Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/g2_t0PdPD8rp6-wXfd4W3qLNoGY.roa
File:                     g2_t0PdPD8rp6-wXfd4W3qLNoGY.roa (raw, json)
Hash identifier:          XKui4b0SHImCKIunhPWwtnscgnMxKN49L4tzEf3+/Bg=
Subject key identifier:   83:6F:ED:D0:F7:4F:0F:CA:E9:EB:EC:17:7D:DE:16:DE:A2:CD:A0:66
Certificate issuer:       /CN=2631166de785a3531bdc8361f1190a8369a7ed6a
Certificate serial:       018CC8DE8FA0C31687B76D01A158CE534D42
Authority key identifier: 26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/g2_t0PdPD8rp6-wXfd4W3qLNoGY.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206264
IP address blocks:        2a00:1ca8:2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8f:a0:c3:16:87:b7:6d:01:a1:58:ce:53:4d:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2631166de785a3531bdc8361f1190a8369a7ed6a
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=836fedd0f74f0fcae9ebec177dde16dea2cda066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:49:02:72:af:1b:11:36:62:b3:17:e7:c3:4a:
                    f9:19:66:98:f3:cc:fc:b6:ea:2e:4c:50:b5:7e:e6:
                    3a:2b:38:87:b0:09:3b:5c:26:a5:c9:23:e1:f7:c5:
                    50:e9:59:bc:0e:f2:06:26:bb:84:4f:6c:d8:6d:7b:
                    78:6d:20:7b:bd:cd:c3:7b:ad:52:e3:ae:45:36:ee:
                    fd:02:1c:f1:81:17:26:9d:af:fa:fd:7d:aa:f7:1d:
                    16:9c:b9:c1:49:f5:c9:fc:63:4b:bc:d0:ce:89:bb:
                    36:c4:f7:85:3b:29:69:13:a4:11:8e:bc:03:6b:41:
                    7e:f9:26:d7:3c:da:ef:93:17:f3:0d:70:9b:fd:37:
                    94:f5:7d:fb:b8:3f:7d:be:34:3c:28:60:34:a6:02:
                    eb:f7:fd:e5:68:f9:ca:21:17:39:73:24:fe:d1:97:
                    ff:c0:d4:ae:94:e4:1c:51:d2:e3:44:a8:d6:ea:4e:
                    43:0d:7f:01:89:3d:b0:3a:e7:d0:e8:a9:c6:f1:57:
                    d9:d3:df:e5:f7:ed:bf:0c:b6:c8:b7:12:15:8b:8b:
                    db:e9:5c:39:f6:20:91:bc:47:21:dc:79:f0:c9:a6:
                    3b:f1:dc:44:c6:14:9c:86:85:e5:80:08:4b:b8:1d:
                    8d:9b:4a:54:aa:14:eb:45:68:d7:50:c0:07:9d:26:
                    6a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:6F:ED:D0:F7:4F:0F:CA:E9:EB:EC:17:7D:DE:16:DE:A2:CD:A0:66
            X509v3 Authority Key Identifier:
                keyid:26:31:16:6D:E7:85:A3:53:1B:DC:83:61:F1:19:0A:83:69:A7:ED:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/g2_t0PdPD8rp6-wXfd4W3qLNoGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/fb0157-6746-4b00-8f8e-b89a26199976/1/JjEWbeeFo1Mb3INh8RkKg2mn7Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1ca8:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:de:15:8e:24:f5:fe:1a:06:b7:b8:f4:08:5a:3a:37:61:22:
         65:57:a8:fa:bb:45:ca:cc:ad:ae:a2:5e:dc:21:ce:f9:7e:0d:
         fe:63:9b:3d:ad:41:b1:8e:2f:f1:b9:a2:d8:19:59:23:fd:e9:
         02:2c:ac:e2:d3:45:e6:0c:33:dc:38:46:f4:24:3d:24:21:75:
         4b:7a:3d:7f:cb:47:17:00:77:53:83:98:e3:68:bd:1d:db:2f:
         83:4d:6b:33:51:41:5f:8c:62:4e:4e:9b:24:55:b7:e9:56:ac:
         d4:d3:94:5e:15:61:b0:21:9f:6b:bb:66:62:ca:69:99:d9:df:
         50:fa:00:f8:db:85:d2:d2:e9:5f:20:7e:26:4f:28:09:45:df:
         dc:7b:ce:49:da:f8:e8:c9:77:f0:f0:6e:57:9b:19:2b:b5:95:
         46:58:5d:05:23:14:ab:bd:84:ca:78:af:6a:01:42:e5:8a:17:
         7a:5b:6e:f4:69:b7:fb:bd:43:e9:3d:db:5c:d2:26:e5:f7:9a:
         5e:58:ae:f8:a6:38:2f:3a:be:5c:e6:a3:19:48:b1:08:9d:bc:
         20:0f:b4:9b:74:c3:be:73:c5:ee:c4:f7:45:2a:83:10:90:8f:
         e7:6b:6b:2b:7f:9f:63:54:5f:f1:5b:d0:8d:99:71:57:2f:ba:
         ab:b3:c4:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3o+gwxaHt20BoVjOU01CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MzExNjZkZTc4NWEzNTMxYmRjODM2MWYxMTkwYTgzNjlh
N2VkNmEwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzZmZWRkMGY3NGYwZmNhZTllYmVjMTc3ZGRlMTZkZWEyY2RhMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikkCcq8bETZisxfnw0r5GWaY88z8
tuouTFC1fuY6KziHsAk7XCalySPh98VQ6Vm8DvIGJruET2zYbXt4bSB7vc3De61S
465FNu79AhzxgRcmna/6/X2q9x0WnLnBSfXJ/GNLvNDOibs2xPeFOylpE6QRjrwD
a0F++SbXPNrvkxfzDXCb/TeU9X37uD99vjQ8KGA0pgLr9/3laPnKIRc5cyT+0Zf/
wNSulOQcUdLjRKjW6k5DDX8BiT2wOufQ6KnG8VfZ09/l9+2/DLbItxIVi4vb6Vw5
9iCRvEch3HnwyaY78dxExhSchoXlgAhLuB2Nm0pUqhTrRWjXUMAHnSZqfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFINv7dD3Tw/K6evsF33eFt6izaBmMB8GA1UdIwQY
MBaAFCYxFm3nhaNTG9yDYfEZCoNpp+1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUt
Yjg5YTI2MTk5OTc2LzEvZzJfdDBQZFBEOHJwNi13WGZkNFczcUxOb0dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9mYjAxNTctNjc0Ni00YjAwLThmOGUtYjg5YTI2MTk5OTc2
LzEvSmpFV2JlZUZvMU1iM0lOaDhSa0tnMm1uN1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAcqAAs
MA0GCSqGSIb3DQEBCwUAA4IBAQCC3hWOJPX+Gga3uPQIWjo3YSJlV6j6u0XKzK2u
ol7cIc75fg3+Y5s9rUGxji/xuaLYGVkj/ekCLKzi00XmDDPcOEb0JD0kIXVLej1/
y0cXAHdTg5jjaL0d2y+DTWszUUFfjGJOTpskVbfpVqzU05ReFWGwIZ9ru2ZiymmZ
2d9Q+gD424XS0ulfIH4mTygJRd/ce85J2vjoyXfw8G5XmxkrtZVGWF0FIxSrvYTK
eK9qAULlihd6W270abf7vUPpPdtc0ibl95peWK74pjgvOr5c5qMZSLEInbwgD7Sb
dMO+c8XuxPdFKoMQkI/na2srf59jVF/xW9CNmXFXL7qrs8Rv
-----END CERTIFICATE-----