Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/rWlDzoEy1Z3PHvqyVKC1OBYbHjI.roa
File:                     rWlDzoEy1Z3PHvqyVKC1OBYbHjI.roa (raw, json)
Hash identifier:          /Un8P8Aj5D72F5a3MMgV2S1ea3+I/3ZF+vjH5BepeD8=
Subject key identifier:   AD:69:43:CE:81:32:D5:9D:CF:1E:FA:B2:54:A0:B5:38:16:1B:1E:32
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B4A094D33C61289F462E7715CE382
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/rWlDzoEy1Z3PHvqyVKC1OBYbHjI.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12337
IP address blocks:        2a02:1140:113::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4a:09:4d:33:c6:12:89:f4:62:e7:71:5c:e3:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad6943ce8132d59dcf1efab254a0b538161b1e32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c4:b7:79:fe:44:e7:bc:54:82:c8:6f:ce:ba:
                    00:4c:7d:38:93:a1:ac:10:08:da:00:e8:d4:96:35:
                    f3:25:af:f1:cf:ad:da:35:0e:b6:7d:57:12:bf:06:
                    5b:e1:20:b8:1a:9d:74:7f:22:f0:3c:17:5c:50:cd:
                    f6:a7:aa:81:6e:ec:5a:54:02:bf:72:95:bb:85:b0:
                    63:ca:28:39:63:e7:a5:29:43:c8:77:8b:47:f0:0e:
                    c6:1d:b8:64:49:6d:39:39:cd:32:ef:4f:50:e2:d5:
                    f7:78:2d:22:e0:19:cc:22:b7:b4:c7:e9:d0:fc:8e:
                    5c:08:1f:7d:d7:36:0f:90:a5:b0:e4:5b:76:b4:f1:
                    13:3a:7d:d1:cf:92:53:fc:a8:4d:0f:fb:06:e8:a0:
                    35:c5:b6:10:c0:77:73:2c:32:b3:6e:54:af:09:68:
                    2b:8e:ec:5e:69:94:ed:fa:d8:f8:6e:d4:88:9f:7c:
                    ac:af:94:5f:55:b5:9a:81:45:a2:c2:ea:ee:48:9a:
                    fa:5c:8c:07:84:d7:9a:b2:1b:4c:29:9a:da:74:cc:
                    26:c9:10:c8:d3:5d:00:5e:78:0b:43:bb:e9:78:81:
                    1e:a9:ed:cc:2f:e4:5d:ee:dc:19:8a:3a:19:0d:f2:
                    b3:c0:da:8f:75:3a:48:f2:03:48:5e:f3:f7:41:18:
                    1d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:69:43:CE:81:32:D5:9D:CF:1E:FA:B2:54:A0:B5:38:16:1B:1E:32
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/rWlDzoEy1Z3PHvqyVKC1OBYbHjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1140:113::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:72:f4:0b:48:7b:a8:34:e1:99:7b:e7:04:85:9e:b9:3b:b0:
         6d:76:f1:40:d0:2c:f3:71:51:bd:6f:be:ee:1e:b3:5a:38:1c:
         6b:9b:f4:8a:1f:87:5d:5d:6c:c0:8a:c6:ce:a2:8c:9c:28:00:
         ca:24:a4:6a:33:a3:2f:ca:22:28:6f:c3:4c:70:72:9a:fc:f9:
         13:04:40:ce:5f:df:83:72:58:df:47:96:58:c8:21:be:3e:d5:
         63:f7:d1:a2:fb:9c:79:1f:95:47:5c:fb:cf:a8:05:06:a3:95:
         e4:30:b0:8e:4d:0c:74:d3:7d:fc:4b:fd:6f:6b:00:30:84:f6:
         8b:b5:34:6d:7a:1d:dc:ae:c2:b2:ed:1b:44:01:f9:1c:c2:63:
         68:09:d4:83:ec:83:d3:e6:39:01:d8:eb:cf:bb:1f:e2:e5:bf:
         8c:ab:24:be:02:6c:0f:62:14:f3:70:3a:cd:4b:ec:8e:d9:44:
         b1:c3:87:0f:3d:74:8d:8b:ce:0e:9a:d4:71:2c:e4:53:10:0d:
         b5:28:5c:26:1a:d3:bf:ec:95:d5:6a:35:90:0f:73:7e:30:3d:
         c8:17:cf:b1:d9:64:5b:e7:d0:3d:5a:ec:72:c0:e6:b5:87:91:
         86:fa:3e:64:22:00:ff:c0:d0:80:21:28:69:5a:b7:3d:72:4a:
         a9:c2:ef:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS0oJTTPGEon0YudxXOOCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY5NDNjZTgxMzJkNTlkY2YxZWZhYjI1NGEwYjUzODE2MWIxZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMS3ef5E57xUgshvzroATH04k6Gs
EAjaAOjUljXzJa/xz63aNQ62fVcSvwZb4SC4Gp10fyLwPBdcUM32p6qBbuxaVAK/
cpW7hbBjyig5Y+elKUPId4tH8A7GHbhkSW05Oc0y709Q4tX3eC0i4BnMIre0x+nQ
/I5cCB991zYPkKWw5Ft2tPETOn3Rz5JT/KhND/sG6KA1xbYQwHdzLDKzblSvCWgr
juxeaZTt+tj4btSIn3ysr5RfVbWagUWiwuruSJr6XIwHhNeashtMKZradMwmyRDI
010AXngLQ7vpeIEeqe3ML+Rd7twZijoZDfKzwNqPdTpI8gNIXvP3QRgdpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK1pQ86BMtWdzx76slSgtTgWGx4yMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvcldsRHpvRXkxWjNQSHZxeVZLQzFPQlliSGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIRQAET
MA0GCSqGSIb3DQEBCwUAA4IBAQB6cvQLSHuoNOGZe+cEhZ65O7BtdvFA0CzzcVG9
b77uHrNaOBxrm/SKH4ddXWzAisbOooycKADKJKRqM6MvyiIob8NMcHKa/PkTBEDO
X9+DcljfR5ZYyCG+PtVj99Gi+5x5H5VHXPvPqAUGo5XkMLCOTQx00338S/1vawAw
hPaLtTRteh3crsKy7RtEAfkcwmNoCdSD7IPT5jkB2OvPux/i5b+MqyS+AmwPYhTz
cDrNS+yO2USxw4cPPXSNi84OmtRxLORTEA21KFwmGtO/7JXVajWQD3N+MD3IF8+x
2WRb59A9WuxywOa1h5GG+j5kIgD/wNCAIShpWrc9ckqpwu+/
-----END CERTIFICATE-----