Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/h5617KiU_laZPM4BapdA6t5fmTo.roa
File:                     h5617KiU_laZPM4BapdA6t5fmTo.roa (raw, json)
Hash identifier:          Ble6LK/YR6MsKYIlkX40uQ+fmsRwJdbLAbkA+eP3Cnw=
Subject key identifier:   87:9E:B5:EC:A8:94:FE:56:99:3C:CE:01:6A:97:40:EA:DE:5F:99:3A
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       018CC42485C7FC95853B95C0725D3A8130EE
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/h5617KiU_laZPM4BapdA6t5fmTo.roa
Signing time:             Mon 01 Jan 2024 08:29:37 +0000
ROA not before:           Mon 01 Jan 2024 08:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210541
IP address blocks:        2a0e:3303::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:85:c7:fc:95:85:3b:95:c0:72:5d:3a:81:30:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  1 08:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=879eb5eca894fe56993cce016a9740eade5f993a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:57:0c:6f:27:f4:64:32:90:ba:ae:3d:88:98:
                    84:4d:3a:0f:55:36:e4:bf:e2:74:a8:87:dc:60:b4:
                    bb:6c:3c:d7:03:63:90:3f:e9:8c:a5:28:7d:34:c7:
                    7f:81:6d:65:75:fa:99:54:13:98:dd:f9:8a:23:7e:
                    05:f9:8a:03:58:d9:ae:e5:58:2d:c3:94:9c:29:a1:
                    c0:5f:87:9b:ec:8f:30:4e:05:33:78:71:7f:71:e5:
                    3a:fa:e1:51:9e:14:f8:82:2f:e4:2f:93:e7:a0:dc:
                    4c:41:45:88:1a:c3:bf:ee:66:09:cc:8b:47:f1:00:
                    5a:90:ad:39:c2:e9:83:87:29:1a:3b:23:36:dd:4a:
                    c0:d8:75:91:91:bb:41:3a:41:ae:26:22:60:b4:df:
                    30:e8:91:d6:8f:ea:fb:ef:cf:e1:d1:ec:eb:00:1f:
                    c8:c0:1e:73:3c:c7:7b:72:cb:8b:de:b5:3b:b4:29:
                    db:9f:40:79:71:93:df:d0:8b:07:04:41:48:f9:f1:
                    4d:e4:d0:82:cf:eb:da:44:8d:37:c5:f9:87:1e:15:
                    4c:1d:5d:6c:3b:05:e0:c1:7f:23:22:29:e4:62:81:
                    83:9b:32:98:bb:2b:71:48:0b:fa:fd:86:47:9c:1b:
                    46:ed:4c:15:ce:b5:87:3d:a7:83:78:ea:07:7f:71:
                    ec:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:9E:B5:EC:A8:94:FE:56:99:3C:CE:01:6A:97:40:EA:DE:5F:99:3A
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/h5617KiU_laZPM4BapdA6t5fmTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:3303::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:72:26:11:12:0d:22:22:ff:fd:3e:14:a8:2e:c3:64:6e:bd:
         67:3b:39:95:a1:94:8e:3e:53:f2:2f:58:71:25:c5:90:80:17:
         30:c6:28:3f:d1:66:bd:cb:61:92:cd:94:71:f9:b4:97:7d:50:
         2a:a5:f0:70:06:ff:21:03:26:cc:92:64:fd:58:08:76:75:e2:
         42:3a:fe:98:77:40:2d:b9:6a:b8:8b:a5:f2:04:06:dc:fb:4b:
         e7:52:8c:bb:be:7f:c5:ef:f3:c7:ec:73:49:02:43:9a:3a:2e:
         43:60:61:8e:28:f5:36:f5:3d:38:31:21:72:6a:aa:21:6b:bc:
         ff:0f:65:db:d1:35:3f:67:b3:01:f4:e3:67:81:7d:88:68:ee:
         fb:dd:70:1c:df:03:c3:1a:1e:42:09:02:59:c3:a2:ec:43:dd:
         1f:a3:d8:d0:b9:21:e5:ff:5a:24:1d:e1:31:dd:69:c2:e1:4c:
         f1:86:fc:2f:5e:62:7f:e8:c6:1a:6e:1c:8f:96:f3:2f:6d:7e:
         f0:cf:c1:23:a9:c1:1a:f8:33:6f:a0:4e:ba:50:c6:e3:7e:47:
         e8:23:57:55:99:cf:fa:2f:31:0f:f8:e1:92:d0:c8:97:74:47:
         2c:24:1b:43:ec:a5:2b:ef:97:a5:0b:af:ad:5f:5f:80:91:da:
         4d:ac:ef:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJIXH/JWFO5XAcl06gTDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjQwMTAxMDgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzllYjVlY2E4OTRmZTU2OTkzY2NlMDE2YTk3NDBlYWRlNWY5OTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVcMbyf0ZDKQuq49iJiETToPVTbk
v+J0qIfcYLS7bDzXA2OQP+mMpSh9NMd/gW1ldfqZVBOY3fmKI34F+YoDWNmu5Vgt
w5ScKaHAX4eb7I8wTgUzeHF/ceU6+uFRnhT4gi/kL5PnoNxMQUWIGsO/7mYJzItH
8QBakK05wumDhykaOyM23UrA2HWRkbtBOkGuJiJgtN8w6JHWj+r778/h0ezrAB/I
wB5zPMd7csuL3rU7tCnbn0B5cZPf0IsHBEFI+fFN5NCCz+vaRI03xfmHHhVMHV1s
OwXgwX8jIinkYoGDmzKYuytxSAv6/YZHnBtG7UwVzrWHPaeDeOoHf3HstQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIeeteyolP5WmTzOAWqXQOreX5k6MB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvaDU2MTdLaVVfbGFaUE00QmFwZEE2dDVmbVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg4zAzAN
BgkqhkiG9w0BAQsFAAOCAQEAl3ImERINIiL//T4UqC7DZG69Zzs5laGUjj5T8i9Y
cSXFkIAXMMYoP9Fmvcthks2Ucfm0l31QKqXwcAb/IQMmzJJk/VgIdnXiQjr+mHdA
LblquIul8gQG3PtL51KMu75/xe/zx+xzSQJDmjouQ2Bhjij1NvU9ODEhcmqqIWu8
/w9l29E1P2ezAfTjZ4F9iGju+91wHN8DwxoeQgkCWcOi7EPdH6PY0Lkh5f9aJB3h
Md1pwuFM8Yb8L15if+jGGm4cj5bzL21+8M/BI6nBGvgzb6BOulDG435H6CNXVZnP
+i8xD/jhktDIl3RHLCQbQ+ylK++XpQuvrV9fgJHaTazv8w==
-----END CERTIFICATE-----