Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tvUZ90l2G9MxuxDNplFlQUXM0nE.roa
File:                     tvUZ90l2G9MxuxDNplFlQUXM0nE.roa (raw, json)
Hash identifier:          Sf5+yg9vVbwfZrKtL4+DSsm6xNbmDoBxhzjeIXcdq78=
Subject key identifier:   B6:F5:19:F7:49:76:1B:D3:31:BB:10:CD:A6:51:65:41:45:CC:D2:71
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295B8424B989485D5C7B6AC34B68DD
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tvUZ90l2G9MxuxDNplFlQUXM0nE.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202939
IP address blocks:        2a0e:8f02:f04e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5b:84:24:b9:89:48:5d:5c:7b:6a:c3:4b:68:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f519f749761bd331bb10cda651654145ccd271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:82:66:0f:4f:b8:fb:30:01:77:ca:14:c2:7f:
                    db:5b:77:e1:6d:e5:bf:24:f0:9a:4a:f7:16:0b:1a:
                    c6:53:76:58:ff:ca:9f:d7:f2:f3:12:20:7f:4a:67:
                    9c:b3:f2:fd:24:f7:72:9e:3f:60:3d:b5:33:c5:30:
                    b9:5d:79:77:19:ed:67:2b:8d:12:bd:ab:64:ce:01:
                    c8:76:45:24:88:4a:dd:67:93:2f:dc:cd:8d:37:ff:
                    cb:00:66:5f:b7:95:dd:c2:6a:57:01:ca:3e:9c:25:
                    98:61:9e:3f:88:f3:fe:f8:66:03:9f:0f:b4:a1:ca:
                    79:0a:ba:f3:15:65:97:cd:6c:fe:c1:96:45:3a:f0:
                    d4:bc:6f:e9:0b:a8:e1:07:c0:c1:75:b6:59:fa:85:
                    48:78:46:6e:97:31:14:c7:3f:7e:2d:e2:c6:a3:cd:
                    c7:bf:3d:bd:d7:16:24:e4:c8:4b:fe:21:43:5c:15:
                    a5:ec:a8:37:95:ea:47:9a:68:37:a1:12:2e:36:36:
                    50:93:5d:9e:e4:f9:9b:dc:9c:c9:45:68:04:53:65:
                    36:ca:89:2e:b3:14:87:e1:22:e6:ca:9f:15:36:d3:
                    be:c9:60:71:fb:80:f8:8c:66:d6:28:83:d2:fd:3a:
                    eb:84:78:d7:29:f7:31:0f:9b:6b:31:11:e6:34:3b:
                    cf:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F5:19:F7:49:76:1B:D3:31:BB:10:CD:A6:51:65:41:45:CC:D2:71
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/tvUZ90l2G9MxuxDNplFlQUXM0nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f04e::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:fb:bb:b5:78:6d:3c:47:54:99:81:fc:62:0c:b4:0f:df:88:
         22:65:f4:e4:4f:73:f1:77:aa:16:44:c4:c9:2f:b8:da:a2:64:
         8d:56:fe:a8:fd:62:d8:11:ce:f9:d5:10:5d:13:78:f8:bd:e6:
         c9:f8:c5:51:65:e1:7e:44:b4:25:3d:d7:a1:e6:68:c3:9e:af:
         f9:75:60:6b:04:c0:6c:d3:16:29:12:59:96:7d:9f:cb:b7:c3:
         71:72:2f:6e:91:b4:e0:ab:9a:b6:f6:fb:f1:1c:1f:95:72:4f:
         49:52:3f:3f:80:2c:7e:45:62:68:75:e2:d1:eb:42:60:bc:91:
         5c:d0:04:dd:69:0d:54:ab:27:2c:cf:52:50:fa:24:41:58:6a:
         39:19:85:cc:d8:40:80:02:bb:67:82:7d:0d:64:db:5e:47:ab:
         09:22:44:5a:67:1f:43:7e:b2:23:c4:d1:67:50:67:17:f3:ee:
         85:0d:2d:f9:3d:f2:2f:23:df:3d:2c:54:89:27:b8:ad:a1:3d:
         b8:c5:70:2a:4f:d6:5e:47:75:9f:86:d4:c2:5e:1b:60:f3:f9:
         e5:a7:1a:2f:eb:65:92:97:02:be:a2:29:8b:47:f0:53:72:34:
         1c:4e:a0:9e:32:92:7c:0d:41:ca:c3:e8:8e:0c:ca:f8:a7:7c:
         fb:e0:91:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVuEJLmJSF1ce2rDS2jdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY1MTlmNzQ5NzYxYmQzMzFiYjEwY2RhNjUxNjU0MTQ1Y2NkMjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYJmD0+4+zABd8oUwn/bW3fhbeW/
JPCaSvcWCxrGU3ZY/8qf1/LzEiB/Smecs/L9JPdynj9gPbUzxTC5XXl3Ge1nK40S
vatkzgHIdkUkiErdZ5Mv3M2NN//LAGZft5XdwmpXAco+nCWYYZ4/iPP++GYDnw+0
ocp5CrrzFWWXzWz+wZZFOvDUvG/pC6jhB8DBdbZZ+oVIeEZulzEUxz9+LeLGo83H
vz291xYk5MhL/iFDXBWl7Kg3lepHmmg3oRIuNjZQk12e5Pmb3JzJRWgEU2U2yoku
sxSH4SLmyp8VNtO+yWBx+4D4jGbWKIPS/TrrhHjXKfcxD5trMRHmNDvPKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLb1GfdJdhvTMbsQzaZRZUFFzNJxMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvdHZVWjkwbDJHOU14dXhETnBsRmxRVVhNMG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBO
MA0GCSqGSIb3DQEBCwUAA4IBAQAc+7u1eG08R1SZgfxiDLQP34giZfTkT3Pxd6oW
RMTJL7jaomSNVv6o/WLYEc751RBdE3j4vebJ+MVRZeF+RLQlPdeh5mjDnq/5dWBr
BMBs0xYpElmWfZ/Lt8Nxci9ukbTgq5q29vvxHB+Vck9JUj8/gCx+RWJodeLR60Jg
vJFc0ATdaQ1Uqycsz1JQ+iRBWGo5GYXM2ECAArtngn0NZNteR6sJIkRaZx9DfrIj
xNFnUGcX8+6FDS35PfIvI989LFSJJ7itoT24xXAqT9ZeR3WfhtTCXhtg8/nlpxov
62WSlwK+oimLR/BTcjQcTqCeMpJ8DUHKw+iODMr4p3z74JFn
-----END CERTIFICATE-----