Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/kaSKcPFNUqqDOrX75mE5-XkHbZM.roa
File:                     kaSKcPFNUqqDOrX75mE5-XkHbZM.roa (raw, json)
Hash identifier:          bx4I8wXCbYCvfXc05mPMnc6iVw21zzuU7zkimJawXLU=
Subject key identifier:   91:A4:8A:70:F1:4D:52:AA:83:3A:B5:FB:E6:61:39:F9:79:07:6D:93
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA69FEFFAF11C79DBA168604B7D91
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/kaSKcPFNUqqDOrX75mE5-XkHbZM.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202436
IP address blocks:        2a0e:d601:7220::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a6:9f:ef:fa:f1:1c:79:db:a1:68:60:4b:7d:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91a48a70f14d52aa833ab5fbe66139f979076d93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:85:a7:bc:85:a7:5a:d5:ae:06:81:f1:51:2b:
                    2c:ae:0d:9c:6e:20:03:3e:c0:b9:a4:84:22:27:34:
                    30:0f:66:7b:68:f3:7c:a4:5e:a9:27:85:22:9c:36:
                    66:ca:8a:f2:14:12:a0:c0:37:96:51:6c:40:89:6e:
                    f3:c3:49:ba:fc:18:18:34:74:df:3e:5e:01:53:99:
                    49:2b:ac:5d:36:3f:71:18:ee:06:60:a4:74:3f:86:
                    c3:a7:2e:37:85:06:72:7d:c5:c2:4c:f5:3c:64:0c:
                    fb:b6:f6:af:c6:e7:ae:47:38:25:a2:57:57:92:d8:
                    69:a4:2a:37:26:76:ac:a8:4b:a0:4b:6d:f0:e7:79:
                    66:ae:bf:ff:80:d3:74:a4:bf:90:56:e9:99:0d:7c:
                    31:d1:b6:0c:ba:6b:5a:e4:e7:ec:1d:fd:33:f5:19:
                    4f:f9:b6:02:88:cc:e7:b9:bf:e7:7b:b8:d0:56:7e:
                    73:e7:c4:38:6a:aa:4d:71:70:a8:6c:32:00:8f:2f:
                    4c:01:bd:20:e4:e7:10:25:46:49:af:de:a9:de:9a:
                    d7:c3:44:8b:1b:33:ee:41:98:9a:a7:10:f7:f0:40:
                    fc:96:96:91:d0:2e:e5:8e:cc:d9:3d:d3:63:cc:00:
                    ec:39:35:72:19:bb:71:ce:4f:53:a9:5f:ca:c8:c7:
                    42:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A4:8A:70:F1:4D:52:AA:83:3A:B5:FB:E6:61:39:F9:79:07:6D:93
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/kaSKcPFNUqqDOrX75mE5-XkHbZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d601:7220::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:e5:50:65:c9:f5:7c:01:54:39:ad:a6:30:54:dc:7f:2a:2f:
         f8:75:24:13:77:4f:db:21:ac:26:e0:ce:fd:41:84:31:8d:11:
         b5:04:5a:46:ca:7d:27:cf:83:10:65:93:78:54:4c:2c:e5:1c:
         cf:03:e8:b8:8f:17:a9:90:4e:8d:f1:7a:af:b5:5a:a8:32:be:
         03:ac:2b:53:1e:17:a5:a0:e0:84:f1:05:d8:03:6e:3c:b2:5f:
         3f:c2:33:cf:56:22:48:33:f9:ee:0b:45:98:a8:69:df:21:1e:
         06:d3:cf:0f:7c:97:bf:64:1f:95:88:c3:db:6e:0e:cc:fa:cf:
         f7:50:b7:65:11:96:85:ca:2a:91:ca:de:fb:9e:16:62:51:7b:
         89:e0:fa:f4:03:11:d3:3b:cf:b2:8a:d8:3a:59:d7:91:f8:18:
         0e:5f:ec:c8:74:b2:0d:4d:6c:c3:8b:1e:42:29:7e:f3:4d:46:
         c8:74:a1:12:db:1b:83:95:eb:f2:76:b7:f5:93:e7:0e:a4:f9:
         6b:0a:15:e6:d8:6f:a0:d1:c0:03:0f:b8:bf:98:08:dc:db:3f:
         3a:93:6c:dc:03:02:f2:80:e6:d6:c3:9e:0f:f8:33:60:7b:93:
         2a:1a:9e:a0:f9:ae:43:d9:8e:11:e2:aa:08:da:ea:63:05:33:
         33:bf:c7:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI36af7/rxHHnboWhgS32RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWE0OGE3MGYxNGQ1MmFhODMzYWI1ZmJlNjYxMzlmOTc5MDc2ZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIWnvIWnWtWuBoHxUSssrg2cbiAD
PsC5pIQiJzQwD2Z7aPN8pF6pJ4UinDZmyoryFBKgwDeWUWxAiW7zw0m6/BgYNHTf
Pl4BU5lJK6xdNj9xGO4GYKR0P4bDpy43hQZyfcXCTPU8ZAz7tvavxueuRzgloldX
kthppCo3JnasqEugS23w53lmrr//gNN0pL+QVumZDXwx0bYMumta5OfsHf0z9RlP
+bYCiMznub/ne7jQVn5z58Q4aqpNcXCobDIAjy9MAb0g5OcQJUZJr96p3prXw0SL
GzPuQZiapxD38ED8lpaR0C7ljszZPdNjzADsOTVyGbtxzk9TqV/KyMdCSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJGkinDxTVKqgzq1++ZhOfl5B22TMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEva2FTS2NQRk5VcXFET3JYNzVtRTUtWGtIYlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7WAXIg
MA0GCSqGSIb3DQEBCwUAA4IBAQCY5VBlyfV8AVQ5raYwVNx/Ki/4dSQTd0/bIawm
4M79QYQxjRG1BFpGyn0nz4MQZZN4VEws5RzPA+i4jxepkE6N8XqvtVqoMr4DrCtT
HheloOCE8QXYA248sl8/wjPPViJIM/nuC0WYqGnfIR4G088PfJe/ZB+ViMPbbg7M
+s/3ULdlEZaFyiqRyt77nhZiUXuJ4Pr0AxHTO8+yitg6WdeR+BgOX+zIdLINTWzD
ix5CKX7zTUbIdKES2xuDlevydrf1k+cOpPlrChXm2G+g0cADD7i/mAjc2z86k2zc
AwLygObWw54P+DNge5MqGp6g+a5D2Y4R4qoI2upjBTMzv8dm
-----END CERTIFICATE-----