Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/w5hgrbfRcQQz3IUStwh-k3lisXE.roa
File:                     w5hgrbfRcQQz3IUStwh-k3lisXE.roa (raw, json)
Hash identifier:          bM3OQwZWiQqGAPnuZ/9GbriAMwSFyGUm+6IDsB2iooc=
Subject key identifier:   C3:98:60:AD:B7:D1:71:04:33:DC:85:12:B7:08:7E:93:79:62:B1:71
Certificate issuer:       /CN=a6ed442b91d4e83a6de39fb67971a1e79c6b1ed5
Certificate serial:       018F1965CD997F57B9958BAB8249304630B0
Authority key identifier: A6:ED:44:2B:91:D4:E8:3A:6D:E3:9F:B6:79:71:A1:E7:9C:6B:1E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pu1EK5HU6Dpt45-2eXGh55xrHtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/w5hgrbfRcQQz3IUStwh-k3lisXE.roa
Signing time:             Fri 26 Apr 2024 07:54:13 +0000
ROA not before:           Fri 26 Apr 2024 07:54:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48753
IP address blocks:        2a0f:5f44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/pu1EK5HU6Dpt45-2eXGh55xrHtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/pu1EK5HU6Dpt45-2eXGh55xrHtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pu1EK5HU6Dpt45-2eXGh55xrHtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:65:cd:99:7f:57:b9:95:8b:ab:82:49:30:46:30:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6ed442b91d4e83a6de39fb67971a1e79c6b1ed5
        Validity
            Not Before: Apr 26 07:54:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c39860adb7d1710433dc8512b7087e937962b171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:70:5c:d6:a0:7d:76:ab:bd:b4:ea:9f:35:36:
                    3f:4a:35:1a:05:4c:5a:35:41:39:99:b5:89:b8:be:
                    ae:50:51:7c:1e:5e:35:45:2f:96:b4:23:39:85:bf:
                    95:65:81:86:17:d5:d0:79:06:8b:16:5f:7a:32:9c:
                    71:90:e7:20:76:23:42:54:bc:24:f4:91:15:65:3f:
                    a6:3e:55:bf:d2:63:32:32:31:c1:1a:9b:d0:a7:49:
                    b5:ac:d6:9f:6e:17:ae:c9:d9:ed:89:f0:74:31:f0:
                    53:16:25:6c:c0:06:0d:03:da:f3:e7:87:7e:03:28:
                    2d:1c:00:79:41:c2:4a:a7:2d:3f:ae:e5:3a:b6:46:
                    7c:2a:f1:3e:18:cf:44:a0:1c:cd:56:25:18:cc:e8:
                    25:ba:7f:2f:20:85:20:85:60:ac:7d:77:5a:32:61:
                    59:cf:39:26:82:75:28:03:e9:ef:41:83:13:bb:0b:
                    0d:a5:89:8b:76:cc:6a:89:05:49:32:82:47:d0:4d:
                    ae:59:5b:a8:23:d8:d9:2a:79:5b:91:fd:05:1b:c4:
                    e2:26:0a:49:43:94:8c:3c:c1:6f:52:52:63:4b:89:
                    9b:b1:42:3d:3e:6a:cc:c6:d9:90:44:97:73:4b:b3:
                    07:7f:72:74:37:00:29:69:28:98:6f:3d:6a:d4:85:
                    d2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:98:60:AD:B7:D1:71:04:33:DC:85:12:B7:08:7E:93:79:62:B1:71
            X509v3 Authority Key Identifier:
                keyid:A6:ED:44:2B:91:D4:E8:3A:6D:E3:9F:B6:79:71:A1:E7:9C:6B:1E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pu1EK5HU6Dpt45-2eXGh55xrHtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/w5hgrbfRcQQz3IUStwh-k3lisXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/pu1EK5HU6Dpt45-2eXGh55xrHtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5f44::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:4e:ad:d8:5e:90:bf:41:30:9a:1c:f2:79:05:ac:9f:dd:be:
         0b:c7:1f:90:86:41:d6:38:79:05:ad:90:22:21:51:a2:bf:6d:
         4a:a0:4e:14:92:35:4f:b7:e1:50:02:72:79:28:8a:0a:03:a4:
         b1:21:ec:35:43:32:23:3d:e3:3d:09:a3:15:dc:b3:58:87:a4:
         c3:1d:a8:b2:b6:83:ac:c1:91:d8:d9:c8:fd:40:32:47:8e:81:
         c6:bd:4a:11:cf:f6:1c:e3:64:89:cd:26:e7:dc:dd:e2:42:d7:
         f6:c8:a2:7c:36:4e:f8:71:20:a0:42:c8:e1:4d:91:f7:86:d7:
         62:55:49:ce:5a:38:fb:e4:b7:0c:02:21:7c:c3:b3:c4:67:93:
         40:35:83:4f:bd:ca:90:5e:5f:5c:82:0a:bb:b2:0b:e8:72:c9:
         0b:1d:ab:cf:5f:41:8a:41:9f:64:b1:2a:ec:93:b6:0b:be:bf:
         18:4b:6a:ce:24:a0:3c:69:e3:14:42:40:e9:72:72:14:7d:42:
         65:f8:05:f8:5e:3c:97:a1:c3:9a:da:cd:3c:9a:ba:5d:ce:ce:
         24:3c:9c:6d:5c:83:e7:79:c0:58:4a:cd:fb:a6:ba:a4:db:eb:
         6d:47:2d:f2:bf:74:31:15:85:85:0d:5e:fb:02:ac:8a:6a:ec:
         f7:59:a7:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8ZZc2Zf1e5lYurgkkwRjCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2ZWQ0NDJiOTFkNGU4M2E2ZGUzOWZiNjc5NzFhMWU3OWM2
YjFlZDUwHhcNMjQwNDI2MDc1NDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzk4NjBhZGI3ZDE3MTA0MzNkYzg1MTJiNzA4N2U5Mzc5NjJiMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13Bc1qB9dqu9tOqfNTY/SjUaBUxa
NUE5mbWJuL6uUFF8Hl41RS+WtCM5hb+VZYGGF9XQeQaLFl96MpxxkOcgdiNCVLwk
9JEVZT+mPlW/0mMyMjHBGpvQp0m1rNafbheuydntifB0MfBTFiVswAYNA9rz54d+
AygtHAB5QcJKpy0/ruU6tkZ8KvE+GM9EoBzNViUYzOglun8vIIUghWCsfXdaMmFZ
zzkmgnUoA+nvQYMTuwsNpYmLdsxqiQVJMoJH0E2uWVuoI9jZKnlbkf0FG8TiJgpJ
Q5SMPMFvUlJjS4mbsUI9PmrMxtmQRJdzS7MHf3J0NwApaSiYbz1q1IXSMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMOYYK230XEEM9yFErcIfpN5YrFxMB8GA1UdIwQY
MBaAFKbtRCuR1Og6beOftnlxoeecax7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHUxRUs1SFU2RHB0NDUtMmVYR2g1NXhySHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS81NTNkYzYtMTJkMC00ZDRhLWEyOTQt
OTdjNWQ1OWIwYmJmLzEvdzVoZ3JiZlJjUVF6M0lVU3R3aC1rM2xpc1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS81NTNkYzYtMTJkMC00ZDRhLWEyOTQtOTdjNWQ1OWIwYmJm
LzEvcHUxRUs1SFU2RHB0NDUtMmVYR2g1NXhySHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9fRAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBoTq3YXpC/QTCaHPJ5Bayf3b4Lxx+QhkHWOHkF
rZAiIVGiv21KoE4UkjVPt+FQAnJ5KIoKA6SxIew1QzIjPeM9CaMV3LNYh6TDHaiy
toOswZHY2cj9QDJHjoHGvUoRz/Yc42SJzSbn3N3iQtf2yKJ8Nk74cSCgQsjhTZH3
htdiVUnOWjj75LcMAiF8w7PEZ5NANYNPvcqQXl9cggq7sgvocskLHavPX0GKQZ9k
sSrsk7YLvr8YS2rOJKA8aeMUQkDpcnIUfUJl+AX4XjyXocOa2s08mrpdzs4kPJxt
XIPnecBYSs37prqk2+ttRy3yv3QxFYWFDV77AqyKauz3Wac8
-----END CERTIFICATE-----