Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/51e3a5-31db-4bdd-b0cd-828022043ea3/1/Hrt46A_f0Ji1TWOOj5pQ8B5mfwc.roa
File:                     Hrt46A_f0Ji1TWOOj5pQ8B5mfwc.roa (raw, json)
Hash identifier:          PeWr96cj9Z8i7qU1UHxA/MVOOZ02xnsA/saXCr90VPE=
Subject key identifier:   1E:BB:78:E8:0F:DF:D0:98:B5:4D:63:8E:8F:9A:50:F0:1E:66:7F:07
Certificate issuer:       /CN=e5f4f24b40fda9b9528e4a8edcad61b841df6c18
Certificate serial:       018CC5DC6405D7A4BC7F99AA028C4F8C6289
Authority key identifier: E5:F4:F2:4B:40:FD:A9:B9:52:8E:4A:8E:DC:AD:61:B8:41:DF:6C:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5fTyS0D9qblSjkqO3K1huEHfbBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/51e3a5-31db-4bdd-b0cd-828022043ea3/1/Hrt46A_f0Ji1TWOOj5pQ8B5mfwc.roa
Signing time:             Mon 01 Jan 2024 16:30:04 +0000
ROA not before:           Mon 01 Jan 2024 16:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     781
IP address blocks:        2a0c:1100::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/51e3a5-31db-4bdd-b0cd-828022043ea3/1/5fTyS0D9qblSjkqO3K1huEHfbBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/51e3a5-31db-4bdd-b0cd-828022043ea3/1/5fTyS0D9qblSjkqO3K1huEHfbBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5fTyS0D9qblSjkqO3K1huEHfbBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:64:05:d7:a4:bc:7f:99:aa:02:8c:4f:8c:62:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5f4f24b40fda9b9528e4a8edcad61b841df6c18
        Validity
            Not Before: Jan  1 16:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ebb78e80fdfd098b54d638e8f9a50f01e667f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c6:41:cd:ef:75:36:20:e8:38:81:16:a3:2a:
                    e4:c2:76:69:13:8e:f0:e1:65:40:28:43:e0:6b:ad:
                    01:9c:5a:bc:8d:f9:d7:66:f2:52:82:07:b7:5b:78:
                    13:c6:db:5c:03:82:b4:f0:29:a6:e4:08:4b:98:fc:
                    8d:be:a9:fb:e3:ad:22:95:d7:7e:01:86:e4:5d:cf:
                    14:86:ae:fa:5c:ae:51:94:e2:91:ad:31:18:d9:17:
                    a2:05:bd:73:87:98:e1:cc:20:c7:e5:18:6d:0a:21:
                    a4:90:85:bb:81:cc:60:11:ce:61:93:88:ed:25:a3:
                    ab:ad:f7:45:6f:68:b5:18:98:36:77:d1:e3:cf:0c:
                    ed:f2:13:c1:58:57:b3:92:7e:56:7b:30:89:c2:41:
                    4e:c3:e1:a3:0f:22:d4:64:cb:c9:ee:ce:e9:91:4e:
                    23:4c:25:f9:0e:dd:4e:65:59:86:93:64:96:9f:19:
                    5a:86:a8:47:90:b8:c4:1c:d0:66:8d:1e:9d:54:55:
                    43:b5:2f:63:52:4f:72:ec:05:3b:04:5a:08:3c:70:
                    59:f7:b5:c4:fe:37:58:b9:a2:fd:c9:2e:03:fc:b3:
                    f3:2d:a0:69:51:7e:ec:a5:13:83:f8:b9:af:88:5d:
                    64:53:90:75:91:92:2d:f2:9c:38:e5:35:4d:d9:9c:
                    6c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:BB:78:E8:0F:DF:D0:98:B5:4D:63:8E:8F:9A:50:F0:1E:66:7F:07
            X509v3 Authority Key Identifier:
                keyid:E5:F4:F2:4B:40:FD:A9:B9:52:8E:4A:8E:DC:AD:61:B8:41:DF:6C:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5fTyS0D9qblSjkqO3K1huEHfbBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/51e3a5-31db-4bdd-b0cd-828022043ea3/1/Hrt46A_f0Ji1TWOOj5pQ8B5mfwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/51e3a5-31db-4bdd-b0cd-828022043ea3/1/5fTyS0D9qblSjkqO3K1huEHfbBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:1100::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:8e:34:6e:fd:d8:20:c7:09:04:7b:e2:28:a9:46:d1:7b:d0:
         28:fd:00:e7:9c:f2:ae:d8:3b:45:58:1f:84:2f:24:df:b2:79:
         b8:4a:01:07:1d:dd:08:75:51:73:33:c8:02:f2:25:fb:68:80:
         5e:28:0a:ef:89:17:61:e8:50:be:96:3e:4c:fe:2e:81:13:89:
         1b:f7:03:48:ea:b5:61:dc:ce:a6:5b:ab:4a:08:cf:0a:9b:5f:
         60:12:2e:87:43:61:8f:a0:73:91:cf:d7:e9:12:de:f5:07:76:
         30:da:66:17:3d:7a:16:95:05:0f:80:67:24:21:bc:1c:e5:e8:
         62:82:72:f8:6f:45:96:19:53:90:b1:f2:15:6a:0a:69:78:68:
         9b:16:9d:86:8c:8d:bc:49:52:6e:55:b2:48:e9:8a:71:1a:78:
         af:1a:08:89:02:b7:0e:56:bb:52:e9:1b:dd:4b:4b:8b:88:e8:
         bb:b8:ba:42:f0:c7:d1:dd:cc:53:14:ff:6b:01:e3:60:5a:36:
         4e:c3:d2:0d:10:c8:97:bc:78:8a:7b:ac:50:aa:f6:2f:09:69:
         e7:e8:73:0b:95:d8:a1:8a:b0:66:91:68:ac:8b:23:3b:71:17:
         e3:4f:d2:ec:68:2b:42:ff:e4:55:04:e6:70:0a:cf:a9:40:ed:
         a6:1e:d3:bb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3GQF16S8f5mqAoxPjGKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZjRmMjRiNDBmZGE5Yjk1MjhlNGE4ZWRjYWQ2MWI4NDFk
ZjZjMTgwHhcNMjQwMTAxMTYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWJiNzhlODBmZGZkMDk4YjU0ZDYzOGU4ZjlhNTBmMDFlNjY3ZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcZBze91NiDoOIEWoyrkwnZpE47w
4WVAKEPga60BnFq8jfnXZvJSgge3W3gTxttcA4K08Cmm5AhLmPyNvqn7460ildd+
AYbkXc8Uhq76XK5RlOKRrTEY2ReiBb1zh5jhzCDH5RhtCiGkkIW7gcxgEc5hk4jt
JaOrrfdFb2i1GJg2d9Hjzwzt8hPBWFezkn5WezCJwkFOw+GjDyLUZMvJ7s7pkU4j
TCX5Dt1OZVmGk2SWnxlahqhHkLjEHNBmjR6dVFVDtS9jUk9y7AU7BFoIPHBZ97XE
/jdYuaL9yS4D/LPzLaBpUX7spROD+LmviF1kU5B1kZIt8pw45TVN2Zxs9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB67eOgP39CYtU1jjo+aUPAeZn8HMB8GA1UdIwQY
MBaAFOX08ktA/am5Uo5KjtytYbhB32wYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWZUeVMwRDlxYmxTamtxTzNLMWh1RUhmYkJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81MWUzYTUtMzFkYi00YmRkLWIwY2Qt
ODI4MDIyMDQzZWEzLzEvSHJ0NDZBX2YwSmkxVFdPT2o1cFE4QjVtZndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81MWUzYTUtMzFkYi00YmRkLWIwY2QtODI4MDIyMDQzZWEz
LzEvNWZUeVMwRDlxYmxTamtxTzNLMWh1RUhmYkJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgwRADAN
BgkqhkiG9w0BAQsFAAOCAQEAi440bv3YIMcJBHviKKlG0XvQKP0A55zyrtg7RVgf
hC8k37J5uEoBBx3dCHVRczPIAvIl+2iAXigK74kXYehQvpY+TP4ugROJG/cDSOq1
YdzOplurSgjPCptfYBIuh0Nhj6Bzkc/X6RLe9Qd2MNpmFz16FpUFD4BnJCG8HOXo
YoJy+G9FlhlTkLHyFWoKaXhomxadhoyNvElSblWySOmKcRp4rxoIiQK3Dla7Uukb
3UtLi4jou7i6QvDH0d3MUxT/awHjYFo2TsPSDRDIl7x4inusUKr2Lwlp5+hzC5XY
oYqwZpForIsjO3EX40/S7GgrQv/kVQTmcArPqUDtph7Tuw==
-----END CERTIFICATE-----