Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/_xhWnpO5NDJ4xzbgR7afkaYhHIA.roa
File:                     _xhWnpO5NDJ4xzbgR7afkaYhHIA.roa (raw, json)
Hash identifier:          3IzplRXWBppQlq1Nox5KU1iq7fGwC7DOzP5p1ybvYTU=
Subject key identifier:   FF:18:56:9E:93:B9:34:32:78:C7:36:E0:47:B6:9F:91:A6:21:1C:80
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       018CC94E4885B727372EC6D22C7C3A510DFD
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/_xhWnpO5NDJ4xzbgR7afkaYhHIA.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49453
IP address blocks:        2a0c:de80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:48:85:b7:27:37:2e:c6:d2:2c:7c:3a:51:0d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff18569e93b9343278c736e047b69f91a6211c80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:63:b4:13:b8:ff:a9:82:34:59:12:2f:0e:89:
                    92:ae:b5:3c:8c:86:b3:ee:7e:7f:75:c0:71:a2:3e:
                    51:4b:06:74:97:a8:d6:66:89:4f:7f:a3:74:6d:ea:
                    aa:a2:0a:6e:92:a6:87:e4:45:af:5c:6b:35:13:90:
                    3e:b0:7d:e3:56:d8:2f:83:4f:d2:92:69:1d:a9:e2:
                    5e:4b:61:de:9e:4a:77:ca:00:ba:90:29:f3:82:12:
                    72:45:af:75:4c:41:ec:15:9c:8c:a6:7f:06:52:19:
                    59:75:86:9a:f7:5d:00:a2:aa:c7:89:14:d7:f9:d9:
                    1a:64:ca:a9:fc:61:83:7a:85:d0:fe:a1:13:87:c5:
                    e5:e0:86:01:c3:df:72:a0:3f:01:a4:43:fd:4e:bb:
                    78:b8:58:19:01:5e:79:57:67:ad:e3:31:2c:da:41:
                    35:5e:e6:15:95:45:f2:db:e7:bf:fe:c8:de:1e:f5:
                    63:86:f9:a2:da:5a:c0:04:79:a9:8a:3f:32:ed:84:
                    8c:52:ce:7f:ea:d1:d6:d0:bc:01:ee:de:1e:c8:33:
                    1c:df:4b:5f:a3:67:13:b5:e6:48:e0:34:12:74:17:
                    72:93:1f:04:a6:a7:99:4a:59:16:96:01:28:12:50:
                    11:c7:5d:2d:d0:08:45:c5:09:aa:21:40:10:ab:57:
                    8f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:18:56:9E:93:B9:34:32:78:C7:36:E0:47:B6:9F:91:A6:21:1C:80
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/_xhWnpO5NDJ4xzbgR7afkaYhHIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:de80::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:a5:f6:96:bf:7e:3f:c3:10:a2:b2:05:3a:41:7c:07:39:3b:
         46:da:47:14:04:be:1c:56:1c:50:e4:50:eb:fa:18:7e:02:0b:
         e9:55:40:e8:96:82:d9:5f:70:ee:f1:03:57:f5:15:11:07:ef:
         64:62:ad:cc:b1:21:35:2a:96:39:61:0b:b0:e6:2f:22:fe:b1:
         0c:1d:6a:25:89:54:c5:8e:54:de:5e:58:a6:cc:67:43:6a:11:
         ff:75:6c:de:72:9a:7e:df:4d:f2:45:12:c4:73:76:a6:db:59:
         12:a7:ed:53:4e:d4:f9:85:30:e0:e0:48:cd:f4:f0:d2:f4:64:
         be:18:ce:42:ad:e3:64:fc:c4:aa:7f:eb:64:a8:2b:fd:82:09:
         ca:16:fd:d4:bf:85:96:b2:4d:28:76:48:aa:4e:26:0b:06:07:
         fb:42:8c:48:53:de:50:d6:e8:f4:1f:10:03:60:3d:80:e9:ac:
         7c:f3:0d:c0:a4:dc:72:d1:78:63:f5:2d:2d:2e:95:e6:8b:0a:
         54:aa:49:ef:74:4a:26:c1:85:bf:78:cf:fd:e9:9e:b1:77:64:
         22:be:16:b5:1e:7a:1c:8e:cb:24:89:c5:0c:12:34:4d:b4:9a:
         54:ed:e3:fe:84:84:75:08:df:b9:a8:6a:70:da:a5:81:b5:c6:
         b2:44:06:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTkiFtyc3LsbSLHw6UQ39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE4NTY5ZTkzYjkzNDMyNzhjNzM2ZTA0N2I2OWY5MWE2MjExYzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWO0E7j/qYI0WRIvDomSrrU8jIaz
7n5/dcBxoj5RSwZ0l6jWZolPf6N0beqqogpukqaH5EWvXGs1E5A+sH3jVtgvg0/S
kmkdqeJeS2Henkp3ygC6kCnzghJyRa91TEHsFZyMpn8GUhlZdYaa910AoqrHiRTX
+dkaZMqp/GGDeoXQ/qETh8Xl4IYBw99yoD8BpEP9Trt4uFgZAV55V2et4zEs2kE1
XuYVlUXy2+e//sjeHvVjhvmi2lrABHmpij8y7YSMUs5/6tHW0LwB7t4eyDMc30tf
o2cTteZI4DQSdBdykx8EpqeZSlkWlgEoElARx10t0AhFxQmqIUAQq1ePgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP8YVp6TuTQyeMc24Ee2n5GmIRyAMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvX3hoV25wTzVOREo0eHpiZ1I3YWZrYVloSElBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgzegAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB9pfaWv34/wxCisgU6QXwHOTtG2kcUBL4cVhxQ
5FDr+hh+AgvpVUDoloLZX3Du8QNX9RURB+9kYq3MsSE1KpY5YQuw5i8i/rEMHWol
iVTFjlTeXlimzGdDahH/dWzecpp+303yRRLEc3am21kSp+1TTtT5hTDg4EjN9PDS
9GS+GM5CreNk/MSqf+tkqCv9ggnKFv3Uv4WWsk0odkiqTiYLBgf7QoxIU95Q1uj0
HxADYD2A6ax88w3ApNxy0Xhj9S0tLpXmiwpUqknvdEomwYW/eM/96Z6xd2Qivha1
HnocjsskicUMEjRNtJpU7eP+hIR1CN+5qGpw2qWBtcayRAY2
-----END CERTIFICATE-----