Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/kQeR7bKk6LpmVylhF_gL_NYoXHo.roa
File:                     kQeR7bKk6LpmVylhF_gL_NYoXHo.roa (raw, json)
Hash identifier:          QlxhQkcMMgWLiPkG5nRbfBydyWcLS4wnDZe2gpuzCCU=
Subject key identifier:   91:07:91:ED:B2:A4:E8:BA:66:57:29:61:17:F8:0B:FC:D6:28:5C:7A
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       018CC5DC1F054A2A0CE51E0BC5901A845C35
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/kQeR7bKk6LpmVylhF_gL_NYoXHo.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48878
IP address blocks:        2a10:fa81:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1f:05:4a:2a:0c:e5:1e:0b:c5:90:1a:84:5c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=910791edb2a4e8ba6657296117f80bfcd6285c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f1:15:a1:a9:50:d1:df:5d:3b:4f:59:23:de:
                    3f:f2:5a:02:38:c7:cc:ad:8a:cb:12:1b:74:7f:95:
                    38:8d:3d:c9:ea:ff:12:b7:a5:15:1c:53:a8:18:30:
                    6e:06:7a:30:b8:b9:bd:ee:aa:8d:ea:7f:d3:ac:cb:
                    9e:9e:54:f5:8c:e2:8d:1b:72:ff:6c:26:87:f2:46:
                    df:24:17:9b:3b:91:85:ac:97:65:18:ad:a4:1f:30:
                    0d:24:fa:58:c9:b1:54:80:18:06:bb:4d:b4:34:36:
                    86:a9:13:9b:18:3f:61:5b:37:b3:af:56:cb:d6:c5:
                    e9:9c:90:04:88:2d:81:fd:5d:ee:eb:4d:4f:1b:14:
                    d9:9f:72:86:7b:85:6d:e0:9e:4f:98:a3:ae:57:54:
                    bd:3f:ed:77:4f:63:7f:16:bb:87:5d:56:e4:a1:77:
                    d4:04:b3:8d:4d:d7:d8:16:a3:4c:40:3d:e5:67:c0:
                    f4:39:0e:a2:67:ce:86:38:d1:c0:78:ee:d7:bf:64:
                    fb:12:6d:23:b9:46:60:cb:59:47:af:bd:e7:53:3e:
                    f1:18:37:3f:75:f9:e4:09:64:3b:4a:ca:40:51:5f:
                    9a:af:b6:1b:6b:77:d2:20:8d:39:b4:87:ed:3b:4b:
                    83:ee:da:1e:72:ad:71:74:28:79:04:36:c0:19:c2:
                    4e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:07:91:ED:B2:A4:E8:BA:66:57:29:61:17:F8:0B:FC:D6:28:5C:7A
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/kQeR7bKk6LpmVylhF_gL_NYoXHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa81:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:76:43:38:6d:48:3e:fc:4d:94:70:98:5f:4e:93:aa:94:40:
         0e:7e:45:12:aa:42:3b:bb:bd:0e:65:a1:ee:3a:c0:8d:58:27:
         4f:38:54:ab:3e:3e:b3:b1:8a:ab:44:89:fb:ee:8c:38:d5:9f:
         20:ae:5a:65:c6:46:d7:81:3f:3d:62:60:92:92:b1:84:0f:3b:
         53:29:38:ff:19:51:06:27:45:0c:c2:2b:f3:9e:b6:f9:a1:76:
         c3:b2:91:bf:2a:20:b1:0b:7c:22:e8:a1:86:cc:3a:66:64:fe:
         f2:0b:24:32:70:02:c4:f5:a5:a6:07:0d:10:51:02:50:38:bd:
         41:0a:79:b3:db:de:e5:d1:7f:be:a0:57:01:d4:80:4a:37:7e:
         7e:42:12:b9:85:89:84:fd:2c:f4:19:87:21:b6:81:58:ef:58:
         f2:88:2a:1e:db:1a:83:63:a0:65:70:14:1d:5d:92:f6:45:6f:
         91:f3:f4:5e:da:a1:b5:84:b6:0e:cb:97:52:b6:66:a5:6d:57:
         dc:bf:6c:d3:d3:94:86:15:4c:f9:19:0b:40:2e:6a:62:91:9a:
         44:e4:fa:0c:b2:67:07:4c:ac:d4:4c:3d:24:2f:2f:f8:a5:40:
         8b:f3:4a:c6:a8:7d:fb:6b:0e:a1:c1:74:b4:cd:87:c6:78:01:
         fb:7e:cb:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3B8FSioM5R4LxZAahFw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA3OTFlZGIyYTRlOGJhNjY1NzI5NjExN2Y4MGJmY2Q2Mjg1YzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfEVoalQ0d9dO09ZI94/8loCOMfM
rYrLEht0f5U4jT3J6v8St6UVHFOoGDBuBnowuLm97qqN6n/TrMuenlT1jOKNG3L/
bCaH8kbfJBebO5GFrJdlGK2kHzANJPpYybFUgBgGu020NDaGqRObGD9hWzezr1bL
1sXpnJAEiC2B/V3u601PGxTZn3KGe4Vt4J5PmKOuV1S9P+13T2N/FruHXVbkoXfU
BLONTdfYFqNMQD3lZ8D0OQ6iZ86GONHAeO7Xv2T7Em0juUZgy1lHr73nUz7xGDc/
dfnkCWQ7SspAUV+ar7Yba3fSII05tIftO0uD7toecq1xdCh5BDbAGcJOKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJEHke2ypOi6ZlcpYRf4C/zWKFx6MB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEva1FlUjdiS2s2THBtVnlsaEZfZ0xfTllvWEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhD6gQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBtdkM4bUg+/E2UcJhfTpOqlEAOfkUSqkI7u70O
ZaHuOsCNWCdPOFSrPj6zsYqrRIn77ow41Z8grlplxkbXgT89YmCSkrGEDztTKTj/
GVEGJ0UMwivznrb5oXbDspG/KiCxC3wi6KGGzDpmZP7yCyQycALE9aWmBw0QUQJQ
OL1BCnmz297l0X++oFcB1IBKN35+QhK5hYmE/Sz0GYchtoFY71jyiCoe2xqDY6Bl
cBQdXZL2RW+R8/Re2qG1hLYOy5dStmalbVfcv2zT05SGFUz5GQtALmpikZpE5PoM
smcHTKzUTD0kLy/4pUCL80rGqH37aw6hwXS0zYfGeAH7fsvc
-----END CERTIFICATE-----