Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/aN-ImVLaoVwgoMq-WtvHnLdKG9E.roa
File:                     aN-ImVLaoVwgoMq-WtvHnLdKG9E.roa (raw, json)
Hash identifier:          eLjr6PEbgYJwr7DWb1WzGMOmeeLwXZLY3bKnExKYdMs=
Subject key identifier:   68:DF:88:99:52:DA:A1:5C:20:A0:CA:BE:5A:DB:C7:9C:B7:4A:1B:D1
Certificate issuer:       /CN=52eb03d211996e99a49e3c3f9ce4b3f2a15723c5
Certificate serial:       018E55614B7968DDF1CFE59F4E229E40403B
Authority key identifier: 52:EB:03:D2:11:99:6E:99:A4:9E:3C:3F:9C:E4:B3:F2:A1:57:23:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UusD0hGZbpmknjw_nOSz8qFXI8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/aN-ImVLaoVwgoMq-WtvHnLdKG9E.roa
Signing time:             Tue 19 Mar 2024 06:23:43 +0000
ROA not before:           Tue 19 Mar 2024 06:23:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47367
IP address blocks:        2a0f:eb80:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/UusD0hGZbpmknjw_nOSz8qFXI8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/UusD0hGZbpmknjw_nOSz8qFXI8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UusD0hGZbpmknjw_nOSz8qFXI8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:55:61:4b:79:68:dd:f1:cf:e5:9f:4e:22:9e:40:40:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52eb03d211996e99a49e3c3f9ce4b3f2a15723c5
        Validity
            Not Before: Mar 19 06:23:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68df889952daa15c20a0cabe5adbc79cb74a1bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4c:0d:ab:70:89:34:d0:ce:6b:d1:b4:c6:b0:
                    fe:bc:23:62:08:0a:65:38:11:82:ea:d8:75:81:9b:
                    9d:ae:c8:3d:18:10:9e:bc:f4:40:f3:db:ec:4d:f7:
                    fa:09:c8:11:51:2e:97:a8:74:49:e8:f7:59:f4:fe:
                    45:91:95:1e:57:fd:aa:9b:eb:2c:5b:a7:c6:04:57:
                    be:3d:f6:ec:15:1c:b7:73:33:69:86:96:0f:3a:0f:
                    53:5e:47:97:56:00:c0:c1:74:59:58:ba:47:a0:f5:
                    2b:9d:57:f1:81:75:ba:bf:2c:bf:f5:33:a6:92:0f:
                    f6:ae:e3:24:e7:68:02:e2:64:38:a6:23:c9:4e:c1:
                    67:4d:ca:87:e1:ac:2a:39:01:f4:8d:5b:58:13:e1:
                    c6:75:ed:80:9b:13:b4:89:9b:64:88:64:e4:ca:e5:
                    b6:59:40:2f:49:01:8e:2b:e8:56:e3:60:0e:f1:1d:
                    aa:4f:c8:47:fd:38:7a:f4:ea:8e:30:cc:c9:a1:62:
                    e7:43:d3:03:3e:7a:b7:5d:02:9e:85:3f:fd:65:b0:
                    b0:d5:9e:04:8c:43:1a:5f:59:02:22:46:44:9b:77:
                    9d:0e:f8:92:8b:2e:04:e7:b4:04:c7:d4:76:b6:e3:
                    79:24:3e:e3:dd:18:85:c2:45:94:22:dc:3c:62:40:
                    bb:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DF:88:99:52:DA:A1:5C:20:A0:CA:BE:5A:DB:C7:9C:B7:4A:1B:D1
            X509v3 Authority Key Identifier:
                keyid:52:EB:03:D2:11:99:6E:99:A4:9E:3C:3F:9C:E4:B3:F2:A1:57:23:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UusD0hGZbpmknjw_nOSz8qFXI8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/aN-ImVLaoVwgoMq-WtvHnLdKG9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/UusD0hGZbpmknjw_nOSz8qFXI8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:eb80:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:0c:b7:3f:78:4c:80:2c:e8:32:98:12:fd:b5:f5:ba:d9:03:
         f1:05:5e:e8:1a:85:0e:5a:d0:29:17:91:47:b5:d3:ea:f9:89:
         d1:7e:fa:67:18:f7:36:f4:e3:3e:7d:df:27:88:bd:09:4b:83:
         5c:56:a2:06:f7:58:3c:10:52:00:c8:1a:72:40:cf:88:94:59:
         7d:bf:ab:cf:9f:02:a0:77:ae:9a:8a:b8:82:a2:49:ec:ed:97:
         da:e7:ae:36:fc:68:d4:c9:0c:ed:ba:7a:82:2b:32:9f:14:54:
         99:bd:7a:0a:a6:32:40:bb:f5:1e:4d:38:83:a2:95:68:1b:02:
         5c:29:f5:e2:0b:11:a7:3b:3c:89:83:c4:d4:83:ac:95:1e:24:
         c8:af:16:94:e9:b8:25:02:67:6d:9d:86:85:e1:21:f4:75:4e:
         d8:27:bf:8b:61:a8:16:96:f0:00:76:3a:6d:a9:a5:f6:fd:5c:
         91:89:1a:b2:cb:f9:fc:4f:dd:ba:7b:57:f5:88:ad:8f:36:82:
         2c:27:d5:3b:38:e7:c1:6f:ba:5b:2d:7e:be:ce:ed:ed:ca:d1:
         a2:3d:8e:f5:b0:cc:ef:f1:30:15:ee:4c:8e:8a:2a:1f:4b:85:
         c0:f2:3d:01:49:8e:af:2b:c8:ea:56:0b:d9:10:41:41:4d:a5:
         32:73:3e:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5VYUt5aN3xz+WfTiKeQEA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZWIwM2QyMTE5OTZlOTlhNDllM2MzZjljZTRiM2YyYTE1
NzIzYzUwHhcNMjQwMzE5MDYyMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRmODg5OTUyZGFhMTVjMjBhMGNhYmU1YWRiYzc5Y2I3NGExYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUwNq3CJNNDOa9G0xrD+vCNiCApl
OBGC6th1gZudrsg9GBCevPRA89vsTff6CcgRUS6XqHRJ6PdZ9P5FkZUeV/2qm+ss
W6fGBFe+PfbsFRy3czNphpYPOg9TXkeXVgDAwXRZWLpHoPUrnVfxgXW6vyy/9TOm
kg/2ruMk52gC4mQ4piPJTsFnTcqH4awqOQH0jVtYE+HGde2AmxO0iZtkiGTkyuW2
WUAvSQGOK+hW42AO8R2qT8hH/Th69OqOMMzJoWLnQ9MDPnq3XQKehT/9ZbCw1Z4E
jEMaX1kCIkZEm3edDviSiy4E57QEx9R2tuN5JD7j3RiFwkWUItw8YkC7owIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGjfiJlS2qFcIKDKvlrbx5y3ShvRMB8GA1UdIwQY
MBaAFFLrA9IRmW6ZpJ48P5zks/KhVyPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXVzRDBoR1picG1rbmp3X25PU3o4cUZYSThVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82NjY3NmEtM2JhYy00YjZkLWE2Mzgt
OTZjZDQyZjBmOTViLzEvYU4tSW1WTGFvVndnb01xLVd0dkhuTGRLRzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82NjY3NmEtM2JhYy00YjZkLWE2MzgtOTZjZDQyZjBmOTVi
LzEvVXVzRDBoR1picG1rbmp3X25PU3o4cUZYSThVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/rgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBbDLc/eEyALOgymBL9tfW62QPxBV7oGoUOWtAp
F5FHtdPq+YnRfvpnGPc29OM+fd8niL0JS4NcVqIG91g8EFIAyBpyQM+IlFl9v6vP
nwKgd66airiCokns7Zfa5642/GjUyQztunqCKzKfFFSZvXoKpjJAu/UeTTiDopVo
GwJcKfXiCxGnOzyJg8TUg6yVHiTIrxaU6bglAmdtnYaF4SH0dU7YJ7+LYagWlvAA
djptqaX2/VyRiRqyy/n8T926e1f1iK2PNoIsJ9U7OOfBb7pbLX6+zu3tytGiPY71
sMzv8TAV7kyOiiofS4XA8j0BSY6vK8jqVgvZEEFBTaUycz7x
-----END CERTIFICATE-----