Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/0RZPruEGTKhoR1hKNPIRExdYXzg.roa
File:                     0RZPruEGTKhoR1hKNPIRExdYXzg.roa (raw, json)
Hash identifier:          Ylgp4cjK+Zluy/09si0hlIXpapeYNCr3ajFNEzNms3k=
Subject key identifier:   D1:16:4F:AE:E1:06:4C:A8:68:47:58:4A:34:F2:11:13:17:58:5F:38
Certificate issuer:       /CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
Certificate serial:       01942067EE00C89B79B8E626FE9F05F33ED5
Authority key identifier: E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/0RZPruEGTKhoR1hKNPIRExdYXzg.roa
Signing time:             Wed 01 Jan 2025 05:47:49 +0000
ROA not before:           Wed 01 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40028
IP address blocks:        2a0e:1c80:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ee:00:c8:9b:79:b8:e6:26:fe:9f:05:f3:3e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
        Validity
            Not Before: Jan  1 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1164faee1064ca86847584a34f2111317585f38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b3:b8:22:2c:13:15:88:3b:2a:5a:e5:f7:0c:
                    bb:6f:83:c9:32:6c:5f:b5:5a:79:4a:d6:04:0d:24:
                    7f:00:b3:3c:17:4b:86:b1:7c:32:22:76:9d:f1:4a:
                    6c:09:42:66:f5:09:e2:ab:67:28:af:dd:98:1c:7c:
                    d1:f4:fb:75:3e:9a:ea:83:2e:2c:7b:df:49:26:1f:
                    26:fe:f4:7f:97:e2:a2:38:b5:22:bb:27:08:c3:05:
                    16:0d:47:e1:3f:c2:5e:85:b2:bb:9f:c1:e7:c7:0a:
                    01:7a:c5:51:c8:69:ba:bf:2f:0c:0a:ef:bf:ed:6f:
                    d0:b5:b7:31:72:d4:75:ce:c1:1d:ae:3c:1c:eb:05:
                    c1:62:ec:75:5b:aa:f6:b0:fb:c2:9f:7b:a5:7d:68:
                    44:7d:58:a0:3f:83:78:0e:9c:92:eb:a5:a9:d6:dd:
                    17:cd:66:ea:a7:57:2e:d1:4d:7e:6e:f8:d7:0d:d1:
                    58:05:09:63:7f:9a:f5:0d:61:ea:b8:ad:df:20:19:
                    de:d8:e9:7c:0b:59:85:cb:de:66:88:9c:77:7f:c1:
                    62:db:8f:bc:8c:54:67:e3:6a:b6:d8:6b:75:b4:30:
                    0d:f0:96:33:a2:e9:e8:b9:4e:04:af:76:c4:61:ff:
                    91:88:e5:b4:66:80:39:37:92:c4:b7:1f:09:d0:47:
                    c6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:16:4F:AE:E1:06:4C:A8:68:47:58:4A:34:F2:11:13:17:58:5F:38
            X509v3 Authority Key Identifier:
                keyid:E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/0RZPruEGTKhoR1hKNPIRExdYXzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1c80:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:24:20:12:0c:bb:d1:52:d9:60:5c:7d:49:6b:80:ef:a6:b5:
         08:bf:41:19:30:fc:72:b5:2a:e0:c7:84:76:64:7f:95:e8:7b:
         a6:75:34:e3:3a:9b:27:25:b8:fa:8e:2a:e9:df:64:a2:31:4a:
         b3:9d:b9:ce:68:80:aa:cf:c9:c2:a1:85:d2:33:65:1f:d9:ec:
         e5:b3:0a:58:d3:f2:b4:35:00:9e:11:ca:29:da:0b:b2:99:20:
         8a:62:d5:84:50:d9:6d:85:a4:e5:7a:c0:f6:95:cd:33:39:3b:
         04:cd:f7:53:0d:98:bb:18:00:f3:d5:c2:8c:77:67:1e:af:9d:
         55:6f:b4:0b:7b:91:98:9a:ca:07:54:8b:ef:dc:c6:4e:ce:49:
         6a:84:3f:68:0e:b8:99:ca:fd:23:83:8a:d5:d7:96:b3:ee:20:
         5a:8c:33:f2:59:77:be:02:32:7e:43:29:59:de:ee:30:31:0e:
         07:97:78:f0:d3:b7:bf:e6:c3:cf:b4:d0:6c:a5:83:cb:7f:56:
         25:83:02:d1:01:b7:06:21:6a:1f:a3:38:e5:a7:d1:e4:91:e0:
         f4:c8:08:c9:88:ef:a2:d1:f1:15:f6:aa:46:90:e4:68:9e:68:
         40:04:70:b7:fc:1a:64:8b:49:bb:76:46:c4:d2:8a:25:c9:c8:
         73:97:07:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ+4AyJt5uOYm/p8F8z7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmYzYTcyY2FkNmY0YjNkYzMwNWI0Y2JlMzEwODcwNTFk
OTgzZjYwHhcNMjUwMTAxMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTE2NGZhZWUxMDY0Y2E4Njg0NzU4NGEzNGYyMTExMzE3NTg1ZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7O4IiwTFYg7Klrl9wy7b4PJMmxf
tVp5StYEDSR/ALM8F0uGsXwyInad8UpsCUJm9Qniq2cor92YHHzR9Pt1Pprqgy4s
e99JJh8m/vR/l+KiOLUiuycIwwUWDUfhP8JehbK7n8HnxwoBesVRyGm6vy8MCu+/
7W/QtbcxctR1zsEdrjwc6wXBYux1W6r2sPvCn3ulfWhEfVigP4N4DpyS66Wp1t0X
zWbqp1cu0U1+bvjXDdFYBQljf5r1DWHquK3fIBne2Ol8C1mFy95miJx3f8Fi24+8
jFRn42q22Gt1tDAN8JYzounouU4Er3bEYf+RiOW0ZoA5N5LEtx8J0EfG4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNEWT67hBkyoaEdYSjTyERMXWF84MB8GA1UdIwQY
MBaAFOW/OnLK1vSz3DBbTL4xCHBR2YP2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEt
MDliZTlkYjExZjY2LzEvMFJaUHJ1RUdUS2hvUjFoS05QSVJFeGRZWHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEtMDliZTlkYjExZjY2
LzEvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cgAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQBYJCASDLvRUtlgXH1Ja4DvprUIv0EZMPxytSrg
x4R2ZH+V6HumdTTjOpsnJbj6jirp32SiMUqznbnOaICqz8nCoYXSM2Uf2ezlswpY
0/K0NQCeEcop2guymSCKYtWEUNlthaTlesD2lc0zOTsEzfdTDZi7GADz1cKMd2ce
r51Vb7QLe5GYmsoHVIvv3MZOzklqhD9oDriZyv0jg4rV15az7iBajDPyWXe+AjJ+
QylZ3u4wMQ4Hl3jw07e/5sPPtNBspYPLf1YlgwLRAbcGIWofozjlp9HkkeD0yAjJ
iO+i0fEV9qpGkORonmhABHC3/Bpki0m7dkbE0oolychzlwc/
-----END CERTIFICATE-----