Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/UPuF44uwp8xzxjpGUnJekTkVfG8.roa
File:                     UPuF44uwp8xzxjpGUnJekTkVfG8.roa (raw, json)
Hash identifier:          KESiHCr36biLbzgi+T0mJUhNFyZ2s4cVoe9zn31UZvs=
Subject key identifier:   50:FB:85:E3:8B:B0:A7:CC:73:C6:3A:46:52:72:5E:91:39:15:7C:6F
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B9340056BFADCAC323D1C11B6BB877
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/UPuF44uwp8xzxjpGUnJekTkVfG8.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211066
IP address blocks:        2a0e:da40:10::/44 maxlen: 128
                          2a0e:da40:da40::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:34:00:56:bf:ad:ca:c3:23:d1:c1:1b:6b:b8:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50fb85e38bb0a7cc73c63a4652725e9139157c6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a8:e5:bc:13:33:56:19:ef:eb:e6:8a:4e:45:
                    2a:d7:ef:bd:d8:50:89:a2:bb:a1:c3:eb:46:c3:04:
                    82:12:fb:db:9a:a4:6c:03:82:8a:f4:45:3d:85:70:
                    04:73:70:f8:51:d5:c8:a9:c6:cf:80:9e:3a:db:12:
                    2d:d9:68:11:c4:32:a4:c5:18:52:98:f1:da:3e:ec:
                    80:ff:22:ba:58:b5:48:a3:4d:e6:cc:5e:2d:90:0b:
                    0b:e7:83:7d:39:cf:cf:93:a3:32:38:3f:2d:98:4e:
                    ad:20:3e:46:d6:cc:52:cd:29:76:e8:47:8d:45:d8:
                    61:74:90:f6:cc:67:c1:ff:7d:7d:36:44:95:12:40:
                    0c:54:0d:5d:50:d5:22:9f:c1:83:da:d7:da:eb:17:
                    a0:c7:16:01:7a:b2:a3:7d:db:44:7e:99:af:d6:bb:
                    6b:66:63:6c:c6:53:26:8a:37:9b:cb:dd:4f:ac:cf:
                    6b:3f:ad:ca:9c:ac:57:d2:b6:92:9f:50:84:d3:99:
                    79:b8:70:30:58:8a:b9:6c:be:5c:7a:94:7d:b3:fc:
                    ef:6e:f9:3d:14:49:2a:c9:5c:c4:47:a6:b3:d4:6f:
                    5a:0a:99:5a:e6:c4:a4:b5:3d:dd:92:b8:52:db:79:
                    41:43:21:11:cd:02:21:cc:f0:fe:db:0f:c1:96:9a:
                    a8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FB:85:E3:8B:B0:A7:CC:73:C6:3A:46:52:72:5E:91:39:15:7C:6F
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/UPuF44uwp8xzxjpGUnJekTkVfG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:10::/44
                  2a0e:da40:da40::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:55:7b:f2:c7:e3:9f:2e:c5:45:4a:f2:6a:cc:c8:e9:a3:1b:
         1c:5e:23:b1:8c:24:ec:9d:5c:34:0c:74:4c:a9:e9:9a:46:43:
         90:54:1c:9b:8d:7d:61:72:aa:86:ff:a9:13:e9:7b:c2:14:13:
         09:47:7a:00:83:25:ff:91:d9:10:f0:ff:ec:27:8e:c8:7c:99:
         94:08:ca:5f:2a:b3:1d:b1:3b:39:fb:c0:12:f6:4a:0a:d2:05:
         32:ff:2e:6e:5b:70:66:49:d4:a7:ff:0d:8f:0b:18:1b:75:36:
         4f:54:f7:16:13:52:c6:43:ba:74:43:34:e4:19:ee:08:4e:bf:
         ae:63:fa:d3:34:34:e1:a7:39:f7:19:12:27:4c:ed:cc:14:f8:
         5e:67:22:be:6d:a4:fc:94:f9:e1:fd:48:c8:55:ac:3b:91:d4:
         df:32:23:47:87:73:69:24:b6:2c:68:47:e5:96:66:8f:3b:73:
         39:26:46:ed:26:7f:3b:18:db:83:63:dd:7a:23:c7:97:bd:39:
         48:d8:8d:48:ce:91:77:88:09:cc:8d:5f:15:14:52:64:43:ed:
         64:6b:b5:db:b6:33:7e:3f:d0:3e:4a:55:bf:17:b8:11:22:39:
         2d:db:eb:2a:2d:36:24:4a:cd:b6:dd:4f:59:03:88:b3:f7:04:
         c7:f4:47:ea
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuTQAVr+tysMj0cEba7h3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZiODVlMzhiYjBhN2NjNzNjNjNhNDY1MjcyNWU5MTM5MTU3YzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKjlvBMzVhnv6+aKTkUq1++92FCJ
oruhw+tGwwSCEvvbmqRsA4KK9EU9hXAEc3D4UdXIqcbPgJ462xIt2WgRxDKkxRhS
mPHaPuyA/yK6WLVIo03mzF4tkAsL54N9Oc/Pk6MyOD8tmE6tID5G1sxSzSl26EeN
RdhhdJD2zGfB/319NkSVEkAMVA1dUNUin8GD2tfa6xegxxYBerKjfdtEfpmv1rtr
ZmNsxlMmijeby91PrM9rP63KnKxX0raSn1CE05l5uHAwWIq5bL5cepR9s/zvbvk9
FEkqyVzER6az1G9aCpla5sSktT3dkrhS23lBQyERzQIhzPD+2w/BlpqoKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFD7heOLsKfMc8Y6RlJyXpE5FXxvMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvVVB1RjQ0dXdwOHh6eGpwR1VuSmVrVGtWZkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg7aQAAQ
AwcAKg7aQNpAMA0GCSqGSIb3DQEBCwUAA4IBAQAUVXvyx+OfLsVFSvJqzMjpoxsc
XiOxjCTsnVw0DHRMqemaRkOQVBybjX1hcqqG/6kT6XvCFBMJR3oAgyX/kdkQ8P/s
J47IfJmUCMpfKrMdsTs5+8AS9koK0gUy/y5uW3BmSdSn/w2PCxgbdTZPVPcWE1LG
Q7p0QzTkGe4ITr+uY/rTNDThpzn3GRInTO3MFPheZyK+baT8lPnh/UjIVaw7kdTf
MiNHh3NpJLYsaEfllmaPO3M5JkbtJn87GNuDY916I8eXvTlI2I1IzpF3iAnMjV8V
FFJkQ+1ka7XbtjN+P9A+SlW/F7gRIjkt2+sqLTYkSs223U9ZA4iz9wTH9Efq
-----END CERTIFICATE-----