Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/57b53e-3003-46a6-9ce8-fafd1496ae59/1/R8oOWs1ius38zX6yaMEKhz62-es.roa
File:                     R8oOWs1ius38zX6yaMEKhz62-es.roa (raw, json)
Hash identifier:          9pLMpjqGptVuPbfu7AbaNhe7Cy0xsT258RyDnjnIBcA=
Subject key identifier:   47:CA:0E:5A:CD:62:BA:CD:FC:CD:7E:B2:68:C1:0A:87:3E:B6:F9:EB
Certificate issuer:       /CN=82e39681c5aaefb35e54f4ad8afa428d4ffde06a
Certificate serial:       018CC8DE9C01BCA49813D2DB5D01AFB586BD
Authority key identifier: 82:E3:96:81:C5:AA:EF:B3:5E:54:F4:AD:8A:FA:42:8D:4F:FD:E0:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/guOWgcWq77NeVPStivpCjU_94Go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/57b53e-3003-46a6-9ce8-fafd1496ae59/1/R8oOWs1ius38zX6yaMEKhz62-es.roa
Signing time:             Tue 02 Jan 2024 06:31:21 +0000
ROA not before:           Tue 02 Jan 2024 06:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44286
IP address blocks:        2a02:2410::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/57b53e-3003-46a6-9ce8-fafd1496ae59/1/guOWgcWq77NeVPStivpCjU_94Go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/57b53e-3003-46a6-9ce8-fafd1496ae59/1/guOWgcWq77NeVPStivpCjU_94Go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/guOWgcWq77NeVPStivpCjU_94Go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9c:01:bc:a4:98:13:d2:db:5d:01:af:b5:86:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82e39681c5aaefb35e54f4ad8afa428d4ffde06a
        Validity
            Not Before: Jan  2 06:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47ca0e5acd62bacdfccd7eb268c10a873eb6f9eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b6:30:e5:56:1e:40:b6:c0:94:c3:cd:4c:87:
                    97:23:6c:78:58:d2:ba:0d:de:02:d6:72:00:c8:81:
                    0a:19:ec:96:31:45:30:62:7f:2a:10:c5:b5:a1:38:
                    8c:11:88:98:ce:6c:e1:5a:f8:e5:aa:25:db:b9:2d:
                    5c:03:10:da:01:97:23:03:e4:c8:f5:78:92:0d:48:
                    a0:cd:fc:5f:dc:1b:3b:ea:5a:7a:2c:d5:47:d8:f1:
                    d4:ec:55:ca:39:2c:39:a0:50:99:96:ef:48:5e:ec:
                    eb:87:06:e7:37:ad:4f:d4:9f:39:0b:26:fb:ec:48:
                    28:1b:b6:b9:fe:62:22:3b:0c:5c:18:93:d5:d2:76:
                    92:69:5e:13:7b:10:8a:84:7b:08:9b:02:a1:2c:14:
                    d0:ee:86:94:19:9a:dc:b1:25:af:dd:c3:0d:68:c5:
                    20:05:b9:3f:43:4a:67:41:15:1d:18:1d:9c:a1:6f:
                    e8:7e:dd:8f:99:db:97:2b:9f:c6:df:a8:5c:3b:9b:
                    42:6d:9f:f0:73:8b:41:f6:98:35:c2:1e:0f:ad:fc:
                    db:ab:98:35:ce:2d:2c:bf:43:6a:ff:de:81:a3:55:
                    38:d5:8c:88:04:75:98:ef:4b:fe:a7:93:fc:cd:0c:
                    3c:2d:ad:ef:3f:93:29:0d:0c:05:ba:72:cb:5b:04:
                    e2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CA:0E:5A:CD:62:BA:CD:FC:CD:7E:B2:68:C1:0A:87:3E:B6:F9:EB
            X509v3 Authority Key Identifier:
                keyid:82:E3:96:81:C5:AA:EF:B3:5E:54:F4:AD:8A:FA:42:8D:4F:FD:E0:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/guOWgcWq77NeVPStivpCjU_94Go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/57b53e-3003-46a6-9ce8-fafd1496ae59/1/R8oOWs1ius38zX6yaMEKhz62-es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/57b53e-3003-46a6-9ce8-fafd1496ae59/1/guOWgcWq77NeVPStivpCjU_94Go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2410::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:60:90:3f:b9:a7:c4:03:41:9b:fb:dd:b4:f6:20:6f:59:e1:
         52:3c:4a:3c:3d:3f:5c:93:d2:2b:64:8b:a9:ec:9f:45:f7:14:
         6a:5d:6a:5e:2f:79:ae:73:28:e8:d0:95:c6:0e:79:cd:70:93:
         74:8b:2d:62:d3:87:66:16:a1:36:85:88:92:9a:93:d1:95:07:
         2c:89:5d:36:fe:65:a7:b2:f7:d3:15:90:76:6d:1d:2f:48:21:
         5c:0c:e1:46:67:6a:6a:a9:16:34:f1:c8:60:4a:bf:6e:86:77:
         36:51:7c:67:77:26:64:21:21:8b:c3:a0:8d:cd:b5:15:0a:45:
         d3:f9:1f:00:26:97:8c:e2:ce:74:67:95:d4:7a:59:95:5a:ad:
         84:33:c8:dc:27:ea:c1:b4:09:9c:0b:0c:f2:ce:a6:34:0e:40:
         32:12:46:e9:e2:92:7e:f8:75:ab:f2:e6:4c:4b:54:32:1b:87:
         47:a7:d0:d2:5e:67:81:0e:a6:a4:e3:70:1f:70:e1:ec:6b:09:
         a8:08:e0:70:13:fa:9d:f0:26:4b:d1:ca:41:3e:20:12:b4:84:
         b9:54:ba:97:ce:d9:3a:d8:e2:2e:53:0b:0a:78:cc:56:c3:73:
         94:60:b6:8d:e8:ea:1f:5e:9b:dc:15:37:8e:f9:ef:21:88:7f:
         d2:ef:aa:a5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3pwBvKSYE9LbXQGvtYa9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZTM5NjgxYzVhYWVmYjM1ZTU0ZjRhZDhhZmE0MjhkNGZm
ZGUwNmEwHhcNMjQwMTAyMDYzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2NhMGU1YWNkNjJiYWNkZmNjZDdlYjI2OGMxMGE4NzNlYjZmOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybYw5VYeQLbAlMPNTIeXI2x4WNK6
Dd4C1nIAyIEKGeyWMUUwYn8qEMW1oTiMEYiYzmzhWvjlqiXbuS1cAxDaAZcjA+TI
9XiSDUigzfxf3Bs76lp6LNVH2PHU7FXKOSw5oFCZlu9IXuzrhwbnN61P1J85Cyb7
7EgoG7a5/mIiOwxcGJPV0naSaV4TexCKhHsImwKhLBTQ7oaUGZrcsSWv3cMNaMUg
Bbk/Q0pnQRUdGB2coW/oft2PmduXK5/G36hcO5tCbZ/wc4tB9pg1wh4Prfzbq5g1
zi0sv0Nq/96Bo1U41YyIBHWY70v+p5P8zQw8La3vP5MpDQwFunLLWwTikQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEfKDlrNYrrN/M1+smjBCoc+tvnrMB8GA1UdIwQY
MBaAFILjloHFqu+zXlT0rYr6Qo1P/eBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3VPV2djV3E3N05lVlBTdGl2cENqVV85NEdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81N2I1M2UtMzAwMy00NmE2LTljZTgt
ZmFmZDE0OTZhZTU5LzEvUjhvT1dzMWl1czM4elg2eWFNRUtoejYyLWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81N2I1M2UtMzAwMy00NmE2LTljZTgtZmFmZDE0OTZhZTU5
LzEvZ3VPV2djV3E3N05lVlBTdGl2cENqVV85NEdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIkEDAN
BgkqhkiG9w0BAQsFAAOCAQEAYGCQP7mnxANBm/vdtPYgb1nhUjxKPD0/XJPSK2SL
qeyfRfcUal1qXi95rnMo6NCVxg55zXCTdIstYtOHZhahNoWIkpqT0ZUHLIldNv5l
p7L30xWQdm0dL0ghXAzhRmdqaqkWNPHIYEq/boZ3NlF8Z3cmZCEhi8Ogjc21FQpF
0/kfACaXjOLOdGeV1HpZlVqthDPI3CfqwbQJnAsM8s6mNA5AMhJG6eKSfvh1q/Lm
TEtUMhuHR6fQ0l5ngQ6mpONwH3Dh7GsJqAjgcBP6nfAmS9HKQT4gErSEuVS6l87Z
OtjiLlMLCnjMVsNzlGC2jejqH16b3BU3jvnvIYh/0u+qpQ==
-----END CERTIFICATE-----