Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/8ApQZDMdtFxBTaYrM5TULQtJZ0g.roa
File:                     8ApQZDMdtFxBTaYrM5TULQtJZ0g.roa (raw, json)
Hash identifier:          TsmvULY4N/hxVMA7fXd/fsafpz3QsGezNU+SV5KDfDo=
Subject key identifier:   F0:0A:50:64:33:1D:B4:5C:41:4D:A6:2B:33:94:D4:2D:0B:49:67:48
Certificate issuer:       /CN=aa734ef5ae21c0e897fa186447184ec9ad4ae29d
Certificate serial:       018DFAA8AB19E5134CBC9B49C8C433F932F2
Authority key identifier: AA:73:4E:F5:AE:21:C0:E8:97:FA:18:64:47:18:4E:C9:AD:4A:E2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnNO9a4hwOiX-hhkRxhOya1K4p0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/8ApQZDMdtFxBTaYrM5TULQtJZ0g.roa
Signing time:             Fri 01 Mar 2024 15:36:14 +0000
ROA not before:           Fri 01 Mar 2024 15:36:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208853
IP address blocks:        2a0e:6ac0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/qnNO9a4hwOiX-hhkRxhOya1K4p0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/qnNO9a4hwOiX-hhkRxhOya1K4p0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnNO9a4hwOiX-hhkRxhOya1K4p0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:a8:ab:19:e5:13:4c:bc:9b:49:c8:c4:33:f9:32:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa734ef5ae21c0e897fa186447184ec9ad4ae29d
        Validity
            Not Before: Mar  1 15:36:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f00a5064331db45c414da62b3394d42d0b496748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b9:8e:6f:05:4d:94:34:7c:31:1c:89:b3:60:
                    8f:9a:c6:61:7a:b1:17:39:32:ba:8f:c7:33:a4:6c:
                    63:f5:95:05:42:a1:cb:d9:12:35:b5:30:3f:01:92:
                    bf:5e:99:7b:ff:05:27:5a:c1:6c:3a:29:e9:a5:db:
                    2c:b9:8e:19:f1:fe:b7:17:48:62:c6:4c:2a:4e:5e:
                    70:cc:77:a7:38:2a:90:85:60:6c:0f:5a:ff:39:b0:
                    58:79:4a:04:a1:78:44:77:7a:2f:9f:26:ac:35:a7:
                    a7:5f:19:bc:ff:2d:dc:67:48:ab:42:5c:be:09:27:
                    8b:57:90:d0:7e:0d:63:ba:3c:b1:e2:2d:bf:1e:43:
                    c8:7c:8a:e4:91:8d:91:33:dc:ff:b2:80:d5:bf:3d:
                    7c:88:ff:d3:bc:c8:da:0e:00:85:93:45:e1:42:cb:
                    c6:2d:e4:ac:8b:8f:e9:7d:bb:bc:85:b5:5d:65:06:
                    e2:2a:75:85:21:68:4a:92:2f:ee:c7:cd:43:11:df:
                    8f:fe:b4:65:68:87:ec:39:10:09:5d:37:4a:fc:06:
                    6e:c4:fa:ae:fa:87:7f:39:2d:4e:80:da:f3:77:51:
                    06:92:f1:1c:9b:15:fb:ae:52:a0:fe:26:9c:55:6c:
                    ae:e3:7a:66:c2:83:26:77:be:f1:2f:e0:4d:22:4d:
                    6d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:0A:50:64:33:1D:B4:5C:41:4D:A6:2B:33:94:D4:2D:0B:49:67:48
            X509v3 Authority Key Identifier:
                keyid:AA:73:4E:F5:AE:21:C0:E8:97:FA:18:64:47:18:4E:C9:AD:4A:E2:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnNO9a4hwOiX-hhkRxhOya1K4p0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/8ApQZDMdtFxBTaYrM5TULQtJZ0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/748111-0e10-4792-9b1b-da780cfb99a4/1/qnNO9a4hwOiX-hhkRxhOya1K4p0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6ac0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:d2:29:24:b0:91:f5:d4:ea:22:93:c7:34:37:3d:93:04:b8:
         c6:fd:02:99:aa:1c:97:30:1a:01:38:5e:ce:72:b3:97:4a:13:
         d3:bd:4d:70:fb:c5:a7:96:b9:44:89:f1:cf:2f:80:85:68:0d:
         e8:24:45:f9:85:2c:27:78:45:74:c3:a6:97:7d:59:b8:06:fd:
         8f:fb:e8:cd:c5:9c:cb:c3:07:18:18:a9:73:d8:8a:a3:64:a9:
         2c:49:cd:91:b6:e3:d5:96:0f:80:f6:58:3b:a2:d8:60:e7:ba:
         ff:13:81:de:a5:ae:a5:03:ed:58:f4:73:df:10:86:fb:a5:b4:
         bc:04:0c:6b:cb:17:f1:e3:a5:d5:83:9e:f8:db:63:c7:7d:15:
         e9:53:de:b2:9d:ac:f2:09:7c:c9:3a:48:30:61:a7:43:b4:54:
         60:12:bb:59:21:93:05:34:fb:a5:3e:87:69:4e:9d:2b:98:69:
         94:6b:47:1a:dd:ee:51:33:69:0b:29:ba:a0:cc:88:86:dd:3e:
         bf:6e:b8:ca:c6:21:91:a6:26:5c:b8:f3:c8:ff:79:fb:39:73:
         66:a2:94:37:16:87:6e:5c:fc:c6:19:c9:bd:50:4a:2c:b6:59:
         07:47:da:72:59:97:74:d7:0a:8e:d5:21:c8:b5:95:76:75:ce:
         a0:d9:a7:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY36qKsZ5RNMvJtJyMQz+TLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNzM0ZWY1YWUyMWMwZTg5N2ZhMTg2NDQ3MTg0ZWM5YWQ0
YWUyOWQwHhcNMjQwMzAxMTUzNjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDBhNTA2NDMzMWRiNDVjNDE0ZGE2MmIzMzk0ZDQyZDBiNDk2NzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7mObwVNlDR8MRyJs2CPmsZherEX
OTK6j8czpGxj9ZUFQqHL2RI1tTA/AZK/Xpl7/wUnWsFsOinppdssuY4Z8f63F0hi
xkwqTl5wzHenOCqQhWBsD1r/ObBYeUoEoXhEd3ovnyasNaenXxm8/y3cZ0irQly+
CSeLV5DQfg1jujyx4i2/HkPIfIrkkY2RM9z/soDVvz18iP/TvMjaDgCFk0XhQsvG
LeSsi4/pfbu8hbVdZQbiKnWFIWhKki/ux81DEd+P/rRlaIfsORAJXTdK/AZuxPqu
+od/OS1OgNrzd1EGkvEcmxX7rlKg/iacVWyu43pmwoMmd77xL+BNIk1t4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPAKUGQzHbRcQU2mKzOU1C0LSWdIMB8GA1UdIwQY
MBaAFKpzTvWuIcDol/oYZEcYTsmtSuKdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW5OTzlhNGh3T2lYLWhoa1J4aE95YTFLNHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS83NDgxMTEtMGUxMC00NzkyLTliMWIt
ZGE3ODBjZmI5OWE0LzEvOEFwUVpETWR0RnhCVGFZck01VFVMUXRKWjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS83NDgxMTEtMGUxMC00NzkyLTliMWItZGE3ODBjZmI5OWE0
LzEvcW5OTzlhNGh3T2lYLWhoa1J4aE95YTFLNHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5qwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBf0ikksJH11Ooik8c0Nz2TBLjG/QKZqhyXMBoB
OF7OcrOXShPTvU1w+8WnlrlEifHPL4CFaA3oJEX5hSwneEV0w6aXfVm4Bv2P++jN
xZzLwwcYGKlz2IqjZKksSc2RtuPVlg+A9lg7othg57r/E4Hepa6lA+1Y9HPfEIb7
pbS8BAxryxfx46XVg57422PHfRXpU96ynazyCXzJOkgwYadDtFRgErtZIZMFNPul
PodpTp0rmGmUa0ca3e5RM2kLKbqgzIiG3T6/brjKxiGRpiZcuPPI/3n7OXNmopQ3
FoduXPzGGcm9UEostlkHR9pyWZd01wqO1SHItZV2dc6g2aek
-----END CERTIFICATE-----