Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/vZ0_0hWvEtmyAIwFTfdArKvJD2M.roa
File:                     vZ0_0hWvEtmyAIwFTfdArKvJD2M.roa (raw, json)
Hash identifier:          YGGwCnbnRh2vy6e1LhCArIWq5wWZ1dc4lpmvBwIeMJg=
Subject key identifier:   BD:9D:3F:D2:15:AF:12:D9:B2:00:8C:05:4D:F7:40:AC:AB:C9:0F:63
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018F58AFA390FE5945D5C934FCBFA75E3E22
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/vZ0_0hWvEtmyAIwFTfdArKvJD2M.roa
Signing time:             Wed 08 May 2024 14:50:56 +0000
ROA not before:           Wed 08 May 2024 14:50:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214944
IP address blocks:        2a0d:2146:bdd0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 04:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:af:a3:90:fe:59:45:d5:c9:34:fc:bf:a7:5e:3e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: May  8 14:50:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd9d3fd215af12d9b2008c054df740acabc90f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:da:d9:03:91:69:78:60:30:05:63:c4:5d:17:
                    0a:d1:e9:eb:65:10:9d:51:86:ea:f0:5a:9c:80:f4:
                    15:b8:9d:36:0b:6c:f4:b3:7b:56:e7:bf:f5:91:7e:
                    57:e2:24:c0:39:36:47:46:9e:46:6f:a1:b7:a2:c3:
                    5d:70:51:c3:37:4a:cd:1c:0f:98:ad:23:36:13:32:
                    d3:0d:af:2f:c1:59:93:19:35:21:5b:ab:b9:7a:64:
                    f2:0c:ef:ac:11:7b:df:fd:08:f4:48:0d:ee:a9:7f:
                    99:a6:ac:0c:f7:03:ac:7e:49:f8:c3:ef:84:3a:2b:
                    e8:82:73:07:e1:cc:45:71:b4:40:0f:d7:15:98:98:
                    22:bf:7b:3b:9f:48:17:23:35:e3:94:24:bf:e2:79:
                    f3:d6:5a:a5:01:db:a2:f8:e8:f4:92:06:e2:f3:5b:
                    11:24:88:20:b5:15:6f:9a:41:72:a3:d8:e9:86:d8:
                    9d:d0:6d:aa:38:0c:e2:32:1b:ba:e3:bd:26:27:94:
                    0f:a1:51:eb:6f:ff:21:d9:c9:81:93:ea:f8:69:9d:
                    61:ba:cd:61:73:62:35:ca:9c:ad:ba:c6:ac:d1:80:
                    d9:aa:8c:5b:c9:67:aa:f3:2f:24:7b:37:bc:38:97:
                    ce:3c:0b:3a:24:05:60:23:8b:d2:c3:f1:63:51:83:
                    02:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9D:3F:D2:15:AF:12:D9:B2:00:8C:05:4D:F7:40:AC:AB:C9:0F:63
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/vZ0_0hWvEtmyAIwFTfdArKvJD2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:bdd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:04:82:a8:86:34:c5:8e:3b:ba:de:5f:10:21:e5:c9:d4:d5:
         26:af:fc:45:5c:37:82:4d:15:11:28:94:11:17:ad:8f:9f:1b:
         b3:ef:91:4e:9a:35:96:8e:9b:fe:d7:80:ac:04:e2:46:60:72:
         df:a3:f7:cc:27:6b:68:f2:e2:6b:49:66:0f:cf:09:14:2b:5b:
         df:d6:bc:2b:df:a5:bb:93:50:50:07:6d:70:98:62:6b:be:56:
         4a:9d:a4:8e:92:0c:31:54:0d:43:10:5f:ca:b2:4f:c9:9f:a3:
         63:c1:8f:78:e6:18:2d:f0:9b:0f:d6:1d:33:21:5d:4b:31:6d:
         a8:36:94:4f:6d:01:b6:0a:4b:65:05:6c:40:da:64:26:51:91:
         d7:a2:33:36:69:55:ca:2c:24:b4:36:ca:5c:e5:a0:4c:c0:65:
         2c:e0:91:46:d5:58:c3:73:62:25:b8:de:15:04:e0:2c:a1:5b:
         02:d5:dc:c9:f0:4f:6b:e8:5b:80:aa:3e:e5:a4:88:43:25:6f:
         ab:a7:a4:62:5d:e9:d9:f8:33:1a:80:7b:cd:c4:c8:34:87:cb:
         c7:74:c2:e1:1a:f7:4c:4a:61:70:86:8c:50:83:85:41:43:fe:
         bd:55:c2:33:13:8c:3c:59:5a:11:a4:e9:63:db:e8:df:08:28:
         e3:65:a4:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9Yr6OQ/llF1ck0/L+nXj4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwNTA4MTQ1MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDlkM2ZkMjE1YWYxMmQ5YjIwMDhjMDU0ZGY3NDBhY2FiYzkwZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstrZA5FpeGAwBWPEXRcK0enrZRCd
UYbq8FqcgPQVuJ02C2z0s3tW57/1kX5X4iTAOTZHRp5Gb6G3osNdcFHDN0rNHA+Y
rSM2EzLTDa8vwVmTGTUhW6u5emTyDO+sEXvf/Qj0SA3uqX+ZpqwM9wOsfkn4w++E
OivognMH4cxFcbRAD9cVmJgiv3s7n0gXIzXjlCS/4nnz1lqlAdui+Oj0kgbi81sR
JIggtRVvmkFyo9jphtid0G2qOAziMhu6470mJ5QPoVHrb/8h2cmBk+r4aZ1hus1h
c2I1ypytusas0YDZqoxbyWeq8y8keze8OJfOPAs6JAVgI4vSw/FjUYMC/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL2dP9IVrxLZsgCMBU33QKyryQ9jMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvdlowXzBoV3ZFdG15QUl3RlRmZEFyS3ZKRDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0hRr3Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCOBIKohjTFjju63l8QIeXJ1NUmr/xFXDeCTRUR
KJQRF62Pnxuz75FOmjWWjpv+14CsBOJGYHLfo/fMJ2to8uJrSWYPzwkUK1vf1rwr
36W7k1BQB21wmGJrvlZKnaSOkgwxVA1DEF/Ksk/Jn6NjwY945hgt8JsP1h0zIV1L
MW2oNpRPbQG2CktlBWxA2mQmUZHXojM2aVXKLCS0Nspc5aBMwGUs4JFG1VjDc2Il
uN4VBOAsoVsC1dzJ8E9r6FuAqj7lpIhDJW+rp6RiXenZ+DMagHvNxMg0h8vHdMLh
GvdMSmFwhoxQg4VBQ/69VcIzE4w8WVoRpOlj2+jfCCjjZaTw
-----END CERTIFICATE-----