Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/V0mcNPKN6DxKhp1nvp6_BdsLq_I.roa
File:                     V0mcNPKN6DxKhp1nvp6_BdsLq_I.roa (raw, json)
Hash identifier:          7etC+9whE4MqwVAIVsP7IAoODFIzdi0cu5kPqxFLWGI=
Subject key identifier:   57:49:9C:34:F2:8D:E8:3C:4A:86:9D:67:BE:9E:BF:05:DB:0B:AB:F2
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC6A89E9AF5731D2ADE9B308DC2CB4
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/V0mcNPKN6DxKhp1nvp6_BdsLq_I.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17818
IP address blocks:        2a0e:9300::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6a:89:e9:af:57:31:d2:ad:e9:b3:08:dc:2c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57499c34f28de83c4a869d67be9ebf05db0babf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:40:00:f9:67:20:68:e0:c9:2a:d4:7e:ea:2a:
                    e0:bb:b0:af:21:11:06:a8:79:f3:55:c8:37:b3:69:
                    e5:20:3e:4d:d4:ff:d1:5b:d7:ad:b7:d0:e4:af:3a:
                    b6:64:e3:89:32:30:2e:b6:62:d6:44:f3:f6:40:ed:
                    d5:30:39:e0:c0:24:bc:4b:30:c8:c2:ae:21:e5:1c:
                    16:67:85:08:ee:ae:bb:a2:4f:7b:58:a9:fa:7b:3c:
                    98:ad:c3:f9:c7:97:77:0d:74:49:f0:4c:3e:c0:aa:
                    10:7f:b9:48:a4:6b:6b:41:f8:5b:2f:3f:4c:98:20:
                    d0:36:fe:74:c3:31:0f:40:9a:55:e9:58:55:16:ce:
                    1b:46:60:de:cd:0c:2a:05:3c:ef:79:99:1b:c8:59:
                    9b:82:aa:56:ab:f6:ee:b6:98:7f:57:76:fd:a8:e7:
                    77:b5:8e:25:6b:b2:31:a9:b8:e6:44:e7:55:cb:78:
                    42:f5:63:3d:62:e9:ac:1a:d5:78:ff:8a:e9:98:4f:
                    a9:05:cd:e3:33:44:3c:5b:e4:45:bc:b4:52:98:ea:
                    91:dd:f1:2c:2e:ea:62:7e:f9:5d:cd:45:db:a2:64:
                    57:23:50:cb:3c:91:d8:91:ba:43:2a:2d:cb:ac:f1:
                    33:1a:a6:c6:85:b6:83:49:f4:9d:3c:38:f6:14:49:
                    07:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:49:9C:34:F2:8D:E8:3C:4A:86:9D:67:BE:9E:BF:05:DB:0B:AB:F2
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/V0mcNPKN6DxKhp1nvp6_BdsLq_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9300::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:cb:35:a8:7e:68:44:42:16:f9:98:12:f8:0b:f7:52:87:f1:
         03:f1:0f:bd:4e:8c:32:3d:94:2b:5b:1e:c8:35:b7:5d:58:15:
         ea:6f:de:45:12:71:3d:21:8c:67:e7:46:d9:94:6b:ec:41:d2:
         f8:4b:7d:51:d4:1b:8e:d8:d3:20:2b:2e:b0:25:b3:97:e5:9b:
         1c:03:0e:ac:4e:24:ea:f9:ab:0a:b5:04:94:f8:5d:5b:f4:be:
         7f:0a:23:94:cb:94:b9:5e:09:00:d6:66:0e:8e:ce:6a:98:16:
         09:94:1a:e4:70:90:4b:ec:18:c3:6e:9e:96:17:77:12:1d:10:
         b9:d3:98:e8:00:25:58:ed:3d:fa:f4:c6:0f:af:e8:f9:e2:3c:
         c1:84:9b:a0:ad:e1:9f:d7:8b:2a:9c:5e:39:74:30:67:fd:34:
         aa:9a:20:c4:0a:ee:bb:60:10:4d:8c:76:1e:d8:e2:29:e6:f4:
         cd:ee:c2:b0:13:46:62:f7:f5:2d:a4:41:12:f6:30:51:b4:69:
         2f:1c:60:8b:9d:97:ae:13:78:08:77:f1:70:04:5b:81:81:bb:
         e6:15:c2:8b:48:38:6b:51:67:ef:cc:47:24:05:c4:b5:dc:51:
         1d:ff:20:3d:f2:cd:81:ea:89:55:15:5e:da:33:9e:ed:cd:0a:
         0d:46:f4:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvGqJ6a9XMdKt6bMI3Cy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzQ5OWMzNGYyOGRlODNjNGE4NjlkNjdiZTllYmYwNWRiMGJhYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkAA+WcgaODJKtR+6irgu7CvIREG
qHnzVcg3s2nlID5N1P/RW9ett9Dkrzq2ZOOJMjAutmLWRPP2QO3VMDngwCS8SzDI
wq4h5RwWZ4UI7q67ok97WKn6ezyYrcP5x5d3DXRJ8Ew+wKoQf7lIpGtrQfhbLz9M
mCDQNv50wzEPQJpV6VhVFs4bRmDezQwqBTzveZkbyFmbgqpWq/butph/V3b9qOd3
tY4la7IxqbjmROdVy3hC9WM9YumsGtV4/4rpmE+pBc3jM0Q8W+RFvLRSmOqR3fEs
LupifvldzUXbomRXI1DLPJHYkbpDKi3LrPEzGqbGhbaDSfSdPDj2FEkHFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFdJnDTyjeg8SoadZ76evwXbC6vyMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvVjBtY05QS042RHhLaHAxbnZwNl9CZHNMcV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6TAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAvyzWofmhEQhb5mBL4C/dSh/ED8Q+9TowyPZQr
Wx7INbddWBXqb95FEnE9IYxn50bZlGvsQdL4S31R1BuO2NMgKy6wJbOX5ZscAw6s
TiTq+asKtQSU+F1b9L5/CiOUy5S5XgkA1mYOjs5qmBYJlBrkcJBL7BjDbp6WF3cS
HRC505joACVY7T369MYPr+j54jzBhJugreGf14sqnF45dDBn/TSqmiDECu67YBBN
jHYe2OIp5vTN7sKwE0Zi9/UtpEES9jBRtGkvHGCLnZeuE3gId/FwBFuBgbvmFcKL
SDhrUWfvzEckBcS13FEd/yA98s2B6olVFV7aM57tzQoNRvSI
-----END CERTIFICATE-----