Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/MEttmNRddlrJTJnFTQB-VraunwI.roa
File:                     MEttmNRddlrJTJnFTQB-VraunwI.roa (raw, json)
Hash identifier:          KQqRDexXHDQBU78dU4io7lxZ7c4BxPVnLt7PXIwAOLE=
Subject key identifier:   30:4B:6D:98:D4:5D:76:5A:C9:4C:99:C5:4D:00:7E:56:B6:AE:9F:02
Certificate issuer:       /CN=2631166de785a3531bdc8361f1190a8369a7ed6a
Certificate serial:       018CC8DE907B0E2915FF6ADD9ECEE067E891
Authority key identifier: 26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/MEttmNRddlrJTJnFTQB-VraunwI.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211623
IP address blocks:        2a00:1ca8:56::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:90:7b:0e:29:15:ff:6a:dd:9e:ce:e0:67:e8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2631166de785a3531bdc8361f1190a8369a7ed6a
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=304b6d98d45d765ac94c99c54d007e56b6ae9f02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:55:5c:75:60:ee:e0:c5:c5:c4:52:97:a3:99:
                    42:3e:54:26:9d:dd:e3:7f:c1:9a:1c:d4:1d:3d:85:
                    00:2d:93:c6:0f:a3:63:3a:7e:2a:5c:a3:a7:ab:e3:
                    6b:4c:5a:a4:4e:43:04:68:db:4d:a3:8c:a6:6e:f7:
                    de:33:dd:0f:ed:c5:a2:82:31:39:d4:c8:5e:c0:4e:
                    7f:e9:16:25:aa:b4:87:2d:1a:38:88:af:c1:64:72:
                    d5:28:79:3e:4d:7a:da:f3:7a:b5:a0:47:ef:ed:27:
                    a3:c1:50:89:89:59:89:cb:20:8d:d7:8e:2f:86:d4:
                    f9:9c:bd:20:37:f9:de:d2:8a:b7:01:81:1f:65:e8:
                    47:4b:95:d1:80:e5:37:ed:eb:95:b3:14:b9:d7:c5:
                    66:79:a8:32:ad:b5:b3:6b:87:a2:99:2a:e4:78:1d:
                    65:1c:a6:4a:67:fa:39:d0:05:bc:aa:2d:87:b0:dc:
                    cd:a8:c5:74:49:24:ae:d7:f2:20:af:32:76:b9:2b:
                    c3:65:55:c3:e8:14:a7:cd:c4:c0:01:f7:6f:f4:ec:
                    37:53:1b:6e:dd:44:e8:64:f4:d0:29:b7:8b:ba:d3:
                    e1:c9:72:10:40:18:dd:f1:ab:2a:8b:ab:cc:72:fc:
                    68:bc:d5:28:52:79:97:bb:2a:4e:2b:f2:f5:13:7a:
                    74:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4B:6D:98:D4:5D:76:5A:C9:4C:99:C5:4D:00:7E:56:B6:AE:9F:02
            X509v3 Authority Key Identifier:
                keyid:26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/MEttmNRddlrJTJnFTQB-VraunwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1ca8:56::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:1f:26:c1:95:c7:4b:c5:5b:c8:13:09:c2:dc:2f:ad:4a:d0:
         b7:d7:20:be:99:2b:61:10:2b:bb:db:d5:e3:13:f4:ff:09:45:
         22:db:0e:91:00:eb:d2:f9:5a:a7:f3:ca:71:0c:9f:88:66:a7:
         cb:cd:e7:60:d9:ba:94:8e:34:c5:49:53:a6:64:76:26:9d:32:
         ae:fb:ee:7f:9c:5a:b5:39:95:bf:c3:5d:c4:e6:6e:d5:be:fd:
         1a:55:1d:37:c8:4e:d6:63:32:98:88:d5:df:84:60:12:ef:df:
         e7:34:23:b0:16:af:95:2b:81:68:fe:d2:45:e5:0a:cd:9c:80:
         71:e6:ed:a1:b4:b9:1c:ad:81:ca:9a:48:15:9c:49:f4:8b:8c:
         ae:a8:15:1f:8a:9c:6a:d6:63:8b:58:f9:b3:42:ae:34:56:ce:
         be:d9:82:a3:56:33:d0:8a:8d:53:12:4d:59:24:c7:d4:66:93:
         5b:99:0d:fb:19:fe:8c:16:e9:36:97:0c:9d:35:30:61:a4:be:
         d8:18:84:29:cd:9c:35:fa:48:f4:ac:67:42:90:cd:d3:94:c4:
         9d:21:da:3c:e5:72:a5:e5:04:06:7f:45:3a:14:97:44:73:ae:
         70:0c:9f:2e:55:f5:27:96:a9:11:f7:25:15:c3:bf:95:27:87:
         d4:94:87:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3pB7DikV/2rdns7gZ+iRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MzExNjZkZTc4NWEzNTMxYmRjODM2MWYxMTkwYTgzNjlh
N2VkNmEwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDRiNmQ5OGQ0NWQ3NjVhYzk0Yzk5YzU0ZDAwN2U1NmI2YWU5ZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVVcdWDu4MXFxFKXo5lCPlQmnd3j
f8GaHNQdPYUALZPGD6NjOn4qXKOnq+NrTFqkTkMEaNtNo4ymbvfeM90P7cWigjE5
1MhewE5/6RYlqrSHLRo4iK/BZHLVKHk+TXra83q1oEfv7SejwVCJiVmJyyCN144v
htT5nL0gN/ne0oq3AYEfZehHS5XRgOU37euVsxS518VmeagyrbWza4eimSrkeB1l
HKZKZ/o50AW8qi2HsNzNqMV0SSSu1/IgrzJ2uSvDZVXD6BSnzcTAAfdv9Ow3Uxtu
3UToZPTQKbeLutPhyXIQQBjd8asqi6vMcvxovNUoUnmXuypOK/L1E3p0EQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDBLbZjUXXZayUyZxU0Afla2rp8CMB8GA1UdIwQY
MBaAFCYxFm3nhaNTG9yDYfEZCoNpp+1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUt
Yjg5YTI2MTk5OTc2LzEvTUV0dG1OUmRkbHJKVEpuRlRRQi1WcmF1bndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUtYjg5YTI2MTk5OTc2
LzEvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAcqABW
MA0GCSqGSIb3DQEBCwUAA4IBAQBEHybBlcdLxVvIEwnC3C+tStC31yC+mSthECu7
29XjE/T/CUUi2w6RAOvS+Vqn88pxDJ+IZqfLzedg2bqUjjTFSVOmZHYmnTKu++5/
nFq1OZW/w13E5m7Vvv0aVR03yE7WYzKYiNXfhGAS79/nNCOwFq+VK4Fo/tJF5QrN
nIBx5u2htLkcrYHKmkgVnEn0i4yuqBUfipxq1mOLWPmzQq40Vs6+2YKjVjPQio1T
Ek1ZJMfUZpNbmQ37Gf6MFuk2lwydNTBhpL7YGIQpzZw1+kj0rGdCkM3TlMSdIdo8
5XKl5QQGf0U6FJdEc65wDJ8uVfUnlqkR9yUVw7+VJ4fUlIeJ
-----END CERTIFICATE-----