Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/8F1iIJ3sJhPp4M_S52x2OgUePSY.roa
File:                     8F1iIJ3sJhPp4M_S52x2OgUePSY.roa (raw, json)
Hash identifier:          6l5cIKVSCwyLxOSEry1vRBIc7vE/cDgWvaUr4SgEuHM=
Subject key identifier:   F0:5D:62:20:9D:EC:26:13:E9:E0:CF:D2:E7:6C:76:3A:05:1E:3D:26
Certificate issuer:       /CN=dc1089c942b68033683b4dd506c0c36f74be0ea3
Certificate serial:       018CC348D55703A8577FA33BD5CA50260ED0
Authority key identifier: DC:10:89:C9:42:B6:80:33:68:3B:4D:D5:06:C0:C3:6F:74:BE:0E:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/8F1iIJ3sJhPp4M_S52x2OgUePSY.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a09:a447:ac1f::/48 maxlen: 64
                          2a09:a447:ac1e::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d5:57:03:a8:57:7f:a3:3b:d5:ca:50:26:0e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1089c942b68033683b4dd506c0c36f74be0ea3
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f05d62209dec2613e9e0cfd2e76c763a051e3d26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ba:d4:48:a8:a5:3f:96:22:74:9f:e9:85:f2:
                    18:3e:01:9c:08:9b:df:11:6c:ff:e9:5a:4d:fc:97:
                    83:64:d1:c0:f8:3d:72:ad:88:8b:2d:ac:8f:02:80:
                    ff:3c:05:92:3d:23:5d:ed:a8:ee:a0:13:13:cb:18:
                    12:d4:f0:b1:59:fd:f0:de:ef:28:41:07:eb:16:de:
                    6c:0c:53:cb:e8:6d:6d:0b:c3:ec:e7:0a:49:35:34:
                    23:23:af:8e:77:ac:e8:6e:59:2c:88:e4:78:7b:97:
                    b0:c5:4c:9c:02:81:98:94:b2:14:44:1c:b0:e2:df:
                    0a:e4:fd:e0:54:0b:6e:6e:34:6a:9f:a0:95:b0:c4:
                    99:f4:56:cf:5d:17:8b:85:f3:0f:91:4a:e4:c3:0d:
                    35:a1:3b:92:86:67:3e:ce:f2:44:c4:82:af:51:44:
                    13:f5:54:33:4c:06:3e:29:07:4b:4e:c7:c6:64:14:
                    9e:c1:30:7c:b8:9b:ff:67:7d:30:9f:b0:36:0a:c6:
                    ff:90:25:f4:2e:09:ae:6f:f1:ac:a1:ef:09:af:5c:
                    f2:46:41:e7:d7:67:4f:8f:a5:a4:40:5f:43:d1:3a:
                    4a:d0:ec:50:8f:1b:a1:04:14:4a:7b:07:bb:c8:8f:
                    9f:8f:42:67:79:23:19:e3:56:2b:5c:b3:0a:23:95:
                    d8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:5D:62:20:9D:EC:26:13:E9:E0:CF:D2:E7:6C:76:3A:05:1E:3D:26
            X509v3 Authority Key Identifier:
                keyid:DC:10:89:C9:42:B6:80:33:68:3B:4D:D5:06:C0:C3:6F:74:BE:0E:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/8F1iIJ3sJhPp4M_S52x2OgUePSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:a447:ac1e::/47

    Signature Algorithm: sha256WithRSAEncryption
         99:c5:7a:1e:cd:b2:36:4a:5f:8c:d6:a2:36:39:9f:86:89:c7:
         a5:41:3b:5e:3f:b1:f2:0d:e5:a2:6c:4c:84:62:79:9f:1f:b0:
         30:a8:27:ce:e9:e0:a2:e3:a6:fc:48:68:a6:f5:2e:da:77:55:
         ae:a7:be:9f:4a:d7:56:61:e4:4a:5f:27:d5:7c:e0:f8:3a:2e:
         89:2f:e1:ca:28:c2:97:fc:aa:c2:ed:45:6a:56:b1:0e:1a:f5:
         c2:1d:df:ea:bf:1c:e4:8a:fe:d2:15:5e:96:69:fc:a9:62:4b:
         5f:f5:3f:dc:ee:0c:e0:57:ba:07:64:a1:9d:2e:6c:24:ac:05:
         a2:b6:5f:61:cb:eb:de:86:a9:0a:6f:6a:aa:cc:c4:28:28:4d:
         d7:12:fc:d1:d2:f4:13:f3:2a:d6:11:6a:3f:60:12:c0:e0:ca:
         93:90:91:d3:2a:8d:78:6d:6e:dc:79:14:62:65:09:68:53:24:
         29:f6:ad:eb:cc:c7:c4:d1:87:c7:9c:15:d4:b5:e7:5e:07:b9:
         50:2d:7e:b9:f1:1b:8f:17:c4:5b:77:e1:0c:42:5a:40:31:b9:
         ab:d9:7b:da:45:a4:fa:41:f9:1f:a8:4e:bc:61:6f:a8:31:99:
         11:ee:d9:00:bf:4f:31:d6:1e:1b:31:d1:60:39:68:cf:d2:32:
         87:87:c0:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSNVXA6hXf6M71cpQJg7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTA4OWM5NDJiNjgwMzM2ODNiNGRkNTA2YzBjMzZmNzRi
ZTBlYTMwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDVkNjIyMDlkZWMyNjEzZTllMGNmZDJlNzZjNzYzYTA1MWUzZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7rUSKilP5YidJ/phfIYPgGcCJvf
EWz/6VpN/JeDZNHA+D1yrYiLLayPAoD/PAWSPSNd7ajuoBMTyxgS1PCxWf3w3u8o
QQfrFt5sDFPL6G1tC8Ps5wpJNTQjI6+Od6zoblksiOR4e5ewxUycAoGYlLIURByw
4t8K5P3gVAtubjRqn6CVsMSZ9FbPXReLhfMPkUrkww01oTuShmc+zvJExIKvUUQT
9VQzTAY+KQdLTsfGZBSewTB8uJv/Z30wn7A2Csb/kCX0Lgmub/Gsoe8Jr1zyRkHn
12dPj6WkQF9D0TpK0OxQjxuhBBRKewe7yI+fj0JneSMZ41YrXLMKI5XYWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPBdYiCd7CYT6eDP0udsdjoFHj0mMB8GA1UdIwQY
MBaAFNwQiclCtoAzaDtN1QbAw290vg6jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JDSnlVSzJnRE5vTzAzVkJzRERiM1MtRHFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yNDE0OWQtZDExNS00MzMwLWJkNDkt
Y2I1NmVkM2VhN2ZhLzEvOEYxaUlKM3NKaFBwNE1fUzUyeDJPZ1VlUFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yNDE0OWQtZDExNS00MzMwLWJkNDktY2I1NmVkM2VhN2Zh
LzEvM0JDSnlVSzJnRE5vTzAzVkJzRERiM1MtRHFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgmkR6we
MA0GCSqGSIb3DQEBCwUAA4IBAQCZxXoezbI2Sl+M1qI2OZ+GicelQTteP7HyDeWi
bEyEYnmfH7AwqCfO6eCi46b8SGim9S7ad1Wup76fStdWYeRKXyfVfOD4Oi6JL+HK
KMKX/KrC7UVqVrEOGvXCHd/qvxzkiv7SFV6WafypYktf9T/c7gzgV7oHZKGdLmwk
rAWitl9hy+vehqkKb2qqzMQoKE3XEvzR0vQT8yrWEWo/YBLA4MqTkJHTKo14bW7c
eRRiZQloUyQp9q3rzMfE0YfHnBXUtedeB7lQLX658RuPF8Rbd+EMQlpAMbmr2Xva
RaT6QfkfqE68YW+oMZkR7tkAv08x1h4bMdFgOWjP0jKHh8Ac
-----END CERTIFICATE-----