Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/hMDHTijOYTL1udBivSvS7I9XjFg.roa
File:                     hMDHTijOYTL1udBivSvS7I9XjFg.roa (raw, json)
Hash identifier:          boifnLqoRo8NBmqV/wiqWj+1yIiHihGnjBDqPmKfPUo=
Subject key identifier:   84:C0:C7:4E:28:CE:61:32:F5:B9:D0:62:BD:2B:D2:EC:8F:57:8C:58
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018D31B0920CEB32165E8BA2CE799337EE1E
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/hMDHTijOYTL1udBivSvS7I9XjFg.roa
Signing time:             Mon 22 Jan 2024 15:01:11 +0000
ROA not before:           Mon 22 Jan 2024 15:01:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215787
IP address blocks:        2a0d:2146:bdf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:b0:92:0c:eb:32:16:5e:8b:a2:ce:79:93:37:ee:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan 22 15:01:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84c0c74e28ce6132f5b9d062bd2bd2ec8f578c58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f6:75:2c:10:3b:df:d7:c4:1f:66:0e:51:96:
                    e7:07:13:55:2f:88:87:40:2a:24:98:9c:5a:55:48:
                    7d:43:18:cb:a5:91:a7:ee:db:68:47:a4:6d:c9:70:
                    c5:ac:04:84:a3:39:0c:ed:7e:19:ba:f5:66:61:48:
                    00:7b:e2:a1:fd:ea:32:2f:c3:58:90:61:49:5e:a9:
                    99:3c:00:5e:88:e0:7e:02:24:0b:63:2f:1d:01:c0:
                    36:bb:d1:71:59:46:4c:32:7a:65:38:83:8b:2e:1f:
                    3c:70:5f:66:ae:95:0b:63:d6:62:df:23:5e:53:7d:
                    fd:d1:22:37:43:d3:96:e2:78:01:48:39:5e:cd:54:
                    6c:3d:40:9f:f6:75:a3:b8:84:b0:56:9c:61:2c:89:
                    8b:6d:c4:44:97:f1:a2:cc:39:41:b1:d6:51:bf:1f:
                    17:0d:98:e9:0d:f0:e5:c7:cb:28:78:1a:e7:64:9f:
                    62:b4:6f:ac:ac:84:12:d2:6e:e5:11:3c:89:89:f7:
                    ce:d9:b5:0c:86:2a:0c:e2:d4:32:10:12:81:e5:ac:
                    58:ae:41:cb:f7:66:fd:e6:b0:10:ce:e6:9f:13:be:
                    05:48:27:bb:76:96:06:34:a5:ee:d3:7a:4d:63:5f:
                    79:b4:ce:74:aa:2a:a1:5e:83:df:00:55:32:fd:0b:
                    5c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C0:C7:4E:28:CE:61:32:F5:B9:D0:62:BD:2B:D2:EC:8F:57:8C:58
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/hMDHTijOYTL1udBivSvS7I9XjFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:bdf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:09:1a:c0:5a:2e:ee:f0:c1:72:21:59:26:6d:02:f6:a1:90:
         a4:fa:7a:7b:b6:4c:88:43:73:9c:ba:b5:1f:a4:83:b5:4c:7c:
         19:fc:f3:2f:73:d8:2e:ac:c8:88:20:74:1b:bb:b4:a9:7d:e9:
         70:df:2a:da:20:b2:02:18:2e:3d:5b:58:30:dc:9f:12:fa:23:
         df:98:2f:15:1f:42:f1:b2:58:03:e0:0b:1e:4c:69:a8:88:21:
         84:26:14:9a:ff:57:b7:89:b3:20:7e:02:3a:02:a0:d7:d1:55:
         65:73:b5:10:eb:49:a7:31:d0:0b:60:e8:af:2a:aa:17:fd:82:
         43:29:e0:51:00:fd:10:85:a6:d5:ce:dd:ff:da:db:6d:1e:5f:
         02:99:41:ce:9a:1c:cc:ab:d3:1a:9e:38:64:c7:78:f2:8d:94:
         84:9a:43:11:53:7e:c8:82:44:08:5e:d5:08:da:d1:d8:13:be:
         bb:98:6e:b6:81:8f:64:23:6c:18:6c:88:35:98:96:a2:a8:7a:
         56:72:b9:d1:19:0a:d3:2c:76:ff:09:da:24:73:2e:a7:30:18:
         d3:0c:00:c9:ca:4d:0a:ce:8e:d6:27:c1:9d:23:17:cb:3a:e0:
         f4:5a:56:51:f6:eb:f2:0e:f8:fd:b8:c3:5d:24:0c:55:d6:42:
         06:4f:f1:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0xsJIM6zIWXouiznmTN+4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTIyMTUwMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMwYzc0ZTI4Y2U2MTMyZjViOWQwNjJiZDJiZDJlYzhmNTc4YzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPZ1LBA739fEH2YOUZbnBxNVL4iH
QCokmJxaVUh9QxjLpZGn7ttoR6RtyXDFrASEozkM7X4ZuvVmYUgAe+Kh/eoyL8NY
kGFJXqmZPABeiOB+AiQLYy8dAcA2u9FxWUZMMnplOIOLLh88cF9mrpULY9Zi3yNe
U3390SI3Q9OW4ngBSDlezVRsPUCf9nWjuISwVpxhLImLbcREl/GizDlBsdZRvx8X
DZjpDfDlx8soeBrnZJ9itG+srIQS0m7lETyJiffO2bUMhioM4tQyEBKB5axYrkHL
92b95rAQzuafE74FSCe7dpYGNKXu03pNY195tM50qiqhXoPfAFUy/Qtc/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFITAx04ozmEy9bnQYr0r0uyPV4xYMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvaE1ESFRpak9ZVEwxdWRCaXZTdlM3STlYakZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0hRr3w
MA0GCSqGSIb3DQEBCwUAA4IBAQBLCRrAWi7u8MFyIVkmbQL2oZCk+np7tkyIQ3Oc
urUfpIO1THwZ/PMvc9gurMiIIHQbu7Spfelw3yraILICGC49W1gw3J8S+iPfmC8V
H0LxslgD4AseTGmoiCGEJhSa/1e3ibMgfgI6AqDX0VVlc7UQ60mnMdALYOivKqoX
/YJDKeBRAP0QhabVzt3/2tttHl8CmUHOmhzMq9Manjhkx3jyjZSEmkMRU37IgkQI
XtUI2tHYE767mG62gY9kI2wYbIg1mJaiqHpWcrnRGQrTLHb/Cdokcy6nMBjTDADJ
yk0Kzo7WJ8GdIxfLOuD0WlZR9uvyDvj9uMNdJAxV1kIGT/GB
-----END CERTIFICATE-----