Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/mvlWxjNYfAygnMT08E51HYaK9Ck.roa
File:                     mvlWxjNYfAygnMT08E51HYaK9Ck.roa (raw, json)
Hash identifier:          sSimb/mLnEygX0CAcWuA4aihyyrEcsG1lHMT7cOV1FQ=
Subject key identifier:   9A:F9:56:C6:33:58:7C:0C:A0:9C:C4:F4:F0:4E:75:1D:86:8A:F4:29
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       018CC8DE3B271E66FE10F8AF7ABF16A4AB33
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/mvlWxjNYfAygnMT08E51HYaK9Ck.roa
Signing time:             Tue 02 Jan 2024 06:30:56 +0000
ROA not before:           Tue 02 Jan 2024 06:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        2a04:5b81:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 03:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:3b:27:1e:66:fe:10:f8:af:7a:bf:16:a4:ab:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jan  2 06:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9af956c633587c0ca09cc4f4f04e751d868af429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:05:58:79:e3:a9:37:03:a2:6c:6f:10:f2:aa:
                    fd:6d:dc:a4:0f:28:9d:a8:1c:1e:41:06:f2:d3:f8:
                    8a:d9:38:4a:9b:6a:8e:c0:25:18:48:75:76:c1:12:
                    a6:6c:b6:1a:32:26:05:2e:29:fb:97:9f:94:c8:8c:
                    3d:b4:5d:36:ad:16:bd:e3:7e:5f:ec:c7:c8:4a:64:
                    bc:98:ac:05:8b:c4:c4:e0:83:9a:aa:e3:e0:7e:9e:
                    e7:31:83:ae:1f:4c:a2:1d:8d:4b:ba:d9:4f:cf:60:
                    01:b5:ae:f3:0e:53:c4:f4:7b:5f:34:f7:bd:3b:e8:
                    11:6c:93:e7:af:e9:e4:0a:d3:b9:5f:10:3c:d3:e0:
                    18:b9:22:c3:1c:72:70:87:3f:8a:91:35:6f:e6:d6:
                    77:cf:52:7a:c2:02:b7:80:9e:d2:88:e2:91:99:49:
                    6e:47:05:6a:87:25:46:c7:bb:4c:34:3a:f1:60:fe:
                    5c:3f:86:61:68:20:e7:f8:14:b3:98:64:61:02:5b:
                    4c:92:94:23:9a:94:18:dc:85:71:8d:88:3d:de:27:
                    21:61:0c:7e:bb:d8:05:04:6f:9e:2a:b3:b0:53:00:
                    0e:72:c3:2d:56:38:4b:d6:76:5f:3c:0e:cd:b9:cc:
                    e0:a2:34:94:18:f8:36:6e:b3:02:24:b4:51:53:a9:
                    85:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F9:56:C6:33:58:7C:0C:A0:9C:C4:F4:F0:4E:75:1D:86:8A:F4:29
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/mvlWxjNYfAygnMT08E51HYaK9Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5b81:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:7d:fc:07:56:0b:37:35:c6:f5:f4:05:ff:3a:b9:9f:ac:79:
         74:61:dc:1c:51:f3:a2:0a:a2:a1:00:13:ef:73:68:a9:7e:a6:
         fa:85:3d:04:96:f7:9c:9b:94:cf:cc:9f:d2:4e:fc:25:db:94:
         03:65:fd:b9:34:83:48:47:95:2d:ac:00:d8:c7:40:bb:3b:26:
         a0:53:98:d5:8a:f1:1e:be:17:03:de:3d:11:cf:bd:3c:bf:ec:
         71:a5:c8:c7:b8:9c:88:ac:94:eb:3a:08:06:db:3a:36:ca:b0:
         fa:c7:0c:3a:4f:10:c1:0c:49:49:f5:76:e7:c6:a2:bc:9e:63:
         11:3d:00:7c:6e:95:47:53:db:62:85:73:6f:06:98:3b:21:c5:
         0d:f5:0d:68:05:22:03:cd:2e:98:88:36:c7:d5:4a:14:fd:26:
         71:54:39:87:e2:5d:04:6e:0a:be:53:d5:e9:58:19:4c:ba:7b:
         eb:95:d7:19:0c:c1:ef:dd:13:71:96:71:1a:f7:30:51:3e:69:
         0c:c7:d4:d6:10:d6:59:87:fb:fd:72:c8:50:b0:d9:25:8e:b2:
         ad:a4:13:58:92:85:d7:f9:da:fd:05:20:07:55:05:fb:72:ca:
         52:7b:41:49:00:b2:00:40:dd:d2:cd:2b:f6:bb:df:85:26:1e:
         4c:20:5a:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3jsnHmb+EPiver8WpKszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjQwMTAyMDYzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY5NTZjNjMzNTg3YzBjYTA5Y2M0ZjRmMDRlNzUxZDg2OGFmNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQVYeeOpNwOibG8Q8qr9bdykDyid
qBweQQby0/iK2ThKm2qOwCUYSHV2wRKmbLYaMiYFLin7l5+UyIw9tF02rRa9435f
7MfISmS8mKwFi8TE4IOaquPgfp7nMYOuH0yiHY1LutlPz2ABta7zDlPE9HtfNPe9
O+gRbJPnr+nkCtO5XxA80+AYuSLDHHJwhz+KkTVv5tZ3z1J6wgK3gJ7SiOKRmUlu
RwVqhyVGx7tMNDrxYP5cP4ZhaCDn+BSzmGRhAltMkpQjmpQY3IVxjYg93ichYQx+
u9gFBG+eKrOwUwAOcsMtVjhL1nZfPA7NuczgojSUGPg2brMCJLRRU6mFkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJr5VsYzWHwMoJzE9PBOdR2GivQpMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvbXZsV3hqTllmQXlnbk1UMDhFNTFIWWFLOUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgRbgSAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA5ffwHVgs3Ncb19AX/OrmfrHl0YdwcUfOiCqKh
ABPvc2ipfqb6hT0Elvecm5TPzJ/STvwl25QDZf25NINIR5UtrADYx0C7OyagU5jV
ivEevhcD3j0Rz708v+xxpcjHuJyIrJTrOggG2zo2yrD6xww6TxDBDElJ9XbnxqK8
nmMRPQB8bpVHU9tihXNvBpg7IcUN9Q1oBSIDzS6YiDbH1UoU/SZxVDmH4l0Ebgq+
U9XpWBlMunvrldcZDMHv3RNxlnEa9zBRPmkMx9TWENZZh/v9cshQsNkljrKtpBNY
koXX+dr9BSAHVQX7cspSe0FJALIAQN3SzSv2u9+FJh5MIFqL
-----END CERTIFICATE-----