Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/dBmF1bnYsvdsBOyj2kWDJ1PphCA.roa
File:                     dBmF1bnYsvdsBOyj2kWDJ1PphCA.roa (raw, json)
Hash identifier:          5jTTO+0rdffX/cGbTcrYrBejRpXgIqZfdF4Hjda7/y0=
Subject key identifier:   74:19:85:D5:B9:D8:B2:F7:6C:04:EC:A3:DA:45:83:27:53:E9:84:20
Certificate issuer:       /CN=c2d2a234e224bf87996f2f0df559ead882f9e651
Certificate serial:       018CC8DF80C7C3F188A21A19A7DF614B7A21
Authority key identifier: C2:D2:A2:34:E2:24:BF:87:99:6F:2F:0D:F5:59:EA:D8:82:F9:E6:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/dBmF1bnYsvdsBOyj2kWDJ1PphCA.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200549
IP address blocks:        2a00:5ac0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:80:c7:c3:f1:88:a2:1a:19:a7:df:61:4b:7a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d2a234e224bf87996f2f0df559ead882f9e651
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=741985d5b9d8b2f76c04eca3da45832753e98420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ef:cc:fd:4f:98:7b:26:2e:eb:25:ff:2f:3a:
                    e6:d7:e7:05:c7:67:fb:37:37:3c:c2:01:17:64:9c:
                    89:f2:a5:1b:86:3b:97:bf:3d:a7:49:42:7b:0b:ab:
                    3d:b4:1a:84:76:eb:47:02:98:86:64:ec:d7:b3:a7:
                    4a:67:c0:19:08:b7:6d:cb:9e:08:18:10:dd:93:2e:
                    89:6c:3a:d3:3c:ef:71:cb:86:78:8f:b1:b9:0a:7e:
                    6f:25:13:3f:07:c0:8d:88:e2:57:0d:50:80:e7:b5:
                    e9:85:f6:2f:7b:9c:c9:f3:48:1c:8f:03:08:e6:2d:
                    01:49:ae:6b:44:ba:58:54:42:8c:07:58:24:39:27:
                    6a:2c:43:3b:ca:fe:66:4b:e7:24:09:8e:2a:6a:78:
                    75:8a:68:f2:fd:ee:c8:2d:3c:35:7d:18:ed:0c:04:
                    84:e2:56:9a:cf:3a:52:9f:00:90:8e:b4:a5:a9:dc:
                    d0:a3:b1:33:1c:8f:83:97:3d:ad:e0:bc:23:4b:0d:
                    78:06:43:d8:90:70:cc:de:21:5c:fa:7d:55:b3:d6:
                    49:66:d0:f4:93:6a:b9:bd:cc:a2:eb:1e:5f:d6:c7:
                    9d:0d:92:34:63:45:05:f8:e4:12:fc:f8:52:2a:f1:
                    50:18:b7:b7:71:bd:4c:eb:6b:3e:65:73:d8:46:7b:
                    56:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:19:85:D5:B9:D8:B2:F7:6C:04:EC:A3:DA:45:83:27:53:E9:84:20
            X509v3 Authority Key Identifier:
                keyid:C2:D2:A2:34:E2:24:BF:87:99:6F:2F:0D:F5:59:EA:D8:82:F9:E6:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/dBmF1bnYsvdsBOyj2kWDJ1PphCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:5ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:eb:60:d2:3f:11:d0:a5:3e:a8:62:e2:3f:d0:95:ab:77:ce:
         be:31:ad:e0:01:57:26:f4:29:bd:2d:1b:1d:87:cd:c2:86:7b:
         7e:2b:df:8b:99:c1:14:65:57:12:f9:b7:ea:97:54:6b:ed:10:
         8b:9f:77:23:a3:94:f4:51:f7:3f:b2:4b:83:a1:d8:fb:1d:fa:
         68:0f:48:b5:cd:d3:eb:31:fe:96:97:14:46:63:88:5d:8d:57:
         bd:f6:df:f9:d7:4a:bb:bf:49:da:95:e5:25:c5:1e:aa:26:35:
         4c:42:5d:f9:3c:6b:83:59:3b:37:3b:a5:f0:cc:df:d5:b1:72:
         93:0d:45:e7:5b:15:f0:0d:ad:d4:19:39:82:9d:cb:f5:af:28:
         93:b1:63:6d:a7:2a:19:65:2f:8a:c1:8e:b0:dd:fc:06:fc:3d:
         7d:17:d4:42:f9:e5:a5:74:f2:0c:b9:54:29:4c:85:42:ba:65:
         ce:91:87:ff:2b:d5:06:8a:a2:a5:ad:f2:8b:68:c1:89:28:6c:
         58:54:6a:ce:d9:2c:c2:a4:c1:f9:e6:91:0a:eb:94:d0:02:c0:
         e0:7f:a3:81:75:23:11:2d:db:34:7e:c4:79:3b:6c:f8:65:ec:
         c9:61:9e:e2:7d:81:0c:d4:51:cc:00:af:4c:5b:c7:a7:17:03:
         c5:04:98:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI34DHw/GIohoZp99hS3ohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDJhMjM0ZTIyNGJmODc5OTZmMmYwZGY1NTllYWQ4ODJm
OWU2NTEwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDE5ODVkNWI5ZDhiMmY3NmMwNGVjYTNkYTQ1ODMyNzUzZTk4NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAge/M/U+YeyYu6yX/Lzrm1+cFx2f7
Nzc8wgEXZJyJ8qUbhjuXvz2nSUJ7C6s9tBqEdutHApiGZOzXs6dKZ8AZCLdty54I
GBDdky6JbDrTPO9xy4Z4j7G5Cn5vJRM/B8CNiOJXDVCA57XphfYve5zJ80gcjwMI
5i0BSa5rRLpYVEKMB1gkOSdqLEM7yv5mS+ckCY4qanh1imjy/e7ILTw1fRjtDASE
4laazzpSnwCQjrSlqdzQo7EzHI+Dlz2t4LwjSw14BkPYkHDM3iFc+n1Vs9ZJZtD0
k2q5vcyi6x5f1sedDZI0Y0UF+OQS/PhSKvFQGLe3cb1M62s+ZXPYRntWzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQZhdW52LL3bATso9pFgydT6YQgMB8GA1UdIwQY
MBaAFMLSojTiJL+HmW8vDfVZ6tiC+eZRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RLaU5PSWt2NGVaYnk4TjlWbnEySUw1NWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWVlNGItZTg4YS00ZTQxLWE2MTYt
NGIyNDhkYTZjOTZjLzEvZEJtRjFibllzdmRzQk95ajJrV0RKMVBwaENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kMWVlNGItZTg4YS00ZTQxLWE2MTYtNGIyNDhkYTZjOTZj
LzEvd3RLaU5PSWt2NGVaYnk4TjlWbnEySUw1NWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgBawAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCq62DSPxHQpT6oYuI/0JWrd86+Ma3gAVcm9Cm9
LRsdh83Chnt+K9+LmcEUZVcS+bfql1Rr7RCLn3cjo5T0Ufc/skuDodj7HfpoD0i1
zdPrMf6WlxRGY4hdjVe99t/510q7v0naleUlxR6qJjVMQl35PGuDWTs3O6XwzN/V
sXKTDUXnWxXwDa3UGTmCncv1ryiTsWNtpyoZZS+KwY6w3fwG/D19F9RC+eWldPIM
uVQpTIVCumXOkYf/K9UGiqKlrfKLaMGJKGxYVGrO2SzCpMH55pEK65TQAsDgf6OB
dSMRLds0fsR5O2z4ZezJYZ7ifYEM1FHMAK9MW8enFwPFBJj0
-----END CERTIFICATE-----