Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/qOL2GhcvZfH468QXPCfSQ8BM5uY.roa
File:                     qOL2GhcvZfH468QXPCfSQ8BM5uY.roa (raw, json)
Hash identifier:          nS7rWT9BeH8zXl6eqUXfOxluzVFf2FAVgD62ZhDeWtA=
Subject key identifier:   A8:E2:F6:1A:17:2F:65:F1:F8:EB:C4:17:3C:27:D2:43:C0:4C:E6:E6
Certificate issuer:       /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial:       018D0EEF00D44AE0EA12479E79521837606B
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/qOL2GhcvZfH468QXPCfSQ8BM5uY.roa
Signing time:             Mon 15 Jan 2024 21:02:40 +0000
ROA not before:           Mon 15 Jan 2024 21:02:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209347
IP address blocks:        2a0a:4587:2030::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0e:ef:00:d4:4a:e0:ea:12:47:9e:79:52:18:37:60:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
        Validity
            Not Before: Jan 15 21:02:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e2f61a172f65f1f8ebc4173c27d243c04ce6e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bc:4b:f7:72:cb:e9:38:36:f7:6b:cb:1c:55:
                    71:c4:26:e0:22:22:89:fa:82:dd:95:a3:30:83:e1:
                    c7:6c:11:cf:8d:d6:32:99:06:72:c3:bb:04:99:0c:
                    48:ea:d4:ca:fd:22:17:f1:3c:9d:7e:42:0e:34:2e:
                    11:61:63:79:a8:bc:4b:8a:e3:a1:a9:6a:19:b1:b0:
                    c2:c0:61:a9:d4:39:73:f8:f0:e6:58:57:c3:58:d1:
                    fc:1c:f5:2c:a1:a0:6d:e5:92:fd:4d:c0:a0:68:ca:
                    68:83:55:46:53:34:fa:42:41:1d:0f:29:34:1a:20:
                    39:41:4d:ee:82:02:26:c7:6b:d5:95:e7:90:41:fe:
                    d7:02:9c:c4:33:13:4e:de:77:33:20:bd:f8:e1:a6:
                    97:58:c7:47:c4:96:25:ce:a1:d4:1a:51:fb:b1:35:
                    2f:ef:fc:47:3a:80:ed:2b:5e:4c:0d:97:c0:b1:37:
                    dd:34:6e:56:89:e5:ae:bc:2f:ea:7b:80:e6:60:d2:
                    62:0c:2c:2d:21:88:c6:4b:ac:b6:7a:b8:2d:eb:9c:
                    a0:91:9f:27:46:46:a5:c6:f7:05:4c:11:60:50:ff:
                    76:70:a8:46:03:59:4f:b4:a8:11:4f:ca:89:c7:3a:
                    bc:b2:ed:6d:18:df:1c:af:b0:44:e5:1c:a5:68:3a:
                    61:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E2:F6:1A:17:2F:65:F1:F8:EB:C4:17:3C:27:D2:43:C0:4C:E6:E6
            X509v3 Authority Key Identifier:
                keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/qOL2GhcvZfH468QXPCfSQ8BM5uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4587:2030::/46

    Signature Algorithm: sha256WithRSAEncryption
         3e:48:77:60:a4:e6:2c:1f:9f:8f:f3:76:c6:8f:7b:78:d5:30:
         bc:e4:e8:11:c5:47:3d:ad:de:59:c4:d2:af:60:46:a4:4e:e5:
         4b:77:3e:d7:0e:c3:83:7a:4c:be:03:3b:f4:cc:48:06:09:0e:
         38:b1:21:e1:be:ae:7a:81:d0:13:b2:44:87:54:fc:bc:98:88:
         30:42:c0:69:e6:6e:3b:8e:1d:f6:01:6f:eb:d1:3e:41:b7:b7:
         57:e5:29:5c:47:31:85:a2:df:9f:65:4d:cb:a3:de:4c:63:9f:
         c0:b9:14:ea:1d:55:06:5b:f4:13:5b:38:c2:9f:2c:c6:73:7a:
         b4:36:f8:b4:bb:b4:a0:67:06:86:ab:d4:33:2e:87:08:b9:7a:
         b2:57:52:8b:65:14:24:13:c5:9d:a9:9f:66:60:6b:48:6d:b1:
         1d:28:75:6d:b3:57:23:dc:de:d0:c3:f3:01:fd:62:be:cf:7a:
         bb:f1:3d:a7:36:52:7e:26:dc:c9:6d:1d:2d:53:f2:63:ea:3c:
         25:d3:2d:b2:f7:65:41:70:04:d0:66:33:3a:c8:65:f7:5c:de:
         9d:95:00:c8:27:ec:03:c8:4e:ca:b4:59:44:32:0f:1d:f5:ca:
         f8:5b:f2:3f:4b:70:e1:45:ed:12:bf:ea:94:0b:ff:df:b7:c3:
         eb:47:2a:b6
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAY0O7wDUSuDqEkeeeVIYN2BrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjQwMTE1MjEwMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGUyZjYxYTE3MmY2NWYxZjhlYmM0MTczYzI3ZDI0M2MwNGNlNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LxL93LL6Tg292vLHFVxxCbgIiKJ
+oLdlaMwg+HHbBHPjdYymQZyw7sEmQxI6tTK/SIX8TydfkIONC4RYWN5qLxLiuOh
qWoZsbDCwGGp1Dlz+PDmWFfDWNH8HPUsoaBt5ZL9TcCgaMpog1VGUzT6QkEdDyk0
GiA5QU3uggImx2vVleeQQf7XApzEMxNO3nczIL344aaXWMdHxJYlzqHUGlH7sTUv
7/xHOoDtK15MDZfAsTfdNG5WieWuvC/qe4DmYNJiDCwtIYjGS6y2ergt65ygkZ8n
RkalxvcFTBFgUP92cKhGA1lPtKgRT8qJxzq8su1tGN8cr7BE5RylaDphmQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFKji9hoXL2Xx+OvEFzwn0kPATObmMB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xL3FPTDJHaGN2WmZINDY4UVhQQ2ZTUThCTTV1WS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwIqCkWH
IDAwDQYJKoZIhvcNAQELBQADggEBAD5Id2Ck5iwfn4/zdsaPe3jVMLzk6BHFRz2t
3lnE0q9gRqRO5Ut3PtcOw4N6TL4DO/TMSAYJDjixIeG+rnqB0BOyRIdU/LyYiDBC
wGnmbjuOHfYBb+vRPkG3t1flKVxHMYWi359lTcuj3kxjn8C5FOodVQZb9BNbOMKf
LMZzerQ2+LS7tKBnBoar1DMuhwi5erJXUotlFCQTxZ2pn2Zga0htsR0odW2zVyPc
3tDD8wH9Yr7PervxPac2Un4m3MltHS1T8mPqPCXTLbL3ZUFwBNBmMzrIZfdc3p2V
AMgn7APITsq0WUQyDx31yvhb8j9LcOFF7RK/6pQL/9+3w+tHKrY=
-----END CERTIFICATE-----