Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/kXgmge7ESHljZYYzMJGmdox-bvU.roa
File:                     kXgmge7ESHljZYYzMJGmdox-bvU.roa (raw, json)
Hash identifier:          9LmzvPvRPqZGTncUCQbNWYxgatiKVNLDtOBBvqyhx3o=
Subject key identifier:   91:78:26:81:EE:C4:48:79:63:65:86:33:30:91:A6:76:8C:7E:6E:F5
Certificate issuer:       /CN=568ae803b9ba38855401827b3eece14505a9c0f6
Certificate serial:       018CC56E71A0C288B7423E3780D79007B465
Authority key identifier: 56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/kXgmge7ESHljZYYzMJGmdox-bvU.roa
Signing time:             Mon 01 Jan 2024 14:29:58 +0000
ROA not before:           Mon 01 Jan 2024 14:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198150
IP address blocks:        2a00:1c28:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:71:a0:c2:88:b7:42:3e:37:80:d7:90:07:b4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568ae803b9ba38855401827b3eece14505a9c0f6
        Validity
            Not Before: Jan  1 14:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91782681eec44879636586333091a6768c7e6ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c6:93:ce:ae:19:9c:76:14:74:a1:78:ae:6a:
                    10:cc:ec:1d:4b:ea:5b:16:f6:32:ca:ee:8a:7b:71:
                    23:ca:67:5b:93:1b:41:29:75:c4:fb:93:10:89:54:
                    cd:40:c8:02:5d:09:2e:8e:81:3f:88:56:e9:07:36:
                    0b:e3:d4:3a:69:59:5b:fa:83:98:08:18:8a:49:ae:
                    b7:69:20:8a:b8:2b:c9:84:d5:71:d9:bb:55:a9:4d:
                    78:14:33:33:42:c2:03:50:03:de:e5:c9:c8:d5:b8:
                    4c:1e:65:4d:f3:58:a6:d3:fd:69:a9:26:7c:98:db:
                    72:d3:0a:bd:c2:6b:33:c5:9a:d2:b7:32:82:cc:d8:
                    17:66:34:bd:90:47:3b:65:54:14:c6:d7:4a:0d:25:
                    44:17:14:ec:c4:e5:61:0c:bb:3b:14:bd:61:68:d5:
                    60:15:df:e8:3d:1f:68:37:3d:84:79:1b:18:58:84:
                    1f:02:81:f3:69:f5:55:aa:25:2d:cc:c8:f2:7e:59:
                    6c:41:62:19:6e:52:88:db:8f:60:01:3a:f6:84:a3:
                    ed:d6:8a:ff:3a:25:2e:44:77:25:83:3b:2e:1d:6c:
                    d4:16:48:ab:03:c8:b4:bb:22:bc:12:a9:29:1d:3d:
                    ef:47:93:5f:8a:8e:55:72:ad:c7:b1:3c:f0:b5:df:
                    86:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:78:26:81:EE:C4:48:79:63:65:86:33:30:91:A6:76:8C:7E:6E:F5
            X509v3 Authority Key Identifier:
                keyid:56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/kXgmge7ESHljZYYzMJGmdox-bvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1c28:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:a2:73:dc:d3:e7:11:76:83:af:3b:24:b0:01:9e:f8:c4:d3:
         ca:7d:8a:8b:9c:ea:cb:57:71:fa:ed:2d:90:48:76:00:ae:6a:
         36:2f:1c:f3:f7:c4:93:f1:30:c3:b2:9a:07:db:7d:f8:21:0b:
         c9:48:79:e8:f0:0d:ff:2e:7e:5a:45:bd:92:ce:c4:ce:29:70:
         a6:d1:53:b9:29:4e:a8:f9:84:bc:8d:6a:d2:9f:c1:5c:b9:4b:
         20:26:1c:af:19:cd:1d:41:31:0c:5b:ad:a8:f5:1c:20:d8:99:
         29:2c:96:b4:6d:be:80:9c:37:95:4a:c2:8f:aa:a4:0b:42:1d:
         8c:1c:3a:07:f7:33:85:b0:90:96:a0:9a:8f:c2:01:13:27:70:
         3f:ba:76:6b:ee:cf:68:5e:9a:ba:10:34:c9:9e:08:03:e8:46:
         fb:80:58:41:ab:85:79:a5:85:17:54:35:6c:ec:bd:3d:e3:79:
         b1:44:51:74:c0:81:d4:e2:67:c6:fc:bb:b6:de:31:6f:c3:30:
         e1:e3:09:0c:ce:7e:50:8d:f8:14:06:b2:ed:d2:71:05:c4:58:
         c1:1b:75:94:9d:5c:0c:42:0b:e4:c1:0e:03:66:60:81:10:9a:
         c1:b3:e2:44:2f:ba:e2:a3:55:e1:a7:60:c4:58:8d:2c:d4:fe:
         b5:ad:a4:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbnGgwoi3Qj43gNeQB7RlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGFlODAzYjliYTM4ODU1NDAxODI3YjNlZWNlMTQ1MDVh
OWMwZjYwHhcNMjQwMTAxMTQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTc4MjY4MWVlYzQ0ODc5NjM2NTg2MzMzMDkxYTY3NjhjN2U2ZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocaTzq4ZnHYUdKF4rmoQzOwdS+pb
FvYyyu6Ke3EjymdbkxtBKXXE+5MQiVTNQMgCXQkujoE/iFbpBzYL49Q6aVlb+oOY
CBiKSa63aSCKuCvJhNVx2btVqU14FDMzQsIDUAPe5cnI1bhMHmVN81im0/1pqSZ8
mNty0wq9wmszxZrStzKCzNgXZjS9kEc7ZVQUxtdKDSVEFxTsxOVhDLs7FL1haNVg
Fd/oPR9oNz2EeRsYWIQfAoHzafVVqiUtzMjyfllsQWIZblKI249gATr2hKPt1or/
OiUuRHclgzsuHWzUFkirA8i0uyK8EqkpHT3vR5Nfio5Vcq3HsTzwtd+GiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJF4JoHuxEh5Y2WGMzCRpnaMfm71MB8GA1UdIwQY
MBaAFFaK6AO5ujiFVAGCez7s4UUFqcD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAt
OGVhZThiNzVlOWNhLzEva1hnbWdlN0VTSGxqWllZek1KR21kb3gtYnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAtOGVhZThiNzVlOWNh
LzEvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAcKAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQCyonPc0+cRdoOvOySwAZ74xNPKfYqLnOrLV3H6
7S2QSHYArmo2Lxzz98ST8TDDspoH2334IQvJSHno8A3/Ln5aRb2SzsTOKXCm0VO5
KU6o+YS8jWrSn8FcuUsgJhyvGc0dQTEMW62o9Rwg2JkpLJa0bb6AnDeVSsKPqqQL
Qh2MHDoH9zOFsJCWoJqPwgETJ3A/unZr7s9oXpq6EDTJnggD6Eb7gFhBq4V5pYUX
VDVs7L0943mxRFF0wIHU4mfG/Lu23jFvwzDh4wkMzn5QjfgUBrLt0nEFxFjBG3WU
nVwMQgvkwQ4DZmCBEJrBs+JEL7rio1Xhp2DEWI0s1P61raTf
-----END CERTIFICATE-----