Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1pvbd9pf2ZD3mGzrAGan63RcRsE.roa
File:                     1pvbd9pf2ZD3mGzrAGan63RcRsE.roa (raw, json)
Hash identifier:          SMNg5ZLAaNiRNf3/8kV9SIk2TjsCaGy1OMMfVoOj/oA=
Subject key identifier:   D6:9B:DB:77:DA:5F:D9:90:F7:98:6C:EB:00:66:A7:EB:74:5C:46:C1
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       018CC49308B3E924A075E77B6BF457EDCD50
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1pvbd9pf2ZD3mGzrAGan63RcRsE.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28839
IP address blocks:        2a01:190:15ee::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:08:b3:e9:24:a0:75:e7:7b:6b:f4:57:ed:cd:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d69bdb77da5fd990f7986ceb0066a7eb745c46c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0f:46:27:fb:3b:db:dd:7e:47:d1:e6:f2:bf:
                    dc:67:d3:7b:f5:19:1d:71:a4:3d:52:16:38:ba:25:
                    fe:57:24:db:0c:66:e1:0c:53:85:48:b7:67:65:82:
                    4c:96:1c:a8:a5:1f:ad:38:7e:fe:89:e7:90:51:e8:
                    c3:02:ed:f3:c6:15:4f:72:12:95:2e:c9:01:cb:86:
                    aa:ac:dc:1a:4d:3c:ca:c2:ec:75:a3:73:d3:6f:90:
                    1e:a1:26:23:cf:83:ae:6b:5b:aa:8d:07:f5:97:6d:
                    0b:07:8b:c0:c1:07:e0:80:7c:c4:f5:6c:a8:2d:36:
                    9a:d5:04:28:0f:1a:c4:9d:19:69:d9:c8:01:79:6a:
                    6a:84:c4:aa:a2:d5:fb:57:16:a5:11:33:ca:58:b4:
                    a3:5e:03:26:86:90:a6:ea:18:be:5a:a7:bc:c2:f5:
                    04:54:cc:b6:85:3d:58:bd:67:92:f1:6a:69:63:fe:
                    5f:44:fa:48:ad:b1:f0:26:6d:e2:af:56:06:6f:b2:
                    f5:0b:79:0e:ff:0d:dd:74:c9:21:f2:34:df:4b:fb:
                    6a:b1:b2:6f:5c:d2:5d:2c:01:88:a9:0b:b4:39:c2:
                    93:ed:34:a8:78:34:a0:75:b7:07:2d:18:6f:5a:5c:
                    f7:3e:1d:45:48:8d:ff:8a:74:30:04:7a:1c:33:d8:
                    90:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:9B:DB:77:DA:5F:D9:90:F7:98:6C:EB:00:66:A7:EB:74:5C:46:C1
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1pvbd9pf2ZD3mGzrAGan63RcRsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:190:15ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:d3:14:fd:98:42:39:ac:58:6b:3e:16:7c:8c:eb:dc:2e:9e:
         f0:f4:ff:be:11:ed:9f:6e:a0:cf:1e:66:68:18:f9:bc:80:c5:
         d0:20:49:0d:f8:6a:a0:2c:5a:14:b3:47:6c:d8:6e:3b:ce:57:
         c9:b1:a2:95:f7:ef:c0:57:8c:b0:6f:7b:5d:90:de:c8:77:ce:
         4a:10:1f:42:fa:45:67:68:49:9c:8d:9c:35:4e:e3:de:0c:cd:
         90:39:11:ba:82:c6:5f:bf:38:f2:25:2a:81:df:2c:2b:fb:81:
         62:f1:09:72:98:86:4f:c4:dd:b6:0f:f0:59:f5:be:a3:51:c4:
         04:5f:25:ba:06:71:97:02:3e:9a:6c:4b:f9:54:b9:4b:b2:28:
         0b:34:79:e3:91:a2:06:50:15:2a:66:d3:22:aa:e0:13:32:76:
         02:56:56:d7:6e:7f:c3:d3:e9:29:af:09:d5:67:1e:e0:34:51:
         7f:48:12:96:e1:01:4d:47:db:11:7b:d2:7f:cc:25:4a:5f:79:
         fb:90:f1:69:86:d1:31:35:81:74:af:00:d6:81:1b:ae:c3:cd:
         69:b1:4c:8a:1b:88:6c:f2:97:43:30:92:01:31:07:bf:43:d0:
         35:d9:61:1c:e8:0b:e3:6e:47:c7:36:fa:d6:b2:f0:78:14:04:
         f6:7b:82:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkwiz6SSgded7a/RX7c1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjliZGI3N2RhNWZkOTkwZjc5ODZjZWIwMDY2YTdlYjc0NWM0NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg9GJ/s7291+R9Hm8r/cZ9N79Rkd
caQ9UhY4uiX+VyTbDGbhDFOFSLdnZYJMlhyopR+tOH7+ieeQUejDAu3zxhVPchKV
LskBy4aqrNwaTTzKwux1o3PTb5AeoSYjz4Oua1uqjQf1l20LB4vAwQfggHzE9Wyo
LTaa1QQoDxrEnRlp2cgBeWpqhMSqotX7VxalETPKWLSjXgMmhpCm6hi+Wqe8wvUE
VMy2hT1YvWeS8WppY/5fRPpIrbHwJm3ir1YGb7L1C3kO/w3ddMkh8jTfS/tqsbJv
XNJdLAGIqQu0OcKT7TSoeDSgdbcHLRhvWlz3Ph1FSI3/inQwBHocM9iQRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNab23faX9mQ95hs6wBmp+t0XEbBMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvMXB2YmQ5cGYyWkQzbUd6ckFHYW42M1JjUnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEBkBXu
MA0GCSqGSIb3DQEBCwUAA4IBAQCH0xT9mEI5rFhrPhZ8jOvcLp7w9P++Ee2fbqDP
HmZoGPm8gMXQIEkN+GqgLFoUs0ds2G47zlfJsaKV9+/AV4ywb3tdkN7Id85KEB9C
+kVnaEmcjZw1TuPeDM2QORG6gsZfvzjyJSqB3ywr+4Fi8QlymIZPxN22D/BZ9b6j
UcQEXyW6BnGXAj6abEv5VLlLsigLNHnjkaIGUBUqZtMiquATMnYCVlbXbn/D0+kp
rwnVZx7gNFF/SBKW4QFNR9sRe9J/zCVKX3n7kPFphtExNYF0rwDWgRuuw81psUyK
G4hs8pdDMJIBMQe/Q9A12WEc6AvjbkfHNvrWsvB4FAT2e4Le
-----END CERTIFICATE-----