Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/VwQVaP5PIxPzgzQslxsV-wlq09Y.roa
File:                     VwQVaP5PIxPzgzQslxsV-wlq09Y.roa (raw, json)
Hash identifier:          WHonlIhX4uSQGOOrCo26yMPlgaauP4nxJI/ozD4levU=
Subject key identifier:   57:04:15:68:FE:4F:23:13:F3:83:34:2C:97:1B:15:FB:09:6A:D3:D6
Certificate issuer:       /CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
Certificate serial:       01942067EA7F1222902DAC95444FEA98B2B7
Authority key identifier: E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/VwQVaP5PIxPzgzQslxsV-wlq09Y.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        2a0e:1c80:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ea:7f:12:22:90:2d:ac:95:44:4f:ea:98:b2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57041568fe4f2313f383342c971b15fb096ad3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:66:76:6f:f0:fa:cb:c9:42:e3:1f:5d:c2:0d:
                    92:ab:6c:8a:22:f2:0e:9f:3b:b0:40:e6:08:68:3e:
                    97:74:62:d7:3f:d8:f1:42:5b:43:5b:12:7e:ef:0c:
                    dc:f3:09:77:ae:24:56:9b:35:40:9c:a4:70:e6:0d:
                    b6:96:54:61:94:58:18:65:32:4d:cf:7b:61:d3:38:
                    69:88:95:74:44:15:43:59:f6:ea:0d:2c:49:4d:04:
                    77:e6:3b:d0:10:f4:83:68:e8:1f:59:fc:d1:c8:c3:
                    7c:7e:7e:7c:fa:54:8d:05:73:49:5e:ff:46:3c:66:
                    9d:38:5d:75:85:57:02:79:cb:dd:ff:f4:28:66:d2:
                    36:b5:d6:0f:7b:4b:6a:c5:1a:ee:cb:1d:75:00:77:
                    1f:6e:5c:8c:a2:55:72:0d:4e:64:68:ad:a4:9c:46:
                    f6:27:84:93:4c:8e:42:d6:54:ce:c5:73:43:07:36:
                    e5:10:6d:0f:95:94:f9:d9:3a:f5:da:48:ca:87:82:
                    f0:97:ec:d7:bf:a2:80:d7:3b:85:5c:e9:cc:ff:a6:
                    cd:0c:4b:13:89:d1:22:05:40:71:99:e5:81:9a:0e:
                    ee:69:27:57:dd:f3:3e:bc:6a:65:69:31:3c:20:93:
                    b7:99:4f:e7:c7:a3:19:a5:46:d2:a8:1b:55:c5:05:
                    a5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:04:15:68:FE:4F:23:13:F3:83:34:2C:97:1B:15:FB:09:6A:D3:D6
            X509v3 Authority Key Identifier:
                keyid:E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/VwQVaP5PIxPzgzQslxsV-wlq09Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1c80:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:3c:15:b6:71:23:5d:86:8d:42:9e:a8:c6:c8:94:e1:d3:20:
         69:6b:af:fc:ef:7a:14:4b:27:af:f1:62:63:ad:31:81:d8:67:
         96:f0:29:b5:5c:31:1f:b4:1f:41:14:b7:81:3f:47:af:f5:c7:
         d6:c1:0d:e0:d2:1a:1f:93:d6:5a:1d:67:28:7f:a6:14:bd:df:
         32:3f:b4:2a:21:7a:7d:d5:ba:2d:70:61:32:23:cb:ff:7a:64:
         be:f1:cd:5a:91:ec:45:8f:dc:69:82:5a:c0:ad:30:ec:bc:2f:
         d3:be:24:6b:43:98:47:1d:54:7d:35:fa:28:dc:8d:11:db:b5:
         20:45:16:98:73:29:7b:89:2f:7a:13:35:41:96:e4:90:58:a6:
         22:33:db:01:16:1a:c3:55:d4:cb:52:77:b9:ba:78:c6:81:a7:
         02:7f:08:f6:d4:58:7f:fe:c7:71:43:96:9d:9b:f0:b8:bf:52:
         90:b7:81:28:1f:41:da:32:18:19:4c:fe:97:25:e4:91:71:cc:
         3c:12:72:3f:d2:55:50:9f:ec:2b:f8:c2:a8:be:7d:0b:96:67:
         e2:6a:b4:07:dd:52:b4:60:c5:9f:3d:9b:05:75:0e:39:95:c0:
         41:ac:37:88:e2:d0:54:3e:7b:e2:32:7e:8b:be:f6:27:6e:cb:
         d5:43:ca:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgZ+p/EiKQLayVRE/qmLK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmYzYTcyY2FkNmY0YjNkYzMwNWI0Y2JlMzEwODcwNTFk
OTgzZjYwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzA0MTU2OGZlNGYyMzEzZjM4MzM0MmM5NzFiMTVmYjA5NmFkM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGZ2b/D6y8lC4x9dwg2Sq2yKIvIO
nzuwQOYIaD6XdGLXP9jxQltDWxJ+7wzc8wl3riRWmzVAnKRw5g22llRhlFgYZTJN
z3th0zhpiJV0RBVDWfbqDSxJTQR35jvQEPSDaOgfWfzRyMN8fn58+lSNBXNJXv9G
PGadOF11hVcCecvd//QoZtI2tdYPe0tqxRruyx11AHcfblyMolVyDU5kaK2knEb2
J4STTI5C1lTOxXNDBzblEG0PlZT52Tr12kjKh4Lwl+zXv6KA1zuFXOnM/6bNDEsT
idEiBUBxmeWBmg7uaSdX3fM+vGplaTE8IJO3mU/nx6MZpUbSqBtVxQWlbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFcEFWj+TyMT84M0LJcbFfsJatPWMB8GA1UdIwQY
MBaAFOW/OnLK1vSz3DBbTL4xCHBR2YP2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEt
MDliZTlkYjExZjY2LzEvVndRVmFQNVBJeFB6Z3pRc2x4c1Ytd2xxMDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEtMDliZTlkYjExZjY2
LzEvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cgAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQB6PBW2cSNdho1CnqjGyJTh0yBpa6/873oUSyev
8WJjrTGB2GeW8Cm1XDEftB9BFLeBP0ev9cfWwQ3g0hofk9ZaHWcof6YUvd8yP7Qq
IXp91botcGEyI8v/emS+8c1akexFj9xpglrArTDsvC/TviRrQ5hHHVR9Nfoo3I0R
27UgRRaYcyl7iS96EzVBluSQWKYiM9sBFhrDVdTLUne5unjGgacCfwj21Fh//sdx
Q5adm/C4v1KQt4EoH0HaMhgZTP6XJeSRccw8EnI/0lVQn+wr+MKovn0LlmfiarQH
3VK0YMWfPZsFdQ45lcBBrDeI4tBUPnviMn6LvvYnbsvVQ8oe
-----END CERTIFICATE-----