Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/pTeRKfhcRIJBSc5JcDYXBxisBPc.roa
File:                     pTeRKfhcRIJBSc5JcDYXBxisBPc.roa (raw, json)
Hash identifier:          cfkCiUEWfeCU+WG94MZVuMVUac2Ghjv4EqvoTeu37qg=
Subject key identifier:   A5:37:91:29:F8:5C:44:82:41:49:CE:49:70:36:17:07:18:AC:04:F7
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018CC4936B0857911CEB9586E57A1725F1FF
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/pTeRKfhcRIJBSc5JcDYXBxisBPc.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0d:2146:848a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6b:08:57:91:1c:eb:95:86:e5:7a:17:25:f1:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5379129f85c44824149ce497036170718ac04f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2d:73:a3:12:a7:89:8f:a7:9c:e1:91:41:68:
                    fe:1e:76:48:6f:b3:fe:7f:60:1d:f5:6d:16:23:0d:
                    be:7f:b5:c1:1a:95:f4:3e:e5:7d:e6:4c:3a:df:17:
                    74:0b:fc:ff:2a:e8:de:83:3e:b8:93:07:55:29:cd:
                    77:7b:33:6e:46:95:9a:45:b3:13:89:c3:81:31:7b:
                    39:f4:83:19:d4:08:1c:dc:c4:e3:2a:b0:d2:00:a0:
                    74:55:4d:dc:19:60:8b:dc:41:55:26:1c:ff:0f:7e:
                    0d:55:47:cf:5e:20:89:1b:83:e3:80:42:6f:67:bc:
                    11:1b:d0:8c:39:a7:f9:41:a7:15:b2:b2:3e:b8:d9:
                    f2:27:ae:ac:ff:d5:4b:9d:3a:c1:ed:f6:9b:2e:3c:
                    5a:49:77:16:32:9b:86:83:c6:74:ff:0e:a5:5b:6e:
                    b2:44:90:d7:ad:8f:b6:fb:3b:0a:e5:f4:b4:eb:ec:
                    f1:dc:f8:19:12:e4:94:5f:92:44:fb:cf:8b:0d:76:
                    07:97:ea:35:52:1b:2c:c0:70:a2:31:a4:5d:2f:48:
                    b9:55:cc:47:f2:47:fd:0a:e4:55:a9:30:cf:dd:9c:
                    63:09:3c:fd:f7:13:27:ea:22:83:77:35:51:d3:4c:
                    e1:67:63:1f:9c:d4:9c:df:1a:74:1a:1c:a1:b4:02:
                    f4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:37:91:29:F8:5C:44:82:41:49:CE:49:70:36:17:07:18:AC:04:F7
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/pTeRKfhcRIJBSc5JcDYXBxisBPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:848a::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:3a:6b:35:cb:55:5e:72:67:b9:0f:2f:f9:23:a9:52:88:20:
         7a:37:fa:7b:a8:4a:eb:62:7f:f1:0e:28:ad:9b:f2:5d:9d:e6:
         f2:c0:9d:0c:ab:ed:41:f4:bf:7e:dd:f9:fe:9e:e0:17:1e:61:
         2b:c2:32:98:fc:fc:15:3f:75:62:d2:76:2f:01:a5:86:98:87:
         de:3a:d2:0d:17:17:65:41:1d:09:bf:ef:f8:67:66:c9:96:2d:
         3e:84:16:46:04:1f:44:cd:c1:2e:39:d5:c9:9c:75:34:32:09:
         63:00:d1:75:a4:9a:ca:cf:ca:9b:6f:e6:66:9c:23:15:49:50:
         18:af:cb:c1:2e:7a:15:bc:2c:c1:91:3b:c5:73:cd:de:02:bc:
         88:c7:13:62:75:8a:de:4e:e7:d6:9b:47:ca:cb:7c:34:3d:fc:
         c2:88:a8:5f:23:5e:3b:5e:85:12:c2:3e:2c:cb:c5:1c:ff:cc:
         de:32:11:13:72:34:98:2e:9a:fc:0a:bc:3c:cb:2d:d9:f9:ce:
         14:65:9c:ae:39:ec:9a:a3:81:75:f3:1f:66:f0:64:b9:aa:66:
         6c:56:49:36:c0:3f:e5:12:f2:f4:1a:1b:ac:26:69:b2:48:19:
         07:37:cc:0b:e7:fa:ce:00:b7:6d:fd:ac:ad:1d:ac:5f:ff:a6:
         6d:e7:22:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2sIV5Ec65WG5XoXJfH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM3OTEyOWY4NWM0NDgyNDE0OWNlNDk3MDM2MTcwNzE4YWMwNGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgS1zoxKniY+nnOGRQWj+HnZIb7P+
f2Ad9W0WIw2+f7XBGpX0PuV95kw63xd0C/z/Kujegz64kwdVKc13ezNuRpWaRbMT
icOBMXs59IMZ1Agc3MTjKrDSAKB0VU3cGWCL3EFVJhz/D34NVUfPXiCJG4PjgEJv
Z7wRG9CMOaf5QacVsrI+uNnyJ66s/9VLnTrB7fabLjxaSXcWMpuGg8Z0/w6lW26y
RJDXrY+2+zsK5fS06+zx3PgZEuSUX5JE+8+LDXYHl+o1UhsswHCiMaRdL0i5VcxH
8kf9CuRVqTDP3ZxjCTz99xMn6iKDdzVR00zhZ2MfnNSc3xp0GhyhtAL0bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKU3kSn4XESCQUnOSXA2FwcYrAT3MB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvcFRlUktmaGNSSUpCU2M1SmNEWVhCeGlzQlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0hRoSK
MA0GCSqGSIb3DQEBCwUAA4IBAQAMOms1y1Vecme5Dy/5I6lSiCB6N/p7qErrYn/x
Diitm/JdnebywJ0Mq+1B9L9+3fn+nuAXHmErwjKY/PwVP3Vi0nYvAaWGmIfeOtIN
FxdlQR0Jv+/4Z2bJli0+hBZGBB9EzcEuOdXJnHU0MgljANF1pJrKz8qbb+ZmnCMV
SVAYr8vBLnoVvCzBkTvFc83eAryIxxNidYreTufWm0fKy3w0PfzCiKhfI147XoUS
wj4sy8Uc/8zeMhETcjSYLpr8Crw8yy3Z+c4UZZyuOeyao4F18x9m8GS5qmZsVkk2
wD/lEvL0GhusJmmySBkHN8wL5/rOALdt/aytHaxf/6Zt5yJC
-----END CERTIFICATE-----