Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/ec0981-d682-4f7b-b210-5c2d265705e0/1/rpJlFKHX0bvrtrRh069h-O8gnn8.roa
File:                     rpJlFKHX0bvrtrRh069h-O8gnn8.roa (raw, json)
Hash identifier:          Pans5HqmYp31XmbbkDXi0mMO4VX3DUqSP+1xGLRTTNg=
Subject key identifier:   AE:92:65:14:A1:D7:D1:BB:EB:B6:B4:61:D3:AF:61:F8:EF:20:9E:7F
Certificate issuer:       /CN=882fa01902f4e8c347f2116e4645da1a6b4e0962
Certificate serial:       018CC26D0C45F6EA8E5F97A5483B7527B0C4
Authority key identifier: 88:2F:A0:19:02:F4:E8:C3:47:F2:11:6E:46:45:DA:1A:6B:4E:09:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iC-gGQL06MNH8hFuRkXaGmtOCWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/ec0981-d682-4f7b-b210-5c2d265705e0/1/rpJlFKHX0bvrtrRh069h-O8gnn8.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216348
IP address blocks:        2a0a:9740:dead::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/ec0981-d682-4f7b-b210-5c2d265705e0/1/iC-gGQL06MNH8hFuRkXaGmtOCWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/ec0981-d682-4f7b-b210-5c2d265705e0/1/iC-gGQL06MNH8hFuRkXaGmtOCWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iC-gGQL06MNH8hFuRkXaGmtOCWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0c:45:f6:ea:8e:5f:97:a5:48:3b:75:27:b0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=882fa01902f4e8c347f2116e4645da1a6b4e0962
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae926514a1d7d1bbebb6b461d3af61f8ef209e7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b1:a4:c2:6f:4c:ec:50:f3:ad:0c:e9:c2:8a:
                    d1:ae:13:d5:b4:5b:77:9e:df:ba:97:29:01:9e:8a:
                    7c:bd:7a:3a:4d:1b:b3:e6:b0:89:ef:67:ec:9b:72:
                    90:a4:3f:f9:54:ec:d9:cb:3e:95:c9:9b:99:18:5e:
                    53:39:8c:62:98:0b:4b:2e:db:63:74:42:68:95:4f:
                    76:b3:b7:cd:55:aa:2d:48:3e:e5:98:6d:53:b4:1f:
                    85:5f:fd:c4:50:18:58:b1:88:94:82:8e:fe:da:8e:
                    42:a8:41:7c:91:57:6e:56:e2:aa:da:0b:48:2c:08:
                    c9:40:d2:ba:dd:56:bd:cc:b8:7b:4b:57:9c:98:d4:
                    b0:f1:a8:03:17:e6:c0:1f:84:90:72:36:27:aa:42:
                    39:20:38:d1:26:2b:e2:f3:00:40:65:95:da:fb:26:
                    bf:02:9c:7c:57:5c:16:38:65:25:58:30:7b:1f:88:
                    02:f6:9a:bc:d8:d4:63:55:92:7d:ba:68:25:51:6a:
                    47:1f:63:c0:07:85:1c:56:d9:c3:ff:4d:61:5b:9e:
                    14:b2:28:27:1a:35:7f:19:81:5c:e3:ca:39:f0:43:
                    02:2c:62:48:b5:db:bd:23:32:76:48:d5:c1:48:df:
                    12:57:f9:98:3e:57:e7:70:a3:e4:90:14:16:51:4b:
                    3e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:92:65:14:A1:D7:D1:BB:EB:B6:B4:61:D3:AF:61:F8:EF:20:9E:7F
            X509v3 Authority Key Identifier:
                keyid:88:2F:A0:19:02:F4:E8:C3:47:F2:11:6E:46:45:DA:1A:6B:4E:09:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iC-gGQL06MNH8hFuRkXaGmtOCWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/ec0981-d682-4f7b-b210-5c2d265705e0/1/rpJlFKHX0bvrtrRh069h-O8gnn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/ec0981-d682-4f7b-b210-5c2d265705e0/1/iC-gGQL06MNH8hFuRkXaGmtOCWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9740:dead::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:9d:a9:db:41:bb:09:15:6f:71:49:dc:97:24:5c:23:ff:3d:
         c3:bb:0b:56:04:8e:26:4f:0a:bc:e3:d0:6c:85:e1:f6:34:5c:
         ff:a4:bb:37:6d:69:9d:02:c8:4a:4d:a9:6e:e6:a3:99:d7:14:
         44:f3:43:41:4e:dc:6e:84:25:d5:dd:f2:22:f1:38:16:9c:32:
         a3:b4:84:85:f1:d2:49:4c:de:10:5b:f0:02:20:fc:09:49:0c:
         f7:7a:4c:c9:cf:1d:35:9f:d6:e0:84:aa:11:69:f4:63:4e:56:
         a8:5f:34:f5:78:86:b7:a9:6c:3d:7f:05:e4:ee:1b:23:d0:0b:
         2b:e3:09:f0:ea:f6:ef:92:e2:c2:17:d9:c6:f8:77:82:27:c9:
         69:5e:f5:c8:b8:7d:04:48:f6:6f:4f:26:fa:26:b9:32:c1:48:
         f6:b6:7d:4c:f5:7d:34:a9:19:96:33:e4:8f:6a:26:c0:8a:6a:
         19:88:01:80:3c:ae:17:c0:bb:7c:1f:91:ab:1f:4e:70:aa:e8:
         9a:e9:24:b1:65:af:e9:71:92:f0:9a:2e:95:93:d7:c0:e8:8f:
         65:bd:72:9d:b1:76:e9:9f:f4:67:1b:4b:10:6f:53:4e:b3:86:
         98:b9:dd:4c:a9:8e:fd:ae:10:cf:2b:79:77:01:5a:ca:17:90:
         c9:16:59:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbQxF9uqOX5elSDt1J7DEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MmZhMDE5MDJmNGU4YzM0N2YyMTE2ZTQ2NDVkYTFhNmI0
ZTA5NjIwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkyNjUxNGExZDdkMWJiZWJiNmI0NjFkM2FmNjFmOGVmMjA5ZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07Gkwm9M7FDzrQzpworRrhPVtFt3
nt+6lykBnop8vXo6TRuz5rCJ72fsm3KQpD/5VOzZyz6VyZuZGF5TOYximAtLLttj
dEJolU92s7fNVaotSD7lmG1TtB+FX/3EUBhYsYiUgo7+2o5CqEF8kVduVuKq2gtI
LAjJQNK63Va9zLh7S1ecmNSw8agDF+bAH4SQcjYnqkI5IDjRJivi8wBAZZXa+ya/
Apx8V1wWOGUlWDB7H4gC9pq82NRjVZJ9umglUWpHH2PAB4UcVtnD/01hW54Usign
GjV/GYFc48o58EMCLGJItdu9IzJ2SNXBSN8SV/mYPlfncKPkkBQWUUs+qwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK6SZRSh19G767a0YdOvYfjvIJ5/MB8GA1UdIwQY
MBaAFIgvoBkC9OjDR/IRbkZF2hprTgliMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUMtZ0dRTDA2TU5IOGhGdVJrWGFHbXRPQ1dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9lYzA5ODEtZDY4Mi00ZjdiLWIyMTAt
NWMyZDI2NTcwNWUwLzEvcnBKbEZLSFgwYnZydHJSaDA2OWgtTzhnbm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9lYzA5ODEtZDY4Mi00ZjdiLWIyMTAtNWMyZDI2NTcwNWUw
LzEvaUMtZ0dRTDA2TU5IOGhGdVJrWGFHbXRPQ1dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgqXQN6t
MA0GCSqGSIb3DQEBCwUAA4IBAQCenanbQbsJFW9xSdyXJFwj/z3DuwtWBI4mTwq8
49BsheH2NFz/pLs3bWmdAshKTalu5qOZ1xRE80NBTtxuhCXV3fIi8TgWnDKjtISF
8dJJTN4QW/ACIPwJSQz3ekzJzx01n9bghKoRafRjTlaoXzT1eIa3qWw9fwXk7hsj
0Asr4wnw6vbvkuLCF9nG+HeCJ8lpXvXIuH0ESPZvTyb6JrkywUj2tn1M9X00qRmW
M+SPaibAimoZiAGAPK4XwLt8H5GrH05wquia6SSxZa/pcZLwmi6Vk9fA6I9lvXKd
sXbpn/RnG0sQb1NOs4aYud1MqY79rhDPK3l3AVrKF5DJFlkf
-----END CERTIFICATE-----