Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/69s2FLfkgc0oYLRGlDOVhsEz-o8.roa
File:                     69s2FLfkgc0oYLRGlDOVhsEz-o8.roa (raw, json)
Hash identifier:          RWjksRyEm2yvbqm2/+tAxzBcXhFAKKqOnlGc0nbWQfw=
Subject key identifier:   EB:DB:36:14:B7:E4:81:CD:28:60:B4:46:94:33:95:86:C1:33:FA:8F
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B4AE30C3936FAAD7858B85E6DE3C4
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/69s2FLfkgc0oYLRGlDOVhsEz-o8.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24845
IP address blocks:        2a02:102e::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4a:e3:0c:39:36:fa:ad:78:58:b8:5e:6d:e3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebdb3614b7e481cd2860b44694339586c133fa8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7e:70:a1:c3:6a:62:9f:c3:ec:fc:b6:8d:b1:
                    b3:ad:18:10:1d:11:cf:ae:75:b4:fa:db:ad:c6:b3:
                    18:7b:cf:d5:a1:03:5d:16:85:9f:b0:25:5f:6c:70:
                    fb:bc:68:c2:c0:dc:ed:2b:5d:9c:e3:97:04:29:b3:
                    f4:a4:de:24:37:fd:76:ff:da:3c:21:0b:f9:02:15:
                    cb:bc:ed:ed:d5:0c:60:0b:9f:8e:66:38:98:71:c1:
                    09:d3:af:ca:f3:1f:53:86:82:d0:c7:d1:7e:8b:6e:
                    b6:90:a9:31:80:3c:4d:63:a6:52:e4:5c:7e:55:64:
                    13:a1:5d:ff:4e:0d:b6:8b:7f:80:fd:05:48:73:cb:
                    85:ed:87:2a:a7:cf:b6:c0:5a:bf:3e:40:2c:40:8b:
                    28:e0:da:b5:94:ac:59:cd:34:52:b4:64:f2:ac:a6:
                    a3:b1:e9:78:ff:8a:82:fd:84:62:32:59:27:85:f6:
                    e6:3d:b5:b3:23:f7:42:eb:9a:04:69:1c:01:e9:43:
                    09:af:9e:69:98:bd:b6:1e:89:3e:2d:21:c9:c7:46:
                    14:6d:08:70:30:01:86:3d:13:fe:49:db:55:bb:98:
                    71:8d:09:8e:03:8e:1e:6a:2b:ca:75:ca:6f:39:3c:
                    eb:22:6f:27:d8:dc:70:3c:86:1a:e1:d1:f0:df:d0:
                    f1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:DB:36:14:B7:E4:81:CD:28:60:B4:46:94:33:95:86:C1:33:FA:8F
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/69s2FLfkgc0oYLRGlDOVhsEz-o8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:102e::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:6c:58:70:0f:f6:16:b8:32:0b:0b:70:32:ce:31:d9:be:e9:
         e5:c3:83:fa:d3:16:d4:8f:a0:fa:c6:ff:38:74:a7:c3:f1:d5:
         dc:e2:00:8c:8d:b5:3c:de:b1:56:22:49:c3:7f:b7:5e:07:3b:
         86:7f:81:e0:1a:66:be:46:64:42:3a:93:a5:b6:c1:7b:b9:d4:
         29:f8:6c:4d:6c:e0:63:f5:05:2d:51:0c:ac:80:2b:71:e5:ca:
         1a:c2:d0:b2:36:69:66:be:22:9b:fd:6c:3a:e0:57:4e:a8:db:
         6e:da:70:de:ad:c4:27:e3:5b:25:5d:1e:63:20:d8:c3:ea:3b:
         f8:cb:22:7c:82:55:33:13:8a:26:ff:e3:e5:a3:36:d6:2b:0e:
         77:2e:e0:0c:be:7b:b2:67:93:94:b4:eb:89:93:87:7f:31:c6:
         50:c1:59:0a:fc:2a:99:20:3d:b9:0f:4e:bd:6e:0f:43:6a:1f:
         de:a7:04:ec:d5:2b:df:98:99:f9:31:f4:79:f3:6b:92:ae:6f:
         dd:0d:81:7e:98:e5:83:88:2e:b6:a6:6d:0a:d4:0e:f0:70:40:
         02:bd:37:6d:3f:2f:f5:1c:ad:ce:ef:b3:0f:ad:27:68:87:d5:
         a9:aa:8a:22:5c:ba:51:f3:c1:64:be:7e:5f:60:52:b9:a8:f1:
         5d:ad:77:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGS0rjDDk2+q14WLhebePEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmRiMzYxNGI3ZTQ4MWNkMjg2MGI0NDY5NDMzOTU4NmMxMzNmYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoX5wocNqYp/D7Py2jbGzrRgQHRHP
rnW0+tutxrMYe8/VoQNdFoWfsCVfbHD7vGjCwNztK12c45cEKbP0pN4kN/12/9o8
IQv5AhXLvO3t1QxgC5+OZjiYccEJ06/K8x9ThoLQx9F+i262kKkxgDxNY6ZS5Fx+
VWQToV3/Tg22i3+A/QVIc8uF7Ycqp8+2wFq/PkAsQIso4Nq1lKxZzTRStGTyrKaj
sel4/4qC/YRiMlknhfbmPbWzI/dC65oEaRwB6UMJr55pmL22Hok+LSHJx0YUbQhw
MAGGPRP+SdtVu5hxjQmOA44eaivKdcpvOTzrIm8n2NxwPIYa4dHw39DxFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOvbNhS35IHNKGC0RpQzlYbBM/qPMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvNjlzMkZMZmtnYzBvWUxSR2xET1Zoc0V6LW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIQLjAN
BgkqhkiG9w0BAQsFAAOCAQEAXGxYcA/2FrgyCwtwMs4x2b7p5cOD+tMW1I+g+sb/
OHSnw/HV3OIAjI21PN6xViJJw3+3Xgc7hn+B4BpmvkZkQjqTpbbBe7nUKfhsTWzg
Y/UFLVEMrIArceXKGsLQsjZpZr4im/1sOuBXTqjbbtpw3q3EJ+NbJV0eYyDYw+o7
+MsifIJVMxOKJv/j5aM21isOdy7gDL57smeTlLTriZOHfzHGUMFZCvwqmSA9uQ9O
vW4PQ2of3qcE7NUr35iZ+TH0efNrkq5v3Q2Bfpjlg4gutqZtCtQO8HBAAr03bT8v
9Rytzu+zD60naIfVqaqKIly6UfPBZL5+X2BSuajxXa13cA==
-----END CERTIFICATE-----