Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/zO567tZmu4GDho1ILI6MaRrzsHQ.roa
File:                     zO567tZmu4GDho1ILI6MaRrzsHQ.roa (raw, json)
Hash identifier:          cZ6xxQ4qb6mB01e9MDGxPq07oGPTuCfQnLA2xhfCHIU=
Subject key identifier:   CC:EE:7A:EE:D6:66:BB:81:83:86:8D:48:2C:8E:8C:69:1A:F3:B0:74
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296FDAF8944628BE885E4AF43C7304
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/zO567tZmu4GDho1ILI6MaRrzsHQ.roa
Signing time:             Tue 02 Jan 2024 12:32:42 +0000
ROA not before:           Tue 02 Jan 2024 12:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212331
IP address blocks:        2a0e:8f02:f010::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:6f:da:f8:94:46:28:be:88:5e:4a:f4:3c:73:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccee7aeed666bb8183868d482c8e8c691af3b074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a4:9d:bf:d6:b2:af:59:be:9d:27:68:33:bc:
                    8c:cc:08:f6:f0:fa:25:e7:8a:d1:64:88:f4:84:41:
                    b1:d5:39:5c:d9:42:8c:ad:5b:c5:a2:37:20:ec:c9:
                    13:3f:74:fb:9f:eb:ad:e7:f7:23:4a:a8:c9:87:8b:
                    76:9a:e1:41:65:e2:b0:f1:d2:4d:ba:34:60:a8:4b:
                    df:8a:ae:7a:d9:67:ba:53:df:0b:d1:a5:91:8a:6d:
                    73:aa:84:f5:d3:ef:90:5a:40:2c:24:e3:fb:c4:ff:
                    4d:72:dc:2c:4b:d9:1a:dc:a2:25:07:56:94:d3:06:
                    f4:7d:2b:cf:26:22:08:dc:b2:26:fb:5f:d4:d1:79:
                    b1:cb:1d:d3:77:b7:1d:4a:79:34:44:30:e5:6d:fe:
                    3e:06:fe:98:f4:26:db:ed:b8:88:dd:98:aa:91:3b:
                    2f:75:0f:ec:4a:7c:a7:eb:a5:41:61:3b:b6:bb:3d:
                    be:a6:59:05:e6:32:b3:0a:26:2b:3e:77:17:58:db:
                    8c:09:69:14:2d:e6:9a:44:fb:07:45:92:13:bf:01:
                    33:9c:71:00:2b:54:dd:51:98:b5:69:00:9d:16:c9:
                    ee:db:2f:fe:46:b9:07:e8:22:7d:63:d4:5a:22:79:
                    84:d2:ac:31:5f:19:f8:d4:e8:77:64:b7:f6:33:21:
                    1e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EE:7A:EE:D6:66:BB:81:83:86:8D:48:2C:8E:8C:69:1A:F3:B0:74
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/zO567tZmu4GDho1ILI6MaRrzsHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f010::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:6a:0d:77:fe:3f:ae:57:d6:76:96:d1:d5:90:60:45:2c:cf:
         6d:1e:bc:4e:16:80:a7:12:b5:cd:e7:77:34:27:72:f8:02:b4:
         31:9b:1f:eb:43:3d:6f:4c:1b:c7:c2:55:7e:fb:8f:f9:9f:3b:
         c2:65:41:56:9a:89:2c:c1:1b:8b:7e:35:68:2e:32:40:9c:f2:
         85:36:d6:44:f9:94:8c:a3:b6:fe:9a:55:b4:dc:c2:a8:80:7f:
         cd:30:a3:6d:01:27:8d:e1:31:b8:11:64:7a:15:16:45:e6:1e:
         7c:3d:dc:17:20:4c:ee:c5:86:96:bc:fb:93:7d:10:37:75:3a:
         ea:30:62:c9:f4:48:85:27:2e:85:cd:47:34:3b:a1:38:10:4e:
         6a:f3:9c:51:bc:6f:30:00:ef:79:17:cd:58:48:d0:75:3d:30:
         19:f0:93:00:ca:db:1e:a7:00:8b:1a:10:fd:1d:1b:42:92:32:
         16:7e:a2:6b:99:74:9c:0f:48:87:3a:d2:5f:66:97:09:ca:29:
         2d:99:a8:c0:25:c7:ca:99:dd:b5:22:1c:39:8b:1a:36:4a:d2:
         81:4c:1d:2d:9a:d5:16:23:5b:2a:57:6c:41:ac:f5:f7:b4:9c:
         69:0e:15:81:67:50:12:c7:ed:20:01:42:a9:eb:2c:b3:4d:fa:
         08:ec:71:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKW/a+JRGKL6IXkr0PHMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VlN2FlZWQ2NjZiYjgxODM4NjhkNDgyYzhlOGM2OTFhZjNiMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8KSdv9ayr1m+nSdoM7yMzAj28Pol
54rRZIj0hEGx1Tlc2UKMrVvFojcg7MkTP3T7n+ut5/cjSqjJh4t2muFBZeKw8dJN
ujRgqEvfiq562We6U98L0aWRim1zqoT10++QWkAsJOP7xP9NctwsS9ka3KIlB1aU
0wb0fSvPJiII3LIm+1/U0Xmxyx3Td7cdSnk0RDDlbf4+Bv6Y9Cbb7biI3ZiqkTsv
dQ/sSnyn66VBYTu2uz2+plkF5jKzCiYrPncXWNuMCWkULeaaRPsHRZITvwEznHEA
K1TdUZi1aQCdFsnu2y/+RrkH6CJ9Y9RaInmE0qwxXxn41Oh3ZLf2MyEeUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMzueu7WZruBg4aNSCyOjGka87B0MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvek81Njd0Wm11NEdEaG8xSUxJNk1hUnJ6c0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCeag13/j+uV9Z2ltHVkGBFLM9tHrxOFoCnErXN
53c0J3L4ArQxmx/rQz1vTBvHwlV++4/5nzvCZUFWmokswRuLfjVoLjJAnPKFNtZE
+ZSMo7b+mlW03MKogH/NMKNtASeN4TG4EWR6FRZF5h58PdwXIEzuxYaWvPuTfRA3
dTrqMGLJ9EiFJy6FzUc0O6E4EE5q85xRvG8wAO95F81YSNB1PTAZ8JMAytsepwCL
GhD9HRtCkjIWfqJrmXScD0iHOtJfZpcJyiktmajAJcfKmd21Ihw5ixo2StKBTB0t
mtUWI1sqV2xBrPX3tJxpDhWBZ1ASx+0gAUKp6yyzTfoI7HGP
-----END CERTIFICATE-----