Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/FrqTV2aF6o1UuMqPZPJh3L_SaLM.roa
File:                     FrqTV2aF6o1UuMqPZPJh3L_SaLM.roa (raw, json)
Hash identifier:          GM0PYtuHuPFXgrleMPioEmvUDfGJSDV+GiBE+yo8isQ=
Subject key identifier:   16:BA:93:57:66:85:EA:8D:54:B8:CA:8F:64:F2:61:DC:BF:D2:68:B3
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D238D14879370FFA99255BA89E80
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/FrqTV2aF6o1UuMqPZPJh3L_SaLM.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15398
IP address blocks:        2001:918:ff5d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d2:38:d1:48:79:37:0f:fa:99:25:5b:a8:9e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16ba93576685ea8d54b8ca8f64f261dcbfd268b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fb:a3:af:9a:48:3f:57:2d:2e:49:ad:d6:37:
                    44:76:a5:bd:9b:5c:77:28:5e:90:63:53:72:fe:f4:
                    65:07:86:f1:7e:68:06:e5:d7:19:65:9b:ae:5b:c4:
                    73:76:89:fa:5d:04:4b:62:fc:16:cd:ba:bf:4c:e1:
                    6c:ca:28:c1:d9:30:7f:a0:3c:c0:f5:6e:04:4f:9a:
                    08:b6:88:a9:09:13:48:a3:dc:94:43:f8:cd:c5:0c:
                    2a:7c:6e:68:09:9e:66:61:89:29:65:c4:44:24:92:
                    17:68:ee:6c:ab:26:e0:48:c5:0f:d7:95:a7:b7:e9:
                    83:a9:f9:27:1c:4b:8d:ed:c5:38:f5:5d:66:51:ce:
                    40:7d:6a:1b:b9:2f:f1:24:e1:ee:98:f7:63:7a:1d:
                    c5:9e:1c:38:a4:3a:1d:91:6e:90:e8:a3:08:72:d4:
                    be:3e:8d:ed:0a:c0:d2:0f:cb:3b:f6:b8:53:6a:f6:
                    e5:78:00:ad:19:7d:fa:60:90:70:57:6d:f4:33:b9:
                    b4:38:cd:52:fc:32:4d:9a:67:1b:41:2a:3f:a4:83:
                    9b:2b:cc:3d:18:4d:58:c4:0f:34:da:dc:fd:6e:1b:
                    f1:f1:d3:6b:fa:b8:1e:22:4d:c3:fc:33:49:37:5d:
                    6a:95:12:e9:72:5e:a2:56:56:30:4a:29:62:0d:a7:
                    eb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:BA:93:57:66:85:EA:8D:54:B8:CA:8F:64:F2:61:DC:BF:D2:68:B3
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/FrqTV2aF6o1UuMqPZPJh3L_SaLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:918:ff5d::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:1c:ab:2a:75:87:85:7d:53:a8:b0:81:69:89:0e:06:3b:67:
         9f:7b:56:01:0c:9b:24:a1:54:3d:fc:51:65:c7:29:f4:c9:6a:
         5e:a1:b0:95:9c:1e:0b:87:e5:90:c5:08:17:0d:91:fb:0d:ef:
         90:7f:a9:d6:7d:b2:59:b8:6d:aa:35:10:35:aa:05:b5:20:67:
         41:ee:34:ca:45:e2:2a:f6:36:38:55:83:8e:36:28:23:90:64:
         f0:32:9d:62:78:25:8a:d0:1c:ab:08:66:86:06:22:89:d7:45:
         26:45:9c:f6:32:cc:37:de:49:45:62:c6:ef:ee:2b:2d:d5:d0:
         91:19:89:89:63:15:ce:7f:b7:5e:3d:09:d9:31:e2:12:d0:cf:
         79:57:88:35:70:89:11:d7:f6:92:ac:5f:5b:17:3b:4b:ce:a6:
         df:c3:d1:a5:e1:87:4b:75:7b:45:96:8c:bc:62:47:6f:c0:ea:
         ba:5c:01:7c:35:f8:57:d0:0e:08:16:71:d1:7c:12:aa:08:4b:
         af:05:53:90:37:ae:26:b8:09:b1:a9:72:41:46:c7:ea:82:15:
         75:88:5f:8a:53:ac:93:e5:36:f6:e6:45:c0:02:bd:aa:e9:88:
         bc:f0:42:58:f8:16:25:72:b4:39:c0:a0:fd:08:cf:f4:46:3b:
         e8:cf:2f:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSNI40Uh5Nw/6mSVbqJ6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmJhOTM1NzY2ODVlYThkNTRiOGNhOGY2NGYyNjFkY2JmZDI2OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfujr5pIP1ctLkmt1jdEdqW9m1x3
KF6QY1Ny/vRlB4bxfmgG5dcZZZuuW8Rzdon6XQRLYvwWzbq/TOFsyijB2TB/oDzA
9W4ET5oItoipCRNIo9yUQ/jNxQwqfG5oCZ5mYYkpZcREJJIXaO5sqybgSMUP15Wn
t+mDqfknHEuN7cU49V1mUc5AfWobuS/xJOHumPdjeh3Fnhw4pDodkW6Q6KMIctS+
Po3tCsDSD8s79rhTavbleACtGX36YJBwV230M7m0OM1S/DJNmmcbQSo/pIObK8w9
GE1YxA802tz9bhvx8dNr+rgeIk3D/DNJN11qlRLpcl6iVlYwSiliDafr8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBa6k1dmheqNVLjKj2TyYdy/0mizMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvRnJxVFYyYUY2bzFVdU1xUFpQSmgzTF9TYUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEJGP9d
MA0GCSqGSIb3DQEBCwUAA4IBAQAdHKsqdYeFfVOosIFpiQ4GO2efe1YBDJskoVQ9
/FFlxyn0yWpeobCVnB4Lh+WQxQgXDZH7De+Qf6nWfbJZuG2qNRA1qgW1IGdB7jTK
ReIq9jY4VYOONigjkGTwMp1ieCWK0ByrCGaGBiKJ10UmRZz2Msw33klFYsbv7ist
1dCRGYmJYxXOf7dePQnZMeIS0M95V4g1cIkR1/aSrF9bFztLzqbfw9Gl4YdLdXtF
loy8YkdvwOq6XAF8NfhX0A4IFnHRfBKqCEuvBVOQN64muAmxqXJBRsfqghV1iF+K
U6yT5Tb25kXAAr2q6Yi88EJY+BYlcrQ5wKD9CM/0Rjvozy9Y
-----END CERTIFICATE-----