Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/xmnoeDlBZf9rrHixDA9FBR_L0ko.roa
File:                     xmnoeDlBZf9rrHixDA9FBR_L0ko.roa (raw, json)
Hash identifier:          Lr9E6+5PAbC95Y116PCdsgmz/C0xWg0HY4W/M8tFDGc=
Subject key identifier:   C6:69:E8:78:39:41:65:FF:6B:AC:78:B1:0C:0F:45:05:1F:CB:D2:4A
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296861BD8BFA1F56F5CB6794FC2992
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/xmnoeDlBZf9rrHixDA9FBR_L0ko.roa
Signing time:             Tue 02 Jan 2024 12:32:40 +0000
ROA not before:           Tue 02 Jan 2024 12:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211635
IP address blocks:        2a0e:8f02:2120::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 04:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:68:61:bd:8b:fa:1f:56:f5:cb:67:94:fc:29:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c669e878394165ff6bac78b10c0f45051fcbd24a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ef:ed:6b:e4:3c:7d:39:d5:42:9f:25:18:ca:
                    6a:0b:ce:c3:48:ad:08:fd:e8:5e:92:64:0e:35:2c:
                    5a:27:31:80:6b:13:00:ad:a3:f2:46:bd:ed:1c:9a:
                    82:9d:c0:5e:32:94:df:46:d2:f5:ae:08:95:27:23:
                    07:33:1a:89:57:89:28:58:20:33:3d:dd:05:de:31:
                    fc:68:94:88:e6:6b:72:2d:dd:c7:58:05:76:3a:08:
                    1d:e3:5d:cd:27:44:dc:61:65:4c:d6:41:76:5a:df:
                    42:9e:02:de:e8:aa:e7:86:26:e3:49:28:18:38:56:
                    c1:d1:f7:70:0d:10:0e:3c:f3:5e:f2:c9:3d:52:f9:
                    21:cd:71:07:af:e6:ae:cb:f1:78:d2:8b:9e:af:4b:
                    d1:d2:2c:14:9d:7b:ef:c2:49:c9:a5:a6:da:3f:46:
                    a4:df:84:97:9a:4f:3f:52:37:35:5e:a4:6c:22:1d:
                    f3:ac:5b:c2:e8:cd:fb:c7:fc:fc:69:80:79:3c:ba:
                    f0:f3:57:fe:fd:ad:23:2c:36:80:03:9b:8a:d5:eb:
                    d6:40:7b:08:aa:fe:8a:8b:8b:82:2c:10:a0:c7:e9:
                    1a:83:ca:e1:37:18:3c:69:8c:1c:69:f9:b0:3c:57:
                    5b:63:6e:c3:50:e2:fb:f0:75:02:e5:b3:d3:b5:d2:
                    78:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:69:E8:78:39:41:65:FF:6B:AC:78:B1:0C:0F:45:05:1F:CB:D2:4A
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/xmnoeDlBZf9rrHixDA9FBR_L0ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2120::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:31:be:a1:a6:04:44:ca:7f:14:6b:e0:4e:7c:ae:33:6b:2a:
         f0:a5:c6:f1:3a:30:59:07:e3:23:ed:da:8c:38:c9:ae:f6:49:
         ae:8a:ce:d0:a8:96:19:66:e2:8a:15:99:3d:a9:98:66:ef:ff:
         b0:f5:3a:3e:43:87:1c:5e:69:7a:fa:2a:61:b5:2d:59:45:fe:
         65:49:62:4c:01:7c:57:43:77:04:a6:b2:f9:51:1f:cd:6d:fb:
         44:94:9e:b3:eb:44:7c:c6:a3:72:c7:12:bc:c2:5b:f5:f5:e8:
         16:51:4e:74:dd:8c:39:d6:2d:3c:ae:8c:06:a8:48:f8:5c:14:
         3d:f8:7b:c8:61:64:91:6c:22:ba:34:c0:74:c4:ab:e6:86:45:
         fb:cc:5f:8d:6c:91:d9:8c:ad:fa:e3:dd:ee:64:b6:3c:0c:13:
         a4:8c:68:6f:f2:9a:bf:e6:df:60:d4:26:58:82:d6:e0:d7:83:
         cf:58:ae:e5:46:20:aa:40:a2:06:f9:fd:fe:77:05:0f:8b:8d:
         55:8f:88:ab:e9:19:58:69:c2:c2:cb:82:f2:a8:dc:2a:b3:16:
         5d:92:ac:67:d7:db:fd:67:75:9e:b5:28:13:cb:0d:ae:5c:e9:
         0f:98:fa:fc:52:7b:ec:62:35:46:1b:ba:7a:73:67:b7:6d:5b:
         04:a5:c9:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWhhvYv6H1b1y2eU/CmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY5ZTg3ODM5NDE2NWZmNmJhYzc4YjEwYzBmNDUwNTFmY2JkMjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+/ta+Q8fTnVQp8lGMpqC87DSK0I
/ehekmQONSxaJzGAaxMAraPyRr3tHJqCncBeMpTfRtL1rgiVJyMHMxqJV4koWCAz
Pd0F3jH8aJSI5mtyLd3HWAV2Oggd413NJ0TcYWVM1kF2Wt9CngLe6KrnhibjSSgY
OFbB0fdwDRAOPPNe8sk9UvkhzXEHr+auy/F40ouer0vR0iwUnXvvwknJpabaP0ak
34SXmk8/Ujc1XqRsIh3zrFvC6M37x/z8aYB5PLrw81f+/a0jLDaAA5uK1evWQHsI
qv6Ki4uCLBCgx+kag8rhNxg8aYwcafmwPFdbY27DUOL78HUC5bPTtdJ4uQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMZp6Hg5QWX/a6x4sQwPRQUfy9JKMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEveG1ub2VEbEJaZjlyckhpeERBOUZCUl9MMGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiEg
MA0GCSqGSIb3DQEBCwUAA4IBAQCgMb6hpgREyn8Ua+BOfK4zayrwpcbxOjBZB+Mj
7dqMOMmu9kmuis7QqJYZZuKKFZk9qZhm7/+w9To+Q4ccXml6+iphtS1ZRf5lSWJM
AXxXQ3cEprL5UR/NbftElJ6z60R8xqNyxxK8wlv19egWUU503Yw51i08rowGqEj4
XBQ9+HvIYWSRbCK6NMB0xKvmhkX7zF+NbJHZjK36493uZLY8DBOkjGhv8pq/5t9g
1CZYgtbg14PPWK7lRiCqQKIG+f3+dwUPi41Vj4ir6RlYacLCy4LyqNwqsxZdkqxn
19v9Z3WetSgTyw2uXOkPmPr8UnvsYjVGG7p6c2e3bVsEpcn+
-----END CERTIFICATE-----