Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/jAcrNe6TSKKWSbYErzudPjSLidk.roa
File:                     jAcrNe6TSKKWSbYErzudPjSLidk.roa (raw, json)
Hash identifier:          BFeWQ1A29nhMiT+MIUTNsBkuuTBMHL8zS8AmTUXTXdw=
Subject key identifier:   8C:07:2B:35:EE:93:48:A2:96:49:B6:04:AF:3B:9D:3E:34:8B:89:D9
Certificate issuer:       /CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
Certificate serial:       018CCA287D93556DC924883932FAA615D566
Authority key identifier: E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/jAcrNe6TSKKWSbYErzudPjSLidk.roa
Signing time:             Tue 02 Jan 2024 12:31:40 +0000
ROA not before:           Tue 02 Jan 2024 12:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40028
IP address blocks:        2a0e:1c80:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:7d:93:55:6d:c9:24:88:39:32:fa:a6:15:d5:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
        Validity
            Not Before: Jan  2 12:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c072b35ee9348a29649b604af3b9d3e348b89d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b9:d4:b1:7c:70:09:b3:2b:9d:cc:ad:49:9d:
                    4d:39:bf:f9:c7:90:50:6f:4b:67:87:51:2c:55:36:
                    3d:3a:b8:27:f2:69:9e:c5:97:52:4a:a4:4f:69:f5:
                    05:a7:25:96:2b:19:85:3a:0c:04:01:60:31:6b:04:
                    a9:ab:78:06:1d:65:b0:dd:fb:6e:1d:3f:05:25:10:
                    83:03:f7:d9:f7:96:f1:a7:44:6f:d0:eb:0a:d0:0d:
                    f7:b2:da:53:25:9a:f1:d0:aa:a8:01:a5:04:fb:78:
                    d6:b3:2e:36:5c:7e:2a:ca:57:9d:ae:2f:31:21:5a:
                    e1:5d:1f:59:e4:c0:41:7a:51:a4:a0:80:92:57:02:
                    da:0e:b1:15:cc:a0:2d:b5:76:16:0a:84:b9:cf:a9:
                    0c:ea:5d:73:e7:7c:a5:1f:26:ab:9c:c1:cc:69:fe:
                    bc:29:86:e9:51:29:d6:98:f8:9e:41:25:56:c3:7e:
                    58:71:51:bd:74:12:e0:e4:be:f3:62:97:2c:86:50:
                    8d:b1:20:12:e9:81:92:95:6e:a3:ac:c5:4f:e6:77:
                    78:61:e7:29:43:79:5b:c6:c1:ba:c9:77:c4:ae:fd:
                    4c:cb:83:08:e5:7f:bf:2d:48:68:09:71:a1:da:ec:
                    1e:73:e3:c9:d3:d2:ac:20:e1:b7:5b:ac:b4:4c:39:
                    38:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:07:2B:35:EE:93:48:A2:96:49:B6:04:AF:3B:9D:3E:34:8B:89:D9
            X509v3 Authority Key Identifier:
                keyid:E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/jAcrNe6TSKKWSbYErzudPjSLidk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1c80:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:75:0a:e5:24:4d:84:41:fc:22:42:c2:cf:16:5d:68:01:79:
         33:ab:2a:0f:e4:1f:47:9d:26:33:5b:88:81:44:f0:9b:20:3c:
         bd:e2:76:5f:ce:e3:61:b3:fb:e0:ab:14:f3:91:7a:36:09:3f:
         af:dd:4a:29:9f:1f:39:53:6e:4a:40:59:9e:18:0a:05:00:46:
         a9:cf:14:36:18:40:e5:1a:cc:b4:9b:b1:53:60:89:fa:ab:61:
         b0:bb:81:08:0e:56:69:68:9d:36:ce:4a:e7:b7:df:ee:2f:b8:
         11:de:cb:23:b5:1a:ca:fa:9e:73:03:8c:49:90:ae:c9:a8:b0:
         5b:9e:9a:90:c5:8f:36:79:28:25:e5:3b:1e:6f:3e:3e:13:29:
         3a:2f:eb:d5:f9:ec:db:a9:84:99:14:4c:0f:34:bd:88:af:38:
         d2:64:c6:eb:38:a5:4e:e8:5a:83:32:77:c0:b3:0e:8e:cb:08:
         53:77:0f:7a:a7:06:c5:99:74:de:c7:e6:08:68:f8:05:db:2f:
         43:19:ab:3e:02:b9:c3:c9:08:a0:5c:d8:d1:6f:f7:f1:36:da:
         14:78:0a:4c:d5:dd:02:f8:8c:d1:6f:e5:28:43:99:3d:35:41:
         da:5a:15:a9:ed:c4:b5:2f:6c:1d:71:e5:20:ad:e0:86:8c:e0:
         8b:ea:77:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKH2TVW3JJIg5MvqmFdVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmYzYTcyY2FkNmY0YjNkYzMwNWI0Y2JlMzEwODcwNTFk
OTgzZjYwHhcNMjQwMTAyMTIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA3MmIzNWVlOTM0OGEyOTY0OWI2MDRhZjNiOWQzZTM0OGI4OWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLnUsXxwCbMrncytSZ1NOb/5x5BQ
b0tnh1EsVTY9Orgn8mmexZdSSqRPafUFpyWWKxmFOgwEAWAxawSpq3gGHWWw3ftu
HT8FJRCDA/fZ95bxp0Rv0OsK0A33stpTJZrx0KqoAaUE+3jWsy42XH4qyledri8x
IVrhXR9Z5MBBelGkoICSVwLaDrEVzKAttXYWCoS5z6kM6l1z53ylHyarnMHMaf68
KYbpUSnWmPieQSVWw35YcVG9dBLg5L7zYpcshlCNsSAS6YGSlW6jrMVP5nd4Yecp
Q3lbxsG6yXfErv1My4MI5X+/LUhoCXGh2uwec+PJ09KsIOG3W6y0TDk4gwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIwHKzXuk0iilkm2BK87nT40i4nZMB8GA1UdIwQY
MBaAFOW/OnLK1vSz3DBbTL4xCHBR2YP2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEt
MDliZTlkYjExZjY2LzEvakFjck5lNlRTS0tXU2JZRXJ6dWRQalNMaWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEtMDliZTlkYjExZjY2
LzEvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cgAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQBadQrlJE2EQfwiQsLPFl1oAXkzqyoP5B9HnSYz
W4iBRPCbIDy94nZfzuNhs/vgqxTzkXo2CT+v3Uopnx85U25KQFmeGAoFAEapzxQ2
GEDlGsy0m7FTYIn6q2Gwu4EIDlZpaJ02zkrnt9/uL7gR3ssjtRrK+p5zA4xJkK7J
qLBbnpqQxY82eSgl5Tsebz4+Eyk6L+vV+ezbqYSZFEwPNL2IrzjSZMbrOKVO6FqD
MnfAsw6OywhTdw96pwbFmXTex+YIaPgF2y9DGas+ArnDyQigXNjRb/fxNtoUeApM
1d0C+IzRb+UoQ5k9NUHaWhWp7cS1L2wdceUgreCGjOCL6neb
-----END CERTIFICATE-----