Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/26tFgjgcf7yAw77EBfDadbJDTis.roa
File:                     26tFgjgcf7yAw77EBfDadbJDTis.roa (raw, json)
Hash identifier:          RWCxBk3vhvnVCfxrSw1EgBBrAKb5m4lXs72Y9UKfpuo=
Subject key identifier:   DB:AB:45:82:38:1C:7F:BC:80:C3:BE:C4:05:F0:DA:75:B2:43:4E:2B
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958A7EB31E83F3E9E0689FAA6AC173
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/26tFgjgcf7yAw77EBfDadbJDTis.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57010
IP address blocks:        2a04:ac00:4::/48 maxlen: 48
                          2a04:ac00:5::/48 maxlen: 48
                          2a04:ac00:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8a:7e:b3:1e:83:f3:e9:e0:68:9f:aa:6a:c1:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbab4582381c7fbc80c3bec405f0da75b2434e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b8:0e:50:f0:0e:4a:7e:fd:9b:90:94:2c:c3:
                    96:5d:d9:e6:e8:6a:9a:c7:fd:2c:91:dd:fb:be:42:
                    db:06:00:f0:17:9b:e5:67:1a:d0:09:d5:2d:2f:80:
                    26:5b:ab:fa:ce:41:3b:c2:ea:f6:e9:58:22:a4:bf:
                    39:68:64:6b:92:f0:b4:01:60:d7:61:ab:19:70:bb:
                    cb:1e:31:d7:37:1e:f5:f6:78:ff:f4:06:a9:b5:e9:
                    a1:50:54:79:73:b8:c3:49:aa:7f:93:6b:ec:55:cf:
                    e4:a1:fe:4c:3c:2e:33:23:c9:4e:d9:3f:a7:40:55:
                    7b:8f:ad:30:97:d2:79:b6:75:92:15:54:02:1f:a0:
                    52:eb:cf:fe:11:8f:89:50:74:da:94:bc:5d:fb:bc:
                    0e:3f:c5:98:97:3a:7a:ff:77:95:c3:40:be:b3:84:
                    be:12:27:dd:70:95:4c:f4:74:39:5c:d0:5d:f0:f2:
                    7d:44:b2:fb:16:c8:1a:16:38:bb:d4:5b:2f:6e:f0:
                    63:96:87:5d:ff:86:c2:58:ae:de:33:5f:80:6e:c2:
                    4a:12:e4:e6:0d:d2:94:c0:ed:ba:fc:34:11:37:f8:
                    0c:e0:2e:17:29:b6:47:b5:2a:61:71:29:95:87:a0:
                    cf:9b:a7:26:09:fc:e7:86:f8:ae:92:2f:37:a0:82:
                    48:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AB:45:82:38:1C:7F:BC:80:C3:BE:C4:05:F0:DA:75:B2:43:4E:2B
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/26tFgjgcf7yAw77EBfDadbJDTis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac00:4::/47
                  2a04:ac00:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:94:d9:85:05:33:90:68:a9:6d:ec:a3:3c:f5:1f:7c:5a:f5:
         79:26:3b:71:a1:6f:52:a3:7b:3a:22:28:a6:dd:92:ce:7e:61:
         02:aa:75:71:2d:d4:a4:e2:42:fb:87:64:81:d9:01:20:72:f8:
         5c:c9:d3:25:88:bb:3d:bd:4f:f9:74:3c:53:0c:c4:ef:3a:a2:
         bb:01:a2:2c:9f:91:7a:ee:77:58:e9:c8:82:0d:3f:d1:6f:70:
         4a:b9:4f:1b:7c:ab:a1:d9:5b:72:b6:4d:93:31:28:73:5f:17:
         1c:1e:f4:97:bf:be:54:4f:3b:4d:a1:48:76:c5:c8:0f:d3:96:
         2d:20:86:f5:f3:87:0a:5a:ed:02:eb:a6:78:ea:1d:f6:4f:45:
         ce:1b:39:90:53:9d:c8:5b:0a:97:e3:9b:94:6e:b5:d9:4b:43:
         a5:3d:a5:c4:4c:21:22:61:92:34:ca:f6:90:3f:9a:ff:da:49:
         df:58:44:8e:16:d4:94:5f:53:2c:21:86:3b:10:c8:f2:be:03:
         f0:41:c4:a0:36:b6:36:12:f2:bf:04:9d:e5:89:5a:90:b1:fe:
         6b:4d:e5:13:9a:58:fd:2f:5f:81:3c:46:0e:d7:ae:5a:06:4c:
         dc:63:cb:ab:6c:33:76:36:56:bf:d4:7e:aa:81:9d:e1:c8:29:
         29:30:16:da
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlYp+sx6D8+ngaJ+qasFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFiNDU4MjM4MWM3ZmJjODBjM2JlYzQwNWYwZGE3NWIyNDM0ZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLgOUPAOSn79m5CULMOWXdnm6Gqa
x/0skd37vkLbBgDwF5vlZxrQCdUtL4AmW6v6zkE7wur26VgipL85aGRrkvC0AWDX
YasZcLvLHjHXNx719nj/9AaptemhUFR5c7jDSap/k2vsVc/kof5MPC4zI8lO2T+n
QFV7j60wl9J5tnWSFVQCH6BS68/+EY+JUHTalLxd+7wOP8WYlzp6/3eVw0C+s4S+
EifdcJVM9HQ5XNBd8PJ9RLL7FsgaFji71FsvbvBjlodd/4bCWK7eM1+AbsJKEuTm
DdKUwO26/DQRN/gM4C4XKbZHtSphcSmVh6DPm6cmCfznhviuki83oIJIwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNurRYI4HH+8gMO+xAXw2nWyQ04rMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvMjZ0RmdqZ2NmN3lBdzc3RUJmRGFkYkpEVGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgSsAAAE
AwcAKgSsAAAIMA0GCSqGSIb3DQEBCwUAA4IBAQB0lNmFBTOQaKlt7KM89R98WvV5
JjtxoW9So3s6Iiim3ZLOfmECqnVxLdSk4kL7h2SB2QEgcvhcydMliLs9vU/5dDxT
DMTvOqK7AaIsn5F67ndY6ciCDT/Rb3BKuU8bfKuh2Vtytk2TMShzXxccHvSXv75U
TztNoUh2xcgP05YtIIb184cKWu0C66Z46h32T0XOGzmQU53IWwqX45uUbrXZS0Ol
PaXETCEiYZI0yvaQP5r/2knfWESOFtSUX1MsIYY7EMjyvgPwQcSgNrY2EvK/BJ3l
iVqQsf5rTeUTmlj9L1+BPEYO165aBkzcY8urbDN2Nla/1H6qgZ3hyCkpMBba
-----END CERTIFICATE-----