Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/S0jouFh38XJhleCHvWXpdcRru3s.roa
File:                     S0jouFh38XJhleCHvWXpdcRru3s.roa (raw, json)
Hash identifier:          T1pnGAlR09L2XsZQohIchT5XvH2V/Y/zceSJWiW9jLs=
Subject key identifier:   4B:48:E8:B8:58:77:F1:72:61:95:E0:87:BD:65:E9:75:C4:6B:BB:7B
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018F4DCBDB5D0CC741798BFB91303D2A8E85
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/S0jouFh38XJhleCHvWXpdcRru3s.roa
Signing time:             Mon 06 May 2024 12:05:56 +0000
ROA not before:           Mon 06 May 2024 12:05:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a0d:cdc1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:cb:db:5d:0c:c7:41:79:8b:fb:91:30:3d:2a:8e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: May  6 12:05:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b48e8b85877f1726195e087bd65e975c46bbb7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ee:be:d8:e9:cc:91:81:b6:13:a0:b0:90:d2:
                    de:2c:f3:dd:3b:50:8c:21:75:9a:f1:3c:e3:e2:3f:
                    61:3c:7f:23:0b:9c:b1:03:4a:16:a3:1f:19:67:1d:
                    8e:c3:45:44:46:62:f7:5d:cb:25:95:b7:4b:08:69:
                    ab:16:72:2d:dd:bd:ec:ce:8c:c8:ee:93:e9:7c:ff:
                    3e:75:bf:c7:1c:16:18:12:c4:d6:c0:35:a9:91:01:
                    70:6e:74:93:34:86:0b:ed:4a:2d:5d:9f:76:90:54:
                    85:80:9e:02:b3:fb:79:83:ee:47:0f:20:d4:38:de:
                    98:a2:6b:be:8b:fa:d9:e0:8b:16:83:f6:d0:68:43:
                    62:ef:c1:de:43:3d:6e:d0:66:c5:d1:f8:69:b9:ea:
                    b6:c8:b3:c6:1f:97:29:be:e6:06:0c:96:02:b0:52:
                    e8:e1:01:ed:f3:c6:e3:28:6c:74:b1:fb:de:c7:31:
                    59:31:ab:8d:c8:1e:9b:ac:ec:3b:8c:a6:fa:e9:8c:
                    ca:04:dc:2d:c8:d1:fe:8d:34:17:08:a7:df:5f:ba:
                    cd:3b:12:5a:7c:1a:da:92:7b:80:f6:da:63:71:5c:
                    10:4c:6c:3c:55:6b:0f:80:ed:c5:3c:eb:75:b2:3c:
                    23:b9:11:e3:b7:19:c6:c7:23:95:0e:3a:eb:9f:74:
                    e8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:48:E8:B8:58:77:F1:72:61:95:E0:87:BD:65:E9:75:C4:6B:BB:7B
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/S0jouFh38XJhleCHvWXpdcRru3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:cdc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:85:9b:b6:9b:21:4d:a1:b2:c0:d0:a7:ca:13:4d:f6:98:97:
         ab:d6:4b:c6:66:f7:68:09:48:70:84:72:0f:44:97:82:9a:75:
         d8:c4:c6:1f:f3:bb:da:f4:b2:39:a7:de:4a:68:e5:45:d9:94:
         b9:33:63:de:d1:5e:85:a3:38:50:79:23:21:06:1d:23:1e:b8:
         75:a5:cd:9e:31:57:b8:66:1f:42:d4:dc:e8:99:fe:ae:86:96:
         46:9a:f1:ec:50:6c:3e:22:de:7a:49:9b:d7:d1:c4:22:1a:62:
         70:24:2b:6b:ca:ec:7d:90:e0:78:cb:f0:d0:d3:00:17:27:6e:
         7b:65:9b:f1:74:cc:e5:77:7b:09:0d:e7:b4:d0:62:f1:3c:1c:
         51:32:2c:c7:d8:b1:5c:19:33:d9:03:3a:c0:d2:e7:64:e0:b0:
         60:c4:90:f9:39:e7:5f:17:c2:6c:64:01:42:1e:74:1d:d4:1a:
         ff:11:6d:5d:11:38:aa:83:d4:3d:86:aa:88:b9:c5:2e:0a:22:
         7b:f3:70:b6:cb:f2:f8:9f:1d:84:9b:9f:03:25:f3:03:83:53:
         ef:98:dd:22:b2:0d:2a:c6:27:27:62:06:a1:7f:b6:49:6a:d4:
         fe:04:d2:5f:16:f2:02:b0:34:71:8e:d0:67:13:8c:13:44:1a:
         c1:c5:d6:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9Ny9tdDMdBeYv7kTA9Ko6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwNTA2MTIwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ4ZThiODU4NzdmMTcyNjE5NWUwODdiZDY1ZTk3NWM0NmJiYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApe6+2OnMkYG2E6CwkNLeLPPdO1CM
IXWa8Tzj4j9hPH8jC5yxA0oWox8ZZx2Ow0VERmL3XcsllbdLCGmrFnIt3b3szozI
7pPpfP8+db/HHBYYEsTWwDWpkQFwbnSTNIYL7UotXZ92kFSFgJ4Cs/t5g+5HDyDU
ON6Yomu+i/rZ4IsWg/bQaENi78HeQz1u0GbF0fhpueq2yLPGH5cpvuYGDJYCsFLo
4QHt88bjKGx0sfvexzFZMauNyB6brOw7jKb66YzKBNwtyNH+jTQXCKffX7rNOxJa
fBraknuA9tpjcVwQTGw8VWsPgO3FPOt1sjwjuRHjtxnGxyOVDjrrn3ToqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEtI6LhYd/FyYZXgh71l6XXEa7t7MB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvUzBqb3VGaDM4WEpobGVDSHZXWHBkY1JydTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg3NwTAN
BgkqhkiG9w0BAQsFAAOCAQEAroWbtpshTaGywNCnyhNN9piXq9ZLxmb3aAlIcIRy
D0SXgpp12MTGH/O72vSyOafeSmjlRdmUuTNj3tFehaM4UHkjIQYdIx64daXNnjFX
uGYfQtTc6Jn+roaWRprx7FBsPiLeekmb19HEIhpicCQra8rsfZDgeMvw0NMAFydu
e2Wb8XTM5Xd7CQ3ntNBi8TwcUTIsx9ixXBkz2QM6wNLnZOCwYMSQ+TnnXxfCbGQB
Qh50HdQa/xFtXRE4qoPUPYaqiLnFLgoie/Nwtsvy+J8dhJufAyXzA4NT75jdIrIN
KsYnJ2IGoX+2SWrU/gTSXxbyArA0cY7QZxOME0QawcXWrw==
-----END CERTIFICATE-----