Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/1a5P2oAfMXJthbTwtCfp0u63DqE.roa
File:                     1a5P2oAfMXJthbTwtCfp0u63DqE.roa (raw, json)
Hash identifier:          pBNEK+x3Uysg+WnJZKtSlbggjaMh8jLV8jCGNU0Gjeg=
Subject key identifier:   D5:AE:4F:DA:80:1F:31:72:6D:85:B4:F0:B4:27:E9:D2:EE:B7:0E:A1
Certificate issuer:       /CN=a16b0d8ab49436550b6abf45b79035aec6aff23c
Certificate serial:       018CC9BAA5ED6CC74A88A7070F180EF022DC
Authority key identifier: A1:6B:0D:8A:B4:94:36:55:0B:6A:BF:45:B7:90:35:AE:C6:AF:F2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWsNirSUNlULar9Ft5A1rsav8jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/1a5P2oAfMXJthbTwtCfp0u63DqE.roa
Signing time:             Tue 02 Jan 2024 10:31:41 +0000
ROA not before:           Tue 02 Jan 2024 10:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48611
IP address blocks:        2a00:dcc7:2200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/oWsNirSUNlULar9Ft5A1rsav8jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/oWsNirSUNlULar9Ft5A1rsav8jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWsNirSUNlULar9Ft5A1rsav8jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:a5:ed:6c:c7:4a:88:a7:07:0f:18:0e:f0:22:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a16b0d8ab49436550b6abf45b79035aec6aff23c
        Validity
            Not Before: Jan  2 10:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5ae4fda801f31726d85b4f0b427e9d2eeb70ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e5:ff:a7:ee:04:26:6a:9a:33:29:0c:4a:9a:
                    00:6e:71:27:49:8d:d4:b4:34:64:bd:1f:03:8b:6f:
                    e5:ef:67:ed:24:f5:78:02:61:e0:6b:e4:73:d4:ff:
                    2b:24:a0:aa:61:0e:3e:8e:cb:27:92:28:49:cb:29:
                    a1:2e:64:5e:9b:bf:40:b7:2c:b8:f2:1b:b2:cc:78:
                    bf:f2:4f:29:8f:82:32:19:52:ce:ee:d1:ad:1a:ec:
                    55:ed:77:70:74:f9:0f:cb:6d:6e:50:e5:1f:81:50:
                    c7:35:d9:e8:22:9e:7f:2b:3d:f8:70:03:ed:39:a6:
                    bd:3b:2b:59:18:06:94:ce:bb:30:00:81:21:d4:1a:
                    a6:cf:a8:55:31:78:1c:e7:2d:c4:c7:0d:de:fa:72:
                    9e:0e:77:a0:22:d0:e8:a5:48:d6:7c:1d:23:54:01:
                    b1:fd:65:c1:24:06:1b:0f:0a:c4:59:70:f6:51:76:
                    16:d1:09:cf:7e:1b:2a:8f:52:f2:0f:43:bf:ba:9d:
                    3d:c1:18:bb:cf:7b:08:94:b7:e9:2b:5f:7d:66:91:
                    81:fe:fe:01:82:36:7b:92:25:0c:36:77:0a:89:93:
                    bd:d6:24:55:2a:5d:5f:4d:4f:59:2b:a4:52:1a:87:
                    e2:cc:e1:35:44:86:58:d2:ca:50:7d:de:b2:10:a4:
                    d7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:AE:4F:DA:80:1F:31:72:6D:85:B4:F0:B4:27:E9:D2:EE:B7:0E:A1
            X509v3 Authority Key Identifier:
                keyid:A1:6B:0D:8A:B4:94:36:55:0B:6A:BF:45:B7:90:35:AE:C6:AF:F2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWsNirSUNlULar9Ft5A1rsav8jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/1a5P2oAfMXJthbTwtCfp0u63DqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f4518-82e9-4292-a54e-15cc9dc7bd87/1/oWsNirSUNlULar9Ft5A1rsav8jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dcc7:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:2e:b1:0f:b8:cb:5f:51:e1:c1:0b:15:98:7e:9c:6f:53:f4:
         5b:cf:4b:7e:69:82:23:aa:83:18:01:77:2b:03:2f:4e:4d:e0:
         4f:97:01:0c:13:05:b5:d2:c5:a0:8d:26:d9:17:d2:f3:fa:f4:
         80:57:1a:6e:d0:88:72:c7:29:70:94:33:3f:6e:40:9e:ee:db:
         51:7a:d1:0a:6a:a3:38:25:e5:a1:0b:33:e6:0e:49:38:e0:6f:
         ef:e9:89:f5:f5:6b:13:33:04:52:b7:cc:be:b9:14:39:67:78:
         71:19:84:83:bc:56:9b:ef:0c:ed:e1:54:0e:14:94:34:54:3a:
         5c:55:78:04:59:72:82:38:06:fe:2e:2d:df:28:a9:3d:ea:84:
         fa:5e:04:75:84:5e:bc:82:b6:f9:86:56:9e:26:5a:d5:ae:a5:
         c0:53:8f:20:10:6e:e8:b1:71:1f:21:8c:11:0a:1d:84:2e:4e:
         89:58:d0:60:ad:c9:2c:6a:a4:48:7f:54:a8:8d:5a:1e:d5:8d:
         f5:50:ee:98:d4:87:1e:d0:d1:00:f8:d5:41:2f:e0:47:66:9a:
         cb:33:76:32:08:2b:79:7d:b3:4d:30:5d:ef:6c:13:fb:d2:d3:
         8a:5a:53:b0:5d:57:57:c4:2d:cd:3e:e3:9f:29:a9:6c:41:58:
         0f:84:e4:8a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJuqXtbMdKiKcHDxgO8CLcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNmIwZDhhYjQ5NDM2NTUwYjZhYmY0NWI3OTAzNWFlYzZh
ZmYyM2MwHhcNMjQwMTAyMTAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWFlNGZkYTgwMWYzMTcyNmQ4NWI0ZjBiNDI3ZTlkMmVlYjcwZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeX/p+4EJmqaMykMSpoAbnEnSY3U
tDRkvR8Di2/l72ftJPV4AmHga+Rz1P8rJKCqYQ4+jssnkihJyymhLmRem79Atyy4
8huyzHi/8k8pj4IyGVLO7tGtGuxV7XdwdPkPy21uUOUfgVDHNdnoIp5/Kz34cAPt
Oaa9OytZGAaUzrswAIEh1Bqmz6hVMXgc5y3Exw3e+nKeDnegItDopUjWfB0jVAGx
/WXBJAYbDwrEWXD2UXYW0QnPfhsqj1LyD0O/up09wRi7z3sIlLfpK199ZpGB/v4B
gjZ7kiUMNncKiZO91iRVKl1fTU9ZK6RSGofizOE1RIZY0spQfd6yEKTX4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNWuT9qAHzFybYW08LQn6dLutw6hMB8GA1UdIwQY
MBaAFKFrDYq0lDZVC2q/RbeQNa7Gr/I8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dzTmlyU1VObFVMYXI5RnQ1QTFyc2F2OGp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81ZjQ1MTgtODJlOS00MjkyLWE1NGUt
MTVjYzlkYzdiZDg3LzEvMWE1UDJvQWZNWEp0aGJUd3RDZnAwdTYzRHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81ZjQ1MTgtODJlOS00MjkyLWE1NGUtMTVjYzlkYzdiZDg3
LzEvb1dzTmlyU1VObFVMYXI5RnQ1QTFyc2F2OGp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgDcxyIw
DQYJKoZIhvcNAQELBQADggEBAE0usQ+4y19R4cELFZh+nG9T9FvPS35pgiOqgxgB
dysDL05N4E+XAQwTBbXSxaCNJtkX0vP69IBXGm7QiHLHKXCUMz9uQJ7u21F60Qpq
ozgl5aELM+YOSTjgb+/pifX1axMzBFK3zL65FDlneHEZhIO8VpvvDO3hVA4UlDRU
OlxVeARZcoI4Bv4uLd8oqT3qhPpeBHWEXryCtvmGVp4mWtWupcBTjyAQbuixcR8h
jBEKHYQuTolY0GCtySxqpEh/VKiNWh7VjfVQ7pjUhx7Q0QD41UEv4EdmmsszdjII
K3l9s00wXe9sE/vS04paU7BdV1fELc0+458pqWxBWA+E5Io=
-----END CERTIFICATE-----