Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/5ff78e-db14-4b05-9cc6-7403e13675ab/1/JIfoN1vyJkk8YjMGtisjHDhDf5g.roa
File:                     JIfoN1vyJkk8YjMGtisjHDhDf5g.roa (raw, json)
Hash identifier:          nQwiwq9q5gW1Jtf3If055S6E61yaF54CvC6zo1+Eep4=
Subject key identifier:   24:87:E8:37:5B:F2:26:49:3C:62:33:06:B6:2B:23:1C:38:43:7F:98
Certificate issuer:       /CN=037b48449ba1cae15bde2c2f086d94218e0720bb
Certificate serial:       018CC5DBE303E94D2521AD6150F1D6DC3031
Authority key identifier: 03:7B:48:44:9B:A1:CA:E1:5B:DE:2C:2F:08:6D:94:21:8E:07:20:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A3tIRJuhyuFb3iwvCG2UIY4HILs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/5ff78e-db14-4b05-9cc6-7403e13675ab/1/JIfoN1vyJkk8YjMGtisjHDhDf5g.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212722
IP address blocks:        2a10:501::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/5ff78e-db14-4b05-9cc6-7403e13675ab/1/A3tIRJuhyuFb3iwvCG2UIY4HILs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/5ff78e-db14-4b05-9cc6-7403e13675ab/1/A3tIRJuhyuFb3iwvCG2UIY4HILs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A3tIRJuhyuFb3iwvCG2UIY4HILs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e3:03:e9:4d:25:21:ad:61:50:f1:d6:dc:30:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=037b48449ba1cae15bde2c2f086d94218e0720bb
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2487e8375bf226493c623306b62b231c38437f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:74:30:d0:21:81:f4:24:38:ba:25:e5:f2:6e:
                    8b:18:27:b5:f3:ec:a0:63:49:14:6b:4b:5a:a8:38:
                    44:f2:cf:e9:34:ca:77:af:1e:8c:b6:35:b9:49:d0:
                    17:bf:72:5a:d7:49:29:fe:39:01:d9:b9:15:d0:b7:
                    5d:c4:a3:23:1e:1a:bd:88:5d:1d:b4:c8:8d:95:2f:
                    ed:90:f2:c0:8e:15:0b:39:bf:b7:86:26:8c:e2:85:
                    dd:92:5c:bc:9a:88:6b:0c:50:9b:cf:b9:26:99:d1:
                    1a:b4:c0:c4:24:ff:06:1c:9a:eb:87:6c:14:e2:32:
                    6a:90:ba:02:58:94:e1:3c:c3:36:8a:df:09:97:ef:
                    8d:bd:8b:66:9b:98:01:b6:bb:e2:20:ed:b1:88:f8:
                    d6:6b:bf:29:14:0e:95:4c:be:78:09:61:05:b0:10:
                    2d:04:56:d7:39:b3:a5:8b:b6:f0:af:43:76:41:1a:
                    16:38:93:86:e4:24:ee:df:05:77:76:02:41:0a:6b:
                    48:60:f6:20:95:c8:be:28:bc:a6:8f:f1:d1:c2:a3:
                    b4:74:b5:c6:c2:32:a2:f7:6f:97:24:b4:4d:1d:9f:
                    e4:1b:3d:d7:bd:65:79:2e:d0:37:78:16:f2:ef:ce:
                    df:53:69:c6:6b:b0:7b:00:44:a7:fd:0c:2b:d7:16:
                    dd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:87:E8:37:5B:F2:26:49:3C:62:33:06:B6:2B:23:1C:38:43:7F:98
            X509v3 Authority Key Identifier:
                keyid:03:7B:48:44:9B:A1:CA:E1:5B:DE:2C:2F:08:6D:94:21:8E:07:20:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A3tIRJuhyuFb3iwvCG2UIY4HILs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/5ff78e-db14-4b05-9cc6-7403e13675ab/1/JIfoN1vyJkk8YjMGtisjHDhDf5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/5ff78e-db14-4b05-9cc6-7403e13675ab/1/A3tIRJuhyuFb3iwvCG2UIY4HILs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:501::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:25:85:c6:b1:8e:25:c6:1d:9b:c3:68:68:f2:a3:22:e9:d3:
         86:62:dc:fa:d3:11:34:dd:ee:82:1d:d2:a0:1b:b2:3d:48:3f:
         b6:c0:36:3e:8e:da:34:36:e4:a6:9b:15:62:43:29:31:2c:d2:
         e2:30:97:b6:d9:60:42:d5:18:67:53:3f:cf:a2:11:d2:8a:e7:
         98:f0:a5:af:65:bb:05:07:f7:38:c1:9f:01:9f:b8:98:9b:68:
         c0:eb:93:fb:0e:14:fa:46:58:26:f4:4c:20:5b:7f:ca:bd:65:
         52:f4:da:48:d2:f3:29:78:bf:54:65:24:db:ab:3f:a1:79:48:
         98:b9:45:54:80:ff:74:92:16:bf:b7:c4:76:5a:87:7d:3b:3e:
         b3:c4:3b:3a:9c:17:f8:d7:31:c9:a0:ba:a3:52:f7:2f:08:5f:
         81:fa:2f:25:44:41:fd:e9:40:f4:c2:96:fe:aa:f7:fd:87:70:
         58:66:ed:7c:75:40:20:18:f9:65:d0:41:0b:d0:68:4c:f5:50:
         ac:70:76:69:95:0a:d1:a3:5b:fb:6d:4b:07:ae:87:58:69:c1:
         0f:a9:8b:5a:88:fe:c4:2e:f2:25:56:45:0a:aa:8f:d0:01:42:
         08:83:84:f8:97:93:f5:6f:05:96:95:18:a2:30:79:ba:dc:c3:
         1b:24:35:75
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF2+MD6U0lIa1hUPHW3DAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzN2I0ODQ0OWJhMWNhZTE1YmRlMmMyZjA4NmQ5NDIxOGUw
NzIwYmIwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDg3ZTgzNzViZjIyNjQ5M2M2MjMzMDZiNjJiMjMxYzM4NDM3Zjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXQw0CGB9CQ4uiXl8m6LGCe18+yg
Y0kUa0taqDhE8s/pNMp3rx6MtjW5SdAXv3Ja10kp/jkB2bkV0LddxKMjHhq9iF0d
tMiNlS/tkPLAjhULOb+3hiaM4oXdkly8mohrDFCbz7kmmdEatMDEJP8GHJrrh2wU
4jJqkLoCWJThPMM2it8Jl++NvYtmm5gBtrviIO2xiPjWa78pFA6VTL54CWEFsBAt
BFbXObOli7bwr0N2QRoWOJOG5CTu3wV3dgJBCmtIYPYglci+KLymj/HRwqO0dLXG
wjKi92+XJLRNHZ/kGz3XvWV5LtA3eBby787fU2nGa7B7AESn/Qwr1xbdpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCSH6Ddb8iZJPGIzBrYrIxw4Q3+YMB8GA1UdIwQY
MBaAFAN7SESbocrhW94sLwhtlCGOByC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTN0SVJKdWh5dUZiM2l3dkNHMlVJWTRISUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS81ZmY3OGUtZGIxNC00YjA1LTljYzYt
NzQwM2UxMzY3NWFiLzEvSklmb04xdnlKa2s4WWpNR3Rpc2pIRGhEZjVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS81ZmY3OGUtZGIxNC00YjA1LTljYzYtNzQwM2UxMzY3NWFi
LzEvQTN0SVJKdWh5dUZiM2l3dkNHMlVJWTRISUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhAFATAN
BgkqhkiG9w0BAQsFAAOCAQEAmyWFxrGOJcYdm8NoaPKjIunThmLc+tMRNN3ugh3S
oBuyPUg/tsA2Po7aNDbkppsVYkMpMSzS4jCXttlgQtUYZ1M/z6IR0ornmPClr2W7
BQf3OMGfAZ+4mJtowOuT+w4U+kZYJvRMIFt/yr1lUvTaSNLzKXi/VGUk26s/oXlI
mLlFVID/dJIWv7fEdlqHfTs+s8Q7OpwX+NcxyaC6o1L3LwhfgfovJURB/elA9MKW
/qr3/YdwWGbtfHVAIBj5ZdBBC9BoTPVQrHB2aZUK0aNb+21LB66HWGnBD6mLWoj+
xC7yJVZFCqqP0AFCCIOE+JeT9W8FlpUYojB5utzDGyQ1dQ==
-----END CERTIFICATE-----