Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/cps1vnPS3Gi9mMQYaO12hTBpBBs.roa
File:                     cps1vnPS3Gi9mMQYaO12hTBpBBs.roa (raw, json)
Hash identifier:          lgsGGPiuWmrm/7M+9vlFMSiTrIkVU3fdjmwdxGoUW28=
Subject key identifier:   72:9B:35:BE:73:D2:DC:68:BD:98:C4:18:68:ED:76:85:30:69:04:1B
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E052099C5EE5CD1BD86A49F8DC262
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/cps1vnPS3Gi9mMQYaO12hTBpBBs.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62445
IP address blocks:        2a05:b680:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:05:20:99:c5:ee:5c:d1:bd:86:a4:9f:8d:c2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=729b35be73d2dc68bd98c41868ed76853069041b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3a:a0:6e:8d:0f:dd:d8:81:f5:f1:33:c9:62:
                    1d:29:5b:12:24:84:4a:47:62:66:e7:e1:87:c8:e5:
                    59:6d:ee:76:fe:13:9a:ec:0f:02:7d:6a:0c:19:79:
                    15:e9:9d:30:86:2f:c1:65:97:9a:d1:78:b1:b7:42:
                    91:f5:4b:46:ae:7a:ad:76:7f:20:61:b8:65:84:96:
                    6f:f0:45:f8:93:1d:29:6a:3f:57:fa:7a:15:fd:36:
                    68:33:78:e4:10:81:59:2d:bc:5e:32:9e:30:80:ff:
                    d7:ad:31:ac:a8:d1:e0:69:65:a1:62:fc:86:de:17:
                    3a:f3:62:ea:81:ca:dd:fe:f5:42:29:91:e8:ee:af:
                    c4:b3:35:a4:79:b5:25:11:8a:26:e0:2b:39:d7:11:
                    5a:34:fd:8d:82:85:21:4b:be:07:8e:bb:7b:cc:b1:
                    a3:92:22:f0:22:b1:05:50:0d:21:15:f7:de:30:45:
                    ee:06:b7:d4:f6:7f:9d:96:00:cd:72:85:cf:0c:70:
                    ad:eb:e2:c4:21:34:88:1d:c3:f8:20:a9:f1:56:a8:
                    2e:62:8d:78:aa:44:bc:1f:ec:00:c9:f0:8b:ea:48:
                    8e:69:58:0e:e7:26:de:94:b1:83:e7:17:a0:fe:41:
                    99:79:30:6a:19:1b:88:44:c1:83:7a:7a:79:33:14:
                    b8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9B:35:BE:73:D2:DC:68:BD:98:C4:18:68:ED:76:85:30:69:04:1B
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/cps1vnPS3Gi9mMQYaO12hTBpBBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b680:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:87:63:8e:cb:38:14:a0:c9:e4:ff:d1:ac:32:63:32:fe:72:
         3c:71:bf:98:85:85:8b:10:8f:62:3c:fc:81:9b:75:46:ea:58:
         2f:64:dc:a2:1a:83:9e:2d:98:97:ec:2c:7d:24:41:87:71:e0:
         2d:5f:2c:4d:25:0f:9f:9d:b2:99:4c:86:b3:96:2f:c1:cd:26:
         dd:e9:21:ff:fc:b5:c9:54:fb:85:75:58:24:1c:2d:e8:43:dd:
         bb:cf:3c:6c:24:f1:aa:a6:c0:02:84:13:2e:cb:e4:fd:05:f5:
         4f:6a:21:a6:0c:9c:06:3a:63:21:45:23:a5:84:4c:85:5e:5c:
         30:2b:13:31:f4:b6:59:1b:16:55:ae:b2:05:51:28:37:bc:63:
         d7:a2:53:c1:6e:ed:68:1c:0e:b5:76:f9:9d:aa:33:c7:03:58:
         a1:58:4d:2a:7f:6a:79:ed:fa:65:65:be:99:4d:2c:7a:24:a2:
         ab:cd:5c:d0:b2:b3:6f:3c:7a:50:32:02:fd:7c:3c:ae:5a:d9:
         94:10:e4:d9:f5:db:70:b6:ec:e1:7e:bc:af:6b:68:f2:22:7f:
         ee:8d:ab:80:96:97:12:c8:b1:90:a3:c4:7a:28:0e:03:d0:79:
         eb:77:ce:b6:20:67:27:27:77:b0:10:0f:23:47:76:b2:f2:83:
         2a:4b:8a:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTgUgmcXuXNG9hqSfjcJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjliMzViZTczZDJkYzY4YmQ5OGM0MTg2OGVkNzY4NTMwNjkwNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTqgbo0P3diB9fEzyWIdKVsSJIRK
R2Jm5+GHyOVZbe52/hOa7A8CfWoMGXkV6Z0whi/BZZea0Xixt0KR9UtGrnqtdn8g
YbhlhJZv8EX4kx0paj9X+noV/TZoM3jkEIFZLbxeMp4wgP/XrTGsqNHgaWWhYvyG
3hc682Lqgcrd/vVCKZHo7q/EszWkebUlEYom4Cs51xFaNP2NgoUhS74Hjrt7zLGj
kiLwIrEFUA0hFffeMEXuBrfU9n+dlgDNcoXPDHCt6+LEITSIHcP4IKnxVqguYo14
qkS8H+wAyfCL6kiOaVgO5ybelLGD5xeg/kGZeTBqGRuIRMGDenp5MxS4KQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKbNb5z0txovZjEGGjtdoUwaQQbMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvY3BzMXZuUFMzR2k5bU1RWWFPMTJoVEJwQkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgW2gAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQCNh2OOyzgUoMnk/9GsMmMy/nI8cb+YhYWLEI9i
PPyBm3VG6lgvZNyiGoOeLZiX7Cx9JEGHceAtXyxNJQ+fnbKZTIazli/BzSbd6SH/
/LXJVPuFdVgkHC3oQ927zzxsJPGqpsAChBMuy+T9BfVPaiGmDJwGOmMhRSOlhEyF
XlwwKxMx9LZZGxZVrrIFUSg3vGPXolPBbu1oHA61dvmdqjPHA1ihWE0qf2p57fpl
Zb6ZTSx6JKKrzVzQsrNvPHpQMgL9fDyuWtmUEOTZ9dtwtuzhfryva2jyIn/ujauA
lpcSyLGQo8R6KA4D0Hnrd862IGcnJ3ewEA8jR3ay8oMqS4oh
-----END CERTIFICATE-----