Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/yZMqXkGY_oAf4DZSMZtgg3u_rAA.roa
File:                     yZMqXkGY_oAf4DZSMZtgg3u_rAA.roa (raw, json)
Hash identifier:          xQXqzB3uNgGZ9fsoXdILwhCyJZqUVvk8JNxX3xjX5Ek=
Subject key identifier:   C9:93:2A:5E:41:98:FE:80:1F:E0:36:52:31:9B:60:83:7B:BF:AC:00
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296B019688A75F3FE861AB73176AB0
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/yZMqXkGY_oAf4DZSMZtgg3u_rAA.roa
Signing time:             Tue 02 Jan 2024 12:32:41 +0000
ROA not before:           Tue 02 Jan 2024 12:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211980
IP address blocks:        2a0e:8f02:f006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:6b:01:96:88:a7:5f:3f:e8:61:ab:73:17:6a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9932a5e4198fe801fe03652319b60837bbfac00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d3:c0:4b:74:c1:9a:68:74:64:1d:a2:d9:31:
                    1f:03:c9:66:09:42:19:96:c5:a2:63:af:05:b0:c9:
                    ce:fd:54:28:2a:f4:2f:8b:87:2e:18:d6:aa:dd:26:
                    36:e0:d2:44:bc:f7:5a:e0:28:bc:50:93:0e:94:1b:
                    cb:4d:39:bd:db:d4:9d:db:01:a3:25:05:61:17:29:
                    73:0f:f4:c0:ea:d0:ce:93:9d:91:c7:9f:e7:eb:d1:
                    0f:01:6b:96:90:bd:b1:84:ba:a2:ae:3a:ed:f1:86:
                    9b:ca:d2:01:0b:2c:0c:e5:ea:14:66:e6:57:02:de:
                    e6:27:07:83:b2:e6:63:e6:08:88:d5:e1:78:ae:3f:
                    54:4c:5f:89:32:7e:4d:a8:ff:43:48:90:0a:ec:91:
                    51:c9:74:1e:6c:9b:e2:fd:9f:6b:0b:28:94:d4:e4:
                    36:05:1c:1f:39:dc:2e:2e:01:19:2d:77:5f:63:73:
                    b9:10:52:9d:60:5c:a9:f9:94:c7:0e:18:97:aa:60:
                    2e:14:bf:7f:ca:b6:ee:08:07:23:c7:f2:60:ce:9a:
                    18:a1:d8:fe:d9:1a:5e:b4:0a:9a:ff:20:a9:92:70:
                    94:4f:9e:5e:ba:7f:47:a9:65:a0:9d:9c:84:f2:3a:
                    a0:71:14:7f:f7:6a:b1:91:cf:a0:e5:60:f0:a7:2f:
                    f8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:93:2A:5E:41:98:FE:80:1F:E0:36:52:31:9B:60:83:7B:BF:AC:00
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/yZMqXkGY_oAf4DZSMZtgg3u_rAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f006::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:d0:cb:de:59:b0:8a:e1:91:f7:0d:93:e5:2c:62:7a:00:73:
         c4:a4:ce:37:c9:5f:b1:26:34:89:a3:c7:39:60:de:92:53:9c:
         64:a0:81:62:26:5f:43:f8:f2:74:6f:3d:7f:dc:ca:3b:09:6c:
         84:7b:cb:91:96:7a:7f:1e:e0:30:a9:8a:9e:26:85:2e:5e:eb:
         d8:7c:76:93:ac:80:ca:a6:11:a3:03:50:77:0c:17:ae:da:30:
         1a:62:dc:2d:f1:cf:fe:48:d2:e8:bb:8a:fe:a6:00:27:cf:0a:
         cf:32:69:b3:7a:96:11:65:11:19:c4:2b:94:23:d2:db:f2:6c:
         f5:88:e4:14:fe:b3:e2:9f:bd:aa:ad:01:d5:fc:b8:43:75:1d:
         ab:ea:08:e5:65:88:c5:f8:37:a1:87:8e:0f:ea:3a:88:82:fe:
         49:b0:53:4c:f0:07:59:a6:fc:13:0d:a6:6d:6d:95:bf:ea:72:
         88:45:f7:d5:37:d6:64:04:fb:f6:7c:d6:10:99:16:f1:80:52:
         56:a4:53:85:e5:22:b6:85:ee:1b:ac:b5:98:97:d1:1e:f6:c0:
         00:d1:dc:af:16:65:7c:40:69:87:b3:c3:14:91:9d:cf:b3:0c:
         cf:31:14:e9:03:d6:c8:58:76:7a:cd:8e:2d:5f:2b:eb:59:eb:
         be:c0:ee:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWsBloinXz/oYatzF2qwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkzMmE1ZTQxOThmZTgwMWZlMDM2NTIzMTliNjA4MzdiYmZhYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdPAS3TBmmh0ZB2i2TEfA8lmCUIZ
lsWiY68FsMnO/VQoKvQvi4cuGNaq3SY24NJEvPda4Ci8UJMOlBvLTTm929Sd2wGj
JQVhFylzD/TA6tDOk52Rx5/n69EPAWuWkL2xhLqirjrt8YabytIBCywM5eoUZuZX
At7mJweDsuZj5giI1eF4rj9UTF+JMn5NqP9DSJAK7JFRyXQebJvi/Z9rCyiU1OQ2
BRwfOdwuLgEZLXdfY3O5EFKdYFyp+ZTHDhiXqmAuFL9/yrbuCAcjx/JgzpoYodj+
2RpetAqa/yCpknCUT55eun9HqWWgnZyE8jqgcRR/92qxkc+g5WDwpy/4bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMmTKl5BmP6AH+A2UjGbYIN7v6wAMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEveVpNcVhrR1lfb0FmNERaU01adGdnM3VfckFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAG
MA0GCSqGSIb3DQEBCwUAA4IBAQBr0MveWbCK4ZH3DZPlLGJ6AHPEpM43yV+xJjSJ
o8c5YN6SU5xkoIFiJl9D+PJ0bz1/3Mo7CWyEe8uRlnp/HuAwqYqeJoUuXuvYfHaT
rIDKphGjA1B3DBeu2jAaYtwt8c/+SNLou4r+pgAnzwrPMmmzepYRZREZxCuUI9Lb
8mz1iOQU/rPin72qrQHV/LhDdR2r6gjlZYjF+Dehh44P6jqIgv5JsFNM8AdZpvwT
DaZtbZW/6nKIRffVN9ZkBPv2fNYQmRbxgFJWpFOF5SK2he4brLWYl9Ee9sAA0dyv
FmV8QGmHs8MUkZ3PswzPMRTpA9bIWHZ6zY4tXyvrWeu+wO5C
-----END CERTIFICATE-----