Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/px96VewSUxJ4mPJ30uhyFQz9M9M.roa
File:                     px96VewSUxJ4mPJ30uhyFQz9M9M.roa (raw, json)
Hash identifier:          qrMT9SXTb/3A16M7wceULjVR8Tn/50tWl9mUxwo4xGk=
Subject key identifier:   A7:1F:7A:55:EC:12:53:12:78:98:F2:77:D2:E8:72:15:0C:FD:33:D3
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       018DA7DAA9C9F4EBB198A85FDF1C7FE46787
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/px96VewSUxJ4mPJ30uhyFQz9M9M.roa
Signing time:             Wed 14 Feb 2024 13:42:21 +0000
ROA not before:           Wed 14 Feb 2024 13:42:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215544
IP address blocks:        2a04:5b81:2140::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:da:a9:c9:f4:eb:b1:98:a8:5f:df:1c:7f:e4:67:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Feb 14 13:42:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a71f7a55ec1253127898f277d2e872150cfd33d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:71:5e:69:3c:65:ea:eb:d6:bd:f6:30:53:6c:
                    76:57:20:cf:13:5f:d1:69:72:a3:35:51:f4:0f:38:
                    6d:9d:18:28:df:dc:1a:ca:68:f2:c1:bd:f8:26:5d:
                    84:d5:7d:5a:2d:b0:f7:c0:d8:37:1f:57:b8:67:c7:
                    cc:f4:3f:a9:01:8a:e2:b1:76:fd:ad:00:00:74:fd:
                    71:e9:06:76:6d:c2:44:6b:cf:d4:2c:b1:45:7d:57:
                    7d:c2:20:3e:cd:97:34:e2:a7:e5:30:bc:e6:69:92:
                    8f:49:8c:18:13:c2:a7:15:55:b5:a4:39:09:d3:42:
                    10:cc:07:0e:f3:5b:c5:d8:7b:52:4a:61:75:9b:e9:
                    f3:94:a0:15:85:15:49:5b:56:89:c5:5d:5c:64:6f:
                    e6:ae:73:8f:13:bd:aa:06:99:fe:3c:39:ba:7b:a3:
                    18:85:e9:1a:ec:50:bb:3e:5b:0c:ef:b6:86:fa:c8:
                    eb:c8:74:e5:b5:fc:66:88:ca:3f:2b:b4:49:24:5b:
                    68:f9:31:bb:9c:64:86:71:50:3a:db:e0:ae:b0:6b:
                    3a:78:5f:63:cd:cd:f7:49:09:e2:14:e4:48:e1:58:
                    3d:55:6b:7a:80:8e:15:b1:f3:76:4b:41:23:1f:c0:
                    04:62:a3:a4:41:0d:07:a0:66:22:e1:22:41:72:68:
                    95:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1F:7A:55:EC:12:53:12:78:98:F2:77:D2:E8:72:15:0C:FD:33:D3
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/px96VewSUxJ4mPJ30uhyFQz9M9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5b81:2140::/44

    Signature Algorithm: sha256WithRSAEncryption
         02:fa:d5:bc:94:6b:f7:fb:19:db:0a:94:83:72:6e:54:20:01:
         f3:d9:9c:c8:d7:10:66:46:ac:3c:da:20:b5:75:b4:ef:c5:68:
         14:da:02:81:6e:e9:e2:fc:30:97:8d:cd:25:3c:c0:7c:95:c6:
         a6:6c:f5:02:8b:b8:fc:fd:2c:5c:26:f1:42:a9:82:06:1b:89:
         e5:ac:95:b2:8c:f1:db:d2:52:c4:05:0f:17:37:94:ef:c7:bc:
         0b:43:04:50:97:5e:b2:21:88:4b:f7:51:15:d6:b5:90:f4:4c:
         2b:40:7b:72:88:3c:c3:e8:19:ec:a8:da:ce:40:f2:27:26:71:
         6e:74:31:a0:08:16:11:cb:3b:5b:cf:90:63:2d:a7:92:c0:15:
         d5:f9:b5:fc:c8:5d:8a:3b:05:85:9c:31:00:a3:0f:22:6d:fe:
         e5:d6:bc:4b:6a:62:75:46:cf:ff:2b:41:6d:6f:ec:fc:76:18:
         9a:46:83:69:88:c4:23:7a:f0:f5:6d:eb:8c:48:08:1c:10:98:
         10:5a:da:e1:eb:24:cb:6d:b3:1b:71:4f:75:db:fe:6d:31:1e:
         f1:21:83:2c:23:b3:6a:7d:2a:90:0f:09:e9:a1:b9:b6:80:16:
         ec:53:1a:da:16:40:f4:29:64:bc:0d:7f:1c:63:43:0f:d5:08:
         54:09:70:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2n2qnJ9OuxmKhf3xx/5GeHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjQwMjE0MTM0MjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzFmN2E1NWVjMTI1MzEyNzg5OGYyNzdkMmU4NzIxNTBjZmQzM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHFeaTxl6uvWvfYwU2x2VyDPE1/R
aXKjNVH0DzhtnRgo39waymjywb34Jl2E1X1aLbD3wNg3H1e4Z8fM9D+pAYrisXb9
rQAAdP1x6QZ2bcJEa8/ULLFFfVd9wiA+zZc04qflMLzmaZKPSYwYE8KnFVW1pDkJ
00IQzAcO81vF2HtSSmF1m+nzlKAVhRVJW1aJxV1cZG/mrnOPE72qBpn+PDm6e6MY
heka7FC7PlsM77aG+sjryHTltfxmiMo/K7RJJFto+TG7nGSGcVA62+CusGs6eF9j
zc33SQniFORI4Vg9VWt6gI4VsfN2S0EjH8AEYqOkQQ0HoGYi4SJBcmiV9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKcfelXsElMSeJjyd9LochUM/TPTMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvcHg5NlZld1NVeEo0bVBKMzB1aHlGUXo5TTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgRbgSFA
MA0GCSqGSIb3DQEBCwUAA4IBAQAC+tW8lGv3+xnbCpSDcm5UIAHz2ZzI1xBmRqw8
2iC1dbTvxWgU2gKBbuni/DCXjc0lPMB8lcambPUCi7j8/SxcJvFCqYIGG4nlrJWy
jPHb0lLEBQ8XN5Tvx7wLQwRQl16yIYhL91EV1rWQ9EwrQHtyiDzD6BnsqNrOQPIn
JnFudDGgCBYRyztbz5BjLaeSwBXV+bX8yF2KOwWFnDEAow8ibf7l1rxLamJ1Rs//
K0Ftb+z8dhiaRoNpiMQjevD1beuMSAgcEJgQWtrh6yTLbbMbcU912/5tMR7xIYMs
I7NqfSqQDwnpobm2gBbsUxraFkD0KWS8DX8cY0MP1QhUCXDV
-----END CERTIFICATE-----