Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/awU8V85Lv_Ymj9jwjnGE3xNPp3I.roa
File:                     awU8V85Lv_Ymj9jwjnGE3xNPp3I.roa (raw, json)
Hash identifier:          OwhNJ9ocZZAuxCoJgYqq8WgfctpIOQPcPGeUctwlkAQ=
Subject key identifier:   6B:05:3C:57:CE:4B:BF:F6:26:8F:D8:F0:8E:71:84:DF:13:4F:A7:72
Certificate issuer:       /CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
Certificate serial:       018DAAEC3AF5BC6B846799571F0984F93E12
Authority key identifier: C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/awU8V85Lv_Ymj9jwjnGE3xNPp3I.roa
Signing time:             Thu 15 Feb 2024 04:00:24 +0000
ROA not before:           Thu 15 Feb 2024 04:00:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215539
IP address blocks:        2a0f:ff40:c3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 19:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:aa:ec:3a:f5:bc:6b:84:67:99:57:1f:09:84:f9:3e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
        Validity
            Not Before: Feb 15 04:00:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b053c57ce4bbff6268fd8f08e7184df134fa772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:82:38:17:d1:dd:0f:d7:b8:66:7e:ac:a2:8e:
                    76:50:f4:7a:e2:ac:8a:82:33:2b:52:7f:87:01:f0:
                    48:3d:01:0d:b5:d2:69:dc:0f:fb:a9:1f:96:06:e0:
                    13:32:08:e9:11:e4:bf:a2:48:d0:31:25:49:68:34:
                    e4:bb:19:ae:af:73:75:08:49:6c:90:0e:92:3c:bc:
                    46:38:e1:36:2c:42:a0:62:56:18:9d:40:55:e5:93:
                    4d:52:47:10:dd:43:ac:a4:a1:c0:77:01:30:74:7c:
                    15:66:9d:90:33:12:a9:92:08:3d:fb:88:f1:4c:63:
                    be:54:db:55:b0:31:4a:ce:ff:2a:cf:ad:27:46:66:
                    e4:8e:d0:68:c1:cc:8f:24:d0:e0:1f:e3:78:d3:1b:
                    72:ca:88:39:82:b8:be:17:27:2d:27:7f:cd:84:45:
                    79:10:3f:d0:a5:a4:4a:32:fb:7c:e6:87:54:44:e4:
                    cd:26:f1:6b:a8:1d:40:61:9b:bb:59:74:22:de:7c:
                    8c:4e:e0:47:a6:0c:91:03:32:08:19:e4:84:e2:a9:
                    32:c2:77:45:80:55:54:0e:fe:5a:50:39:a9:72:7e:
                    39:0b:71:09:b4:f1:01:5b:38:1c:ad:bc:f2:dc:e0:
                    44:51:92:cc:52:4c:8e:1b:69:13:b4:92:72:4b:1f:
                    c3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:05:3C:57:CE:4B:BF:F6:26:8F:D8:F0:8E:71:84:DF:13:4F:A7:72
            X509v3 Authority Key Identifier:
                keyid:C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/awU8V85Lv_Ymj9jwjnGE3xNPp3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40:c3::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:02:f7:40:37:11:22:03:5a:b6:cb:cf:76:fc:9f:3d:06:0a:
         86:4d:e0:f1:b3:0f:0a:ff:ae:65:59:70:84:21:7c:32:02:02:
         d8:58:f7:92:57:d7:08:eb:34:c1:e4:3d:bc:d3:46:0a:b0:58:
         2b:fa:ec:30:1c:24:15:1f:dd:41:4f:8f:8f:b3:6f:ba:2c:d9:
         aa:4d:c2:41:97:03:4f:99:51:e9:fe:de:cd:f2:0d:ed:9b:59:
         d0:d1:41:90:b1:c5:5c:5c:21:81:9a:29:84:b5:6c:fc:61:a6:
         13:18:b1:74:c0:4e:9f:f9:48:06:ea:c4:60:34:02:78:05:8d:
         0b:d4:88:b0:79:d9:a0:18:94:2a:ac:01:bf:d5:a8:0f:2b:03:
         a0:94:70:45:99:be:dd:34:6a:46:ea:ff:a6:19:17:7f:40:8d:
         48:6e:6b:92:88:a5:66:29:f4:66:c1:54:f2:00:51:ef:89:73:
         85:7f:89:89:b9:1b:2a:84:60:f9:ed:1e:69:92:9d:cd:98:d4:
         f8:be:b0:19:e6:60:5e:41:81:6f:55:c1:6b:f8:68:c9:11:e3:
         ee:0b:1c:7b:38:b1:33:89:21:ef:ff:21:08:0c:80:0e:6c:35:
         a1:53:3e:83:44:e7:85:3a:1e:75:76:e1:67:93:0f:7e:00:43:
         7d:ab:0a:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2q7Dr1vGuEZ5lXHwmE+T4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ODQ5MjMyZTM5NDNiZjI1N2M5ZGNhZWFiMGVmOTJkMzBh
NGNmYWQwHhcNMjQwMjE1MDQwMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjA1M2M1N2NlNGJiZmY2MjY4ZmQ4ZjA4ZTcxODRkZjEzNGZhNzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmII4F9HdD9e4Zn6soo52UPR64qyK
gjMrUn+HAfBIPQENtdJp3A/7qR+WBuATMgjpEeS/okjQMSVJaDTkuxmur3N1CEls
kA6SPLxGOOE2LEKgYlYYnUBV5ZNNUkcQ3UOspKHAdwEwdHwVZp2QMxKpkgg9+4jx
TGO+VNtVsDFKzv8qz60nRmbkjtBowcyPJNDgH+N40xtyyog5gri+FyctJ3/NhEV5
ED/QpaRKMvt85odUROTNJvFrqB1AYZu7WXQi3nyMTuBHpgyRAzIIGeSE4qkywndF
gFVUDv5aUDmpcn45C3EJtPEBWzgcrbzy3OBEUZLMUkyOG2kTtJJySx/DNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGsFPFfOS7/2Jo/Y8I5xhN8TT6dyMB8GA1UdIwQY
MBaAFMWEkjLjlDvyV8ncrqsO+S0wpM+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYt
YWZhOTE3YmRmN2QxLzEvYXdVOFY4NUx2X1ltajlqd2puR0UzeE5QcDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYtYWZhOTE3YmRmN2Qx
LzEveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg//QADD
MA0GCSqGSIb3DQEBCwUAA4IBAQCkAvdANxEiA1q2y892/J89BgqGTeDxsw8K/65l
WXCEIXwyAgLYWPeSV9cI6zTB5D2800YKsFgr+uwwHCQVH91BT4+Ps2+6LNmqTcJB
lwNPmVHp/t7N8g3tm1nQ0UGQscVcXCGBmimEtWz8YaYTGLF0wE6f+UgG6sRgNAJ4
BY0L1IiwedmgGJQqrAG/1agPKwOglHBFmb7dNGpG6v+mGRd/QI1IbmuSiKVmKfRm
wVTyAFHviXOFf4mJuRsqhGD57R5pkp3NmNT4vrAZ5mBeQYFvVcFr+GjJEePuCxx7
OLEziSHv/yEIDIAObDWhUz6DROeFOh51duFnkw9+AEN9qwoM
-----END CERTIFICATE-----