Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/evIm4RePJd9mM0UyhCd5ZkKOpfw.roa
File:                     evIm4RePJd9mM0UyhCd5ZkKOpfw.roa (raw, json)
Hash identifier:          C3RQcbAOYF8WObsuxXluLg6CgqKHqVz6r4+qNZFItEE=
Subject key identifier:   7A:F2:26:E1:17:8F:25:DF:66:33:45:32:84:27:79:66:42:8E:A5:FC
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018CC2DB5C1113AF810B27DE3BF220D74796
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/evIm4RePJd9mM0UyhCd5ZkKOpfw.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213120
IP address blocks:        2a02:2370:1000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5c:11:13:af:81:0b:27:de:3b:f2:20:d7:47:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7af226e1178f25df6633453284277966428ea5fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:48:ae:7d:d1:be:31:51:c9:5e:89:b4:1b:90:
                    a4:f4:43:af:12:e7:40:bb:5d:57:db:7f:a6:56:4a:
                    dc:be:75:e7:fc:fa:cb:8b:a6:43:10:f3:6e:0e:07:
                    eb:fe:5b:d7:9f:66:5c:58:91:bd:ae:d2:1c:b6:68:
                    16:6f:80:c8:3c:cf:9e:96:7e:41:29:28:0d:10:10:
                    b6:b0:4b:48:bb:f9:94:56:f2:74:c7:27:58:90:a5:
                    b9:82:0c:cd:14:a1:77:3b:a3:75:e8:2d:d0:f4:b6:
                    60:9b:df:67:48:e4:2c:fa:6b:a4:c6:f8:4f:17:35:
                    91:6f:16:b4:fd:f4:d7:48:ca:8b:63:d7:01:51:95:
                    45:ec:45:a1:0f:03:10:64:78:d2:59:1c:a2:e6:2c:
                    91:52:3a:a2:0b:18:72:34:4a:0b:a7:ae:20:48:08:
                    a4:49:db:d5:5e:fa:b4:4b:20:9b:98:6a:f1:a1:1c:
                    df:b2:7a:7c:ac:61:a4:7c:33:ce:5f:b4:ac:53:a9:
                    3d:d0:5c:5d:af:3a:87:98:20:6a:26:c1:f4:a8:60:
                    46:ea:2c:c2:79:f5:80:96:4b:b2:fd:15:78:bd:72:
                    51:dc:a6:42:40:72:bd:14:26:67:f5:9c:27:62:67:
                    d4:9c:6c:66:2c:6a:85:90:c1:22:60:31:2a:73:e0:
                    6e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F2:26:E1:17:8F:25:DF:66:33:45:32:84:27:79:66:42:8E:A5:FC
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/evIm4RePJd9mM0UyhCd5ZkKOpfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2370:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:c0:d4:e4:68:61:48:81:15:9f:d1:b6:53:4f:6c:25:7e:a8:
         ee:e3:37:2c:4b:8d:82:d1:75:bc:40:da:75:81:23:f9:58:9c:
         f8:9b:6c:8b:53:aa:bf:0e:64:6d:05:7b:41:28:ef:99:fd:c5:
         5c:72:0c:1f:de:e6:fe:de:77:7d:39:ae:17:f8:c3:40:a6:0b:
         90:79:9f:61:47:a4:19:a0:88:db:56:db:89:c7:70:6e:b1:d5:
         a3:8b:a5:51:f0:dd:0f:0a:ed:4f:6a:3e:cf:0e:60:7f:1d:c1:
         e0:8e:3e:17:5b:39:51:33:cf:a3:de:42:d2:5b:f1:20:48:36:
         c1:44:fd:e4:e0:9b:cd:c2:c2:5e:ac:4a:fd:df:33:38:be:6c:
         49:65:07:fb:90:58:94:d8:8f:53:e8:0a:e9:db:58:1f:85:64:
         bb:22:04:a6:08:d9:70:fa:e5:c4:b7:6c:c3:39:6e:4c:0c:b4:
         fc:6d:43:dc:88:a2:4c:fc:8d:b5:d7:f6:9e:91:07:af:5c:74:
         94:98:8a:bf:55:54:09:e6:f4:d2:b9:64:d5:67:3c:0e:ad:76:
         83:fc:a0:fa:bf:36:5a:25:f7:23:6c:9f:9f:3f:a5:a3:65:2e:
         70:cf:e7:dd:2c:f0:49:55:21:8c:50:f3:95:de:4b:41:11:22:
         36:b6:53:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21wRE6+BCyfeO/Ig10eWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWYyMjZlMTE3OGYyNWRmNjYzMzQ1MzI4NDI3Nzk2NjQyOGVhNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0iufdG+MVHJXom0G5Ck9EOvEudA
u11X23+mVkrcvnXn/PrLi6ZDEPNuDgfr/lvXn2ZcWJG9rtIctmgWb4DIPM+eln5B
KSgNEBC2sEtIu/mUVvJ0xydYkKW5ggzNFKF3O6N16C3Q9LZgm99nSOQs+mukxvhP
FzWRbxa0/fTXSMqLY9cBUZVF7EWhDwMQZHjSWRyi5iyRUjqiCxhyNEoLp64gSAik
SdvVXvq0SyCbmGrxoRzfsnp8rGGkfDPOX7SsU6k90FxdrzqHmCBqJsH0qGBG6izC
efWAlkuy/RV4vXJR3KZCQHK9FCZn9ZwnYmfUnGxmLGqFkMEiYDEqc+BuDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHryJuEXjyXfZjNFMoQneWZCjqX8MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvZXZJbTRSZVBKZDltTTBVeWhDZDVaa0tPcGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIjcBAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBXwNTkaGFIgRWf0bZTT2wlfqju4zcsS42C0XW8
QNp1gSP5WJz4m2yLU6q/DmRtBXtBKO+Z/cVccgwf3ub+3nd9Oa4X+MNApguQeZ9h
R6QZoIjbVtuJx3BusdWji6VR8N0PCu1Paj7PDmB/HcHgjj4XWzlRM8+j3kLSW/Eg
SDbBRP3k4JvNwsJerEr93zM4vmxJZQf7kFiU2I9T6Arp21gfhWS7IgSmCNlw+uXE
t2zDOW5MDLT8bUPciKJM/I211/aekQevXHSUmIq/VVQJ5vTSuWTVZzwOrXaD/KD6
vzZaJfcjbJ+fP6WjZS5wz+fdLPBJVSGMUPOV3ktBESI2tlMy
-----END CERTIFICATE-----