Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/tbhi90PfKtbb7Md8UKRp2Y3od8Y.roa
File:                     tbhi90PfKtbb7Md8UKRp2Y3od8Y.roa (raw, json)
Hash identifier:          VG/sVY4w7lGzye+QDRjT43fpsIt8OXte8CU6ajTYv8o=
Subject key identifier:   B5:B8:62:F7:43:DF:2A:D6:DB:EC:C7:7C:50:A4:69:D9:8D:E8:77:C6
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       018CC5DC302545479068A1A70CF4756B578D
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/tbhi90PfKtbb7Md8UKRp2Y3od8Y.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0e:9846::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:30:25:45:47:90:68:a1:a7:0c:f4:75:6b:57:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5b862f743df2ad6dbecc77c50a469d98de877c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5f:38:70:b8:d5:81:5b:85:5f:a8:42:7b:58:
                    d3:c3:18:86:fa:1c:11:f9:78:05:d0:73:c6:3d:bb:
                    73:6f:de:f1:64:82:f3:a9:ba:30:fd:81:24:47:f6:
                    bd:3a:38:c1:42:22:88:a8:38:76:b2:04:b6:e4:f9:
                    29:9e:c2:24:15:19:84:d1:dd:97:24:3a:71:e7:09:
                    32:77:23:54:a8:50:6b:c2:23:f6:ca:4d:fd:f7:4c:
                    dc:b4:ce:87:88:25:67:2c:0c:d0:89:7f:cb:ff:34:
                    07:64:9c:91:99:6c:5c:05:b0:3c:12:af:a6:f7:08:
                    e8:d5:10:d6:ef:66:bf:24:e1:6e:cd:7f:77:09:85:
                    82:09:55:be:cb:0a:8d:3e:ef:9f:82:fe:97:7e:1e:
                    d5:7f:cc:e4:3c:b4:ff:71:ee:69:b5:4b:33:3b:7c:
                    c9:bf:cb:07:7e:39:52:5f:5d:40:8e:10:14:bf:cf:
                    45:2b:6a:bf:4b:ab:a9:d6:cd:55:e6:9f:ed:b5:c5:
                    2d:35:f3:8f:70:4d:56:bd:2f:3b:a5:03:b8:9f:07:
                    3a:4c:33:29:67:c4:f5:cf:d5:b6:50:71:82:76:3c:
                    0b:90:74:6d:67:4d:4f:da:31:02:c0:7a:dc:ea:41:
                    41:de:fd:b7:21:21:aa:4b:c4:57:bb:e1:09:20:32:
                    95:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B8:62:F7:43:DF:2A:D6:DB:EC:C7:7C:50:A4:69:D9:8D:E8:77:C6
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/tbhi90PfKtbb7Md8UKRp2Y3od8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9846::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:3d:ae:40:a1:eb:a3:64:24:d6:41:bd:e0:26:81:ad:d2:24:
         50:f7:18:52:92:c3:5a:c4:64:27:25:5e:ca:11:e4:92:9f:f7:
         01:02:34:62:56:7e:38:eb:48:05:be:3e:f5:6f:ff:38:51:25:
         c8:f3:5d:71:6b:a5:19:6d:5b:85:6f:31:61:d0:68:9b:b0:67:
         f3:68:98:33:5e:32:eb:77:03:df:3a:59:cb:6b:b6:78:ad:59:
         d5:b8:e7:8e:34:a5:3d:e7:34:0c:2d:af:69:97:45:55:d9:73:
         71:08:6a:f9:fc:8e:68:d0:be:99:13:a4:8e:9b:a0:11:d3:fe:
         8d:59:a4:61:0e:52:22:85:3f:c1:33:80:31:29:73:50:db:ed:
         c8:0f:8b:88:5e:9e:12:e4:11:db:11:38:aa:ff:9a:5b:7d:e5:
         b2:99:22:34:0a:0c:99:20:f7:56:09:77:35:2b:0e:63:8b:32:
         70:a6:0c:86:c1:92:1e:fe:f6:ef:b5:26:52:97:aa:f1:31:12:
         61:4b:b1:32:94:98:08:4d:16:07:d1:d0:c8:57:0c:e5:5b:22:
         1f:d7:1a:a1:98:03:a9:32:27:29:36:d0:d0:f4:58:33:52:81:
         02:9a:55:26:04:74:26:58:45:21:a9:d7:da:1e:ee:6e:2c:33:
         d2:c3:db:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3DAlRUeQaKGnDPR1a1eNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI4NjJmNzQzZGYyYWQ2ZGJlY2M3N2M1MGE0NjlkOThkZTg3N2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV84cLjVgVuFX6hCe1jTwxiG+hwR
+XgF0HPGPbtzb97xZILzqbow/YEkR/a9OjjBQiKIqDh2sgS25PkpnsIkFRmE0d2X
JDpx5wkydyNUqFBrwiP2yk3990zctM6HiCVnLAzQiX/L/zQHZJyRmWxcBbA8Eq+m
9wjo1RDW72a/JOFuzX93CYWCCVW+ywqNPu+fgv6Xfh7Vf8zkPLT/ce5ptUszO3zJ
v8sHfjlSX11AjhAUv89FK2q/S6up1s1V5p/ttcUtNfOPcE1WvS87pQO4nwc6TDMp
Z8T1z9W2UHGCdjwLkHRtZ01P2jECwHrc6kFB3v23ISGqS8RXu+EJIDKVUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLW4YvdD3yrW2+zHfFCkadmN6HfGMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvdGJoaTkwUGZLdGJiN01kOFVLUnAyWTNvZDhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6YRjAN
BgkqhkiG9w0BAQsFAAOCAQEAMj2uQKHro2Qk1kG94CaBrdIkUPcYUpLDWsRkJyVe
yhHkkp/3AQI0YlZ+OOtIBb4+9W//OFElyPNdcWulGW1bhW8xYdBom7Bn82iYM14y
63cD3zpZy2u2eK1Z1bjnjjSlPec0DC2vaZdFVdlzcQhq+fyOaNC+mROkjpugEdP+
jVmkYQ5SIoU/wTOAMSlzUNvtyA+LiF6eEuQR2xE4qv+aW33lspkiNAoMmSD3Vgl3
NSsOY4sycKYMhsGSHv7277UmUpeq8TESYUuxMpSYCE0WB9HQyFcM5VsiH9caoZgD
qTInKTbQ0PRYM1KBAppVJgR0JlhFIanX2h7ubiwz0sPb6Q==
-----END CERTIFICATE-----