d:03:39:40:8c:51:6f:79:
         b8:e5:b6:61:4b:86:13:f9:29:f2:fa:8b:99:50:fe:c4:12:1c:
         d3:63:a1:86:4f:71:96:27:98:ed:4a:2f:87:ce:9c:e4:51:e9:
         41:81:b9:49:a4:54:36:18:91:e8:bb:7e:0d:2e:2f:56:11:8b:
         ba:d1:19:d3:cf:ca:b9:ff:07:af:71:7b:d4:38:73:d7:7b:29:
         6f:5e:8f:00:71:f6:79:fd:b2:86:74:d6:96:2a:2a:d5:a6:42:
         d9:0a:12:14:5d:d0:a6:1a:55:b4:22:c9:e4:83:aa:2b:50:b3:
         db:b1:d0:a9:f7:f1:85:ab:87:d7:f9:13:be:e4:b9:d0:3c:2a:
         1e:51:41:f3:07:61:60:27:f0:b6:c0:8f:02:df:87:bd:5f:f9:
         d5:72:16:3b:41:14:d2:60:7f:01:4f:6a:f7:55:81:0c:ec:a7:
         8e:c2:57:ae:77:67:5e:1a:6e:96:c5:c6:bc:b1:46:1a:39:c9:
         f4:01:31:91:fa:a0:5c:87:6b:a7:34:53:8c:06:ad:05:54:ce:
         67:5c:76:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVlSoRHUjyc0OvQOM2dDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTJkOWVhOGRjMmJmMzhlZDFmYjBkYTYyYmQxNTFkMmMyOThhYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKVJT3raqtk50DinruOoknQT7QjC
Qvv0i396FozWH2YHRkXdIkEksp67RIZnep5nKJK9U/ppsIoC6kQHuVUJBVE7sDaB
l0mIo/RqtC9diaHCjsQgZ0MP1kCQdomnRHE09QizXINbi2rSdK4cY7fNEsXgm0+/
43nwLHDrbC3uCT8hBaCTdH5Vd0s6bk1sPNofELHMkq6HwA4uXzm8omn3EEKaiZ1I
VZ5WlKp0ObQd4558u4z0uDtPqKNiiTioTZv494tyI48dazKobq7dszFuhy49xkn6
38hqQjPRDXjCY8WHIRUJtHmftZxviS4ooL44EuK4SrpStk5PK5WDL5jN9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLUtnqjcK/OO0fsNpivRUdLCmKwBMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvdFMyZXFOd3I4NDdSLXcybUs5RlIwc0tZckFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBW
MA0GCSqGSIb3DQEBCwUAA4IBAQAErKinumNNMQSmAJE5Z3yl/Z10Q+JaopPp6LSn
6aYI5SoElgvmPcJtaB46qf72jQM5QIxRb3m45bZhS4YT+Sny+ouZUP7EEhzTY6GG
T3GWJ5jtSi+HzpzkUelBgblJpFQ2GJHou34NLi9WEYu60RnTz8q5/wevcXvUOHPX
eylvXo8AcfZ5/bKGdNaWKirVpkLZChIUXdCmGlW0Isnkg6orULPbsdCp9/GFq4fX
+RO+5LnQPCoeUUHzB2FgJ/C2wI8C34e9X/nVchY7QRTSYH8BT2r3VYEM7KeOwleu
d2deGm6Wxca8sUYaOcn0ATGR+qBch2unNFOMBq0FVM5nXHbP
-----END CERTIFICATE-----