Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/RM5nUicCjS5SIjwY8TLxDieTGqE.roa
File:                     RM5nUicCjS5SIjwY8TLxDieTGqE.roa (raw, json)
Hash identifier:          OW95oF/0MNw7pddby7ROM/ca7H1uAjdrfNHHvyQLiLQ=
Subject key identifier:   44:CE:67:52:27:02:8D:2E:52:22:3C:18:F1:32:F1:0E:27:93:1A:A1
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E386F737A3238CB47F435D868ED1A
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/RM5nUicCjS5SIjwY8TLxDieTGqE.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207806
IP address blocks:        2a00:7180:8004::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:38:6f:73:7a:32:38:cb:47:f4:35:d8:68:ed:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44ce675227028d2e52223c18f132f10e27931aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4d:8c:b2:f4:b9:f1:9b:ee:fd:60:96:9b:f0:
                    d1:f2:8b:7d:e7:6e:17:26:d1:c2:69:7f:14:1d:da:
                    77:cb:f5:df:79:9e:52:fe:f7:7f:5d:35:bf:6f:ee:
                    4e:65:46:af:6d:7e:9a:2c:db:17:96:8a:34:9f:cd:
                    14:a1:2b:9d:fb:a2:16:e1:f8:1b:9f:6a:fe:d8:f4:
                    92:65:46:d4:d7:85:2b:1e:79:23:b8:13:f3:40:30:
                    68:a7:97:9e:88:8d:47:d5:b7:e9:f7:a9:27:7a:e1:
                    1b:30:3e:d9:92:52:8a:9e:0a:3e:70:ba:93:f6:29:
                    eb:d5:e1:77:2d:fc:f2:48:20:b4:3f:61:46:b9:a0:
                    85:e5:b4:ff:f1:7c:97:e7:32:f3:d3:a7:5f:75:34:
                    8e:b5:5d:78:da:86:bf:9b:16:b8:b6:79:03:30:3d:
                    5a:37:85:ee:c7:6a:04:b7:f1:08:94:34:6d:f0:9f:
                    63:c4:46:de:c9:07:01:68:b6:75:55:6c:6f:99:db:
                    a1:68:b8:6c:f7:77:5a:e7:2e:05:e0:7f:50:b5:8a:
                    6e:21:6b:c6:93:81:b7:c7:17:6d:b3:3f:37:27:dd:
                    f3:2c:3c:54:6e:7a:95:d7:3f:ee:fe:40:10:6f:d3:
                    af:08:c0:6f:fb:41:f8:be:4c:9c:59:40:66:54:0f:
                    0d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CE:67:52:27:02:8D:2E:52:22:3C:18:F1:32:F1:0E:27:93:1A:A1
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/RM5nUicCjS5SIjwY8TLxDieTGqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7180:8004::/46

    Signature Algorithm: sha256WithRSAEncryption
         73:21:46:7b:81:99:52:df:0f:8e:02:8c:f4:1e:f6:7c:f8:2b:
         c8:03:54:f9:b6:42:8d:0b:87:35:5a:d1:7a:b1:95:0f:12:80:
         94:4a:da:68:1d:d3:5d:89:44:2f:a8:92:8c:5d:41:c3:a1:c0:
         04:a6:90:c8:fa:35:ee:11:0a:c7:2d:65:dc:2a:13:93:d8:70:
         67:d0:a4:ee:f8:7f:b2:e9:49:2c:85:c7:c4:c5:c9:7b:a2:33:
         93:8b:27:91:00:f1:3f:56:b6:20:4f:fa:16:5c:c2:62:a6:d3:
         d8:21:9d:41:f6:56:39:76:34:8d:7c:38:3b:20:a3:5e:17:64:
         a9:80:1c:91:77:f1:44:0d:51:f5:00:27:70:bc:cb:0a:02:88:
         f0:db:80:64:52:16:4f:96:24:78:f6:f1:fc:1f:d3:82:a8:c1:
         98:8f:57:b2:a6:21:cd:9d:69:f2:ba:32:e0:7f:57:54:d4:ab:
         2f:7c:df:30:f4:f7:20:3f:db:72:91:ba:98:7d:b6:0c:62:0e:
         c6:56:e4:eb:52:16:6a:62:24:ff:ec:1b:c0:53:6f:62:95:2a:
         ca:e4:cf:8b:47:8a:63:87:fb:52:bb:88:79:d3:d1:17:9b:22:
         4b:a7:65:07:31:f0:71:ac:f1:74:10:7c:6d:de:13:79:db:10:
         50:b9:44:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTjhvc3oyOMtH9DXYaO0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNlNjc1MjI3MDI4ZDJlNTIyMjNjMThmMTMyZjEwZTI3OTMxYWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk2MsvS58Zvu/WCWm/DR8ot9524X
JtHCaX8UHdp3y/XfeZ5S/vd/XTW/b+5OZUavbX6aLNsXloo0n80UoSud+6IW4fgb
n2r+2PSSZUbU14UrHnkjuBPzQDBop5eeiI1H1bfp96kneuEbMD7ZklKKngo+cLqT
9inr1eF3LfzySCC0P2FGuaCF5bT/8XyX5zLz06dfdTSOtV142oa/mxa4tnkDMD1a
N4Xux2oEt/EIlDRt8J9jxEbeyQcBaLZ1VWxvmduhaLhs93da5y4F4H9QtYpuIWvG
k4G3xxdtsz83J93zLDxUbnqV1z/u/kAQb9OvCMBv+0H4vkycWUBmVA8N7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFETOZ1InAo0uUiI8GPEy8Q4nkxqhMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvUk01blVpY0NqUzVTSWp3WThUTHhEaWVUR3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgBxgIAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBzIUZ7gZlS3w+OAoz0HvZ8+CvIA1T5tkKNC4c1
WtF6sZUPEoCUStpoHdNdiUQvqJKMXUHDocAEppDI+jXuEQrHLWXcKhOT2HBn0KTu
+H+y6UkshcfExcl7ojOTiyeRAPE/VrYgT/oWXMJiptPYIZ1B9lY5djSNfDg7IKNe
F2SpgByRd/FEDVH1ACdwvMsKAojw24BkUhZPliR49vH8H9OCqMGYj1eypiHNnWny
ujLgf1dU1KsvfN8w9PcgP9tykbqYfbYMYg7GVuTrUhZqYiT/7BvAU29ilSrK5M+L
R4pjh/tSu4h509EXmyJLp2UHMfBxrPF0EHxt3hN52xBQuUT1
-----END CERTIFICATE-----