Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/42irQsdBNFZPiDI6aK2dVTBb56s.roa
File:                     42irQsdBNFZPiDI6aK2dVTBb56s.roa (raw, json)
Hash identifier:          JTaHyEMUuNToCs2lntVj9swjRH26yJwbiKH6EHInOhA=
Subject key identifier:   E3:68:AB:42:C7:41:34:56:4F:88:32:3A:68:AD:9D:55:30:5B:E7:AB
Certificate issuer:       /CN=0d702c53cb803b14644e67587e5d6fd612b64bcc
Certificate serial:       018CC86F34DC3B3B7F84C28F36D0D750792C
Authority key identifier: 0D:70:2C:53:CB:80:3B:14:64:4E:67:58:7E:5D:6F:D6:12:B6:4B:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/42irQsdBNFZPiDI6aK2dVTBb56s.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58247
IP address blocks:        2a0e:4540:cafe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:34:dc:3b:3b:7f:84:c2:8f:36:d0:d7:50:79:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d702c53cb803b14644e67587e5d6fd612b64bcc
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e368ab42c74134564f88323a68ad9d55305be7ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f5:6a:58:5b:34:5a:9b:dd:f1:41:c6:7f:25:
                    f2:a1:b8:c4:1a:92:ae:16:7e:15:a5:7f:25:b6:80:
                    14:a1:3a:52:b2:09:b2:db:85:9f:fc:ed:b0:be:4c:
                    7f:42:9a:a9:94:3c:eb:a8:59:01:4d:b1:ff:eb:43:
                    77:89:32:d4:34:74:c3:e2:9a:40:9a:01:9a:08:e5:
                    68:97:31:80:21:d4:a4:18:24:33:90:a7:05:5a:84:
                    2b:a1:26:64:e5:05:39:24:72:aa:dd:43:3a:78:37:
                    5c:ba:36:ef:dc:80:7f:27:97:5e:b9:7c:01:df:09:
                    ef:1d:77:80:fc:e6:ac:2e:27:93:34:9f:53:33:54:
                    11:4b:01:4d:e8:b8:a9:18:7c:33:14:ba:8c:b9:7a:
                    6d:9c:6d:17:4f:0e:44:88:6e:84:26:7e:1f:9e:92:
                    9f:8b:b7:fc:83:01:45:ca:7d:5b:e4:96:cb:67:73:
                    47:88:fc:08:ec:ac:24:04:66:81:68:58:f7:e2:5a:
                    fc:16:d0:7c:f8:f1:48:fd:60:62:5c:ea:05:a4:da:
                    7e:94:41:60:21:25:10:61:85:ac:f0:21:0b:08:71:
                    6f:08:9f:25:c1:59:7d:b2:68:8d:dd:04:12:42:c3:
                    07:e3:65:f7:9b:4d:d0:e8:a0:ce:d4:ce:60:5f:a2:
                    93:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:68:AB:42:C7:41:34:56:4F:88:32:3A:68:AD:9D:55:30:5B:E7:AB
            X509v3 Authority Key Identifier:
                keyid:0D:70:2C:53:CB:80:3B:14:64:4E:67:58:7E:5D:6F:D6:12:B6:4B:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXAsU8uAOxRkTmdYfl1v1hK2S8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/42irQsdBNFZPiDI6aK2dVTBb56s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/d3d105-f972-4c7c-bfea-3f25392de7f9/1/DXAsU8uAOxRkTmdYfl1v1hK2S8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4540:cafe::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:a5:6e:e6:cb:de:70:e1:61:e1:51:c8:da:70:dc:b6:6a:ec:
         63:f6:21:6e:4d:82:bb:a8:a0:83:aa:c8:f2:2f:cc:57:71:6d:
         c2:da:f2:04:e8:bd:8f:46:9b:59:50:87:eb:0d:24:d7:81:a9:
         9d:3a:02:bc:4b:b9:da:75:dc:40:d4:a5:1e:12:76:4d:fd:fd:
         0b:d2:7d:7b:26:8a:29:1e:a2:6d:2e:13:62:90:d1:93:17:e1:
         9e:25:da:66:94:70:51:ea:60:1e:80:d7:a4:91:4b:09:5a:9c:
         15:9e:b7:fa:26:01:4f:53:3d:06:d5:5e:d9:d6:f2:27:f4:e7:
         49:d4:20:a1:74:3e:47:48:d9:61:f8:b8:2d:34:11:91:e5:b1:
         81:ca:f6:61:e5:81:51:7e:b9:3a:f3:00:93:a7:96:6d:2f:db:
         a6:34:40:c4:3b:b6:b0:ac:52:f5:e2:a1:1d:39:22:5d:e3:1f:
         aa:c1:15:dd:37:ce:62:c2:01:fb:6d:b5:cf:0a:e1:02:b2:1f:
         6b:20:73:13:a4:da:60:42:16:2e:6c:8f:fa:e6:73:77:4e:a0:
         c1:c6:ae:0e:de:e3:6f:e6:98:45:c3:f2:4b:7f:02:bf:83:2e:
         fc:43:c9:65:ec:49:6a:a7:eb:f0:0b:8f:c8:87:a6:36:67:b0:
         65:d7:6d:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbzTcOzt/hMKPNtDXUHksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzAyYzUzY2I4MDNiMTQ2NDRlNjc1ODdlNWQ2ZmQ2MTJi
NjRiY2MwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzY4YWI0MmM3NDEzNDU2NGY4ODMyM2E2OGFkOWQ1NTMwNWJlN2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfVqWFs0Wpvd8UHGfyXyobjEGpKu
Fn4VpX8ltoAUoTpSsgmy24Wf/O2wvkx/QpqplDzrqFkBTbH/60N3iTLUNHTD4ppA
mgGaCOVolzGAIdSkGCQzkKcFWoQroSZk5QU5JHKq3UM6eDdcujbv3IB/J5deuXwB
3wnvHXeA/OasLieTNJ9TM1QRSwFN6LipGHwzFLqMuXptnG0XTw5EiG6EJn4fnpKf
i7f8gwFFyn1b5JbLZ3NHiPwI7KwkBGaBaFj34lr8FtB8+PFI/WBiXOoFpNp+lEFg
ISUQYYWs8CELCHFvCJ8lwVl9smiN3QQSQsMH42X3m03Q6KDO1M5gX6KTswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFONoq0LHQTRWT4gyOmitnVUwW+erMB8GA1UdIwQY
MBaAFA1wLFPLgDsUZE5nWH5db9YStkvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhBc1U4dUFPeFJrVG1kWWZsMXYxaEsyUzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9kM2QxMDUtZjk3Mi00YzdjLWJmZWEt
M2YyNTM5MmRlN2Y5LzEvNDJpclFzZEJORlpQaURJNmFLMmRWVEJiNTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9kM2QxMDUtZjk3Mi00YzdjLWJmZWEtM2YyNTM5MmRlN2Y5
LzEvRFhBc1U4dUFPeFJrVG1kWWZsMXYxaEsyUzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5FQMr+
MA0GCSqGSIb3DQEBCwUAA4IBAQBupW7my95w4WHhUcjacNy2auxj9iFuTYK7qKCD
qsjyL8xXcW3C2vIE6L2PRptZUIfrDSTXgamdOgK8S7naddxA1KUeEnZN/f0L0n17
JoopHqJtLhNikNGTF+GeJdpmlHBR6mAegNekkUsJWpwVnrf6JgFPUz0G1V7Z1vIn
9OdJ1CChdD5HSNlh+LgtNBGR5bGByvZh5YFRfrk68wCTp5ZtL9umNEDEO7awrFL1
4qEdOSJd4x+qwRXdN85iwgH7bbXPCuECsh9rIHMTpNpgQhYubI/65nN3TqDBxq4O
3uNv5phFw/JLfwK/gy78Q8ll7Elqp+vwC4/Ih6Y2Z7Bl121r
-----END CERTIFICATE-----