Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/R28Qx2KkLFY1QAS17qRJctARIkM.roa
File:                     R28Qx2KkLFY1QAS17qRJctARIkM.roa (raw, json)
Hash identifier:          UH0yhkt8maeH2El3wpwr/1KJZ83AWDbqU4hkR2GB5nA=
Subject key identifier:   47:6F:10:C7:62:A4:2C:56:35:40:04:B5:EE:A4:49:72:D0:11:22:43
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018EC6A8763CD9353C54A5FFACF339D233DF
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/R28Qx2KkLFY1QAS17qRJctARIkM.roa
Signing time:             Wed 10 Apr 2024 06:18:32 +0000
ROA not before:           Wed 10 Apr 2024 06:18:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        2a0e:15c0:2::/48 maxlen: 48
                          2a0f:e840::/32 maxlen: 32
                          2a0f:e841::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c6:a8:76:3c:d9:35:3c:54:a5:ff:ac:f3:39:d2:33:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 10 06:18:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=476f10c762a42c56354004b5eea44972d0112243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2b:c3:1a:73:09:df:c7:24:c4:31:a9:cf:25:
                    8a:fc:26:b2:8b:ff:b4:4e:95:68:4d:ba:da:f4:9d:
                    22:15:af:0b:48:6d:46:02:a1:43:42:e7:90:37:f5:
                    a2:e9:f5:af:3b:bf:ab:b8:bb:45:78:57:43:7b:36:
                    e6:c0:55:99:13:26:0f:3d:7d:9b:e4:5e:b7:b1:0d:
                    4d:0b:a9:5a:37:1d:92:79:64:ff:ac:b0:75:f7:39:
                    71:42:ce:0d:e9:b3:3a:9b:c3:21:c6:c3:ed:15:77:
                    80:c9:de:0a:a7:55:f6:ac:fc:6d:07:61:c2:fe:e1:
                    b9:bf:b6:fc:9a:72:91:6d:b1:25:bf:1a:e9:57:a0:
                    21:7e:87:2b:f6:18:0e:6a:c1:43:e1:48:40:42:f4:
                    9d:3c:80:25:9d:5e:85:20:4a:c4:28:f4:e7:30:f5:
                    e4:0c:27:cd:2b:01:14:dc:5a:f5:00:fc:6d:c8:17:
                    5c:4c:5e:c4:9e:20:0d:d6:d6:bd:8b:b4:c4:c1:6f:
                    c9:10:40:4c:f9:15:38:f7:7e:24:d6:bf:96:76:fc:
                    0e:2b:d8:f1:13:62:93:3c:b0:87:98:d3:73:2f:5a:
                    40:a9:eb:95:ac:9a:5f:f9:3a:fb:38:56:8e:bc:81:
                    45:eb:4f:15:0e:ae:9a:7b:7b:2e:e6:2b:a9:ea:fb:
                    7c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6F:10:C7:62:A4:2C:56:35:40:04:B5:EE:A4:49:72:D0:11:22:43
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/R28Qx2KkLFY1QAS17qRJctARIkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:15c0:2::/48
                  2a0f:e840::/31

    Signature Algorithm: sha256WithRSAEncryption
         a1:0a:72:6f:34:c7:18:7c:67:5e:0e:ef:0b:26:7a:ce:bb:73:
         98:58:e0:30:f9:37:60:0f:65:26:b4:7a:59:e6:44:bd:a6:f9:
         56:65:0a:6f:73:c7:67:24:c4:9b:9e:ee:3b:29:55:59:33:c6:
         ee:3e:e7:ab:86:5b:9c:cd:b3:e0:c7:04:6d:8d:77:56:64:c0:
         6c:c5:f5:c2:f7:79:66:00:6f:8c:0f:36:db:58:10:62:de:af:
         f4:e8:b4:f3:f6:39:87:da:0f:f7:30:fa:ba:d8:d7:0b:53:d9:
         c0:ae:91:17:8b:08:11:1d:d3:e2:3f:7e:44:12:c5:39:c5:8e:
         13:ec:4b:8e:ae:c1:47:8e:e0:0f:c4:9d:5a:b4:a1:3d:92:39:
         d8:2e:e4:72:0a:2b:19:3a:88:f5:49:b8:20:21:8a:ca:48:56:
         b9:9b:0f:fb:b6:7f:41:47:50:1c:e9:aa:3d:fe:8f:5a:9a:e8:
         67:78:d0:fe:0a:42:09:46:04:19:1d:55:46:ac:e5:ae:ea:9e:
         81:2a:8c:e4:d5:c3:0d:08:38:e5:75:e0:f8:33:85:dd:b2:90:
         4e:72:77:4c:a0:41:5b:1c:81:64:09:4e:78:ab:fc:87:5b:cd:
         cc:e2:b3:92:03:4b:50:fa:f6:3e:d4:c1:9f:a0:50:31:70:85:
         03:a3:8c:86
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY7GqHY82TU8VKX/rPM50jPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNDEwMDYxODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZmMTBjNzYyYTQyYzU2MzU0MDA0YjVlZWE0NDk3MmQwMTEyMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCvDGnMJ38ckxDGpzyWK/Cayi/+0
TpVoTbra9J0iFa8LSG1GAqFDQueQN/Wi6fWvO7+ruLtFeFdDezbmwFWZEyYPPX2b
5F63sQ1NC6laNx2SeWT/rLB19zlxQs4N6bM6m8MhxsPtFXeAyd4Kp1X2rPxtB2HC
/uG5v7b8mnKRbbElvxrpV6Ahfocr9hgOasFD4UhAQvSdPIAlnV6FIErEKPTnMPXk
DCfNKwEU3Fr1APxtyBdcTF7EniAN1ta9i7TEwW/JEEBM+RU4934k1r+WdvwOK9jx
E2KTPLCHmNNzL1pAqeuVrJpf+Tr7OFaOvIFF608VDq6ae3su5iup6vt8PQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFEdvEMdipCxWNUAEte6kSXLQESJDMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUjI4UXgyS2tMRlkxUUFTMTdxUkpjdEFSSWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAKg4VwAAC
AwUBKg/oQDANBgkqhkiG9w0BAQsFAAOCAQEAoQpybzTHGHxnXg7vCyZ6zrtzmFjg
MPk3YA9lJrR6WeZEvab5VmUKb3PHZyTEm57uOylVWTPG7j7nq4ZbnM2z4McEbY13
VmTAbMX1wvd5ZgBvjA8221gQYt6v9Oi08/Y5h9oP9zD6utjXC1PZwK6RF4sIER3T
4j9+RBLFOcWOE+xLjq7BR47gD8SdWrShPZI52C7kcgorGTqI9Um4ICGKykhWuZsP
+7Z/QUdQHOmqPf6PWproZ3jQ/gpCCUYEGR1VRqzlruqegSqM5NXDDQg45XXg+DOF
3bKQTnJ3TKBBWxyBZAlOeKv8h1vNzOKzkgNLUPr2PtTBn6BQMXCFA6OMhg==
-----END CERTIFICATE-----