Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/2mQysxKH87sZtwBRWXJiZmAjFL4.roa
File:                     2mQysxKH87sZtwBRWXJiZmAjFL4.roa (raw, json)
Hash identifier:          hI1xjMn0hzsP7nyV1D0UWVC61s/IdoIrhW6bLGNj8oc=
Subject key identifier:   DA:64:32:B3:12:87:F3:BB:19:B7:00:51:59:72:62:66:60:23:14:BE
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F686E4511D937180D53BA508FA1F
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/2mQysxKH87sZtwBRWXJiZmAjFL4.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8672
IP address blocks:        2001:648:2c10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f6:86:e4:51:1d:93:71:80:d5:3b:a5:08:fa:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da6432b31287f3bb19b7005159726266602314be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1e:25:dd:71:4c:22:bc:2e:83:32:ac:dd:15:
                    e0:0d:7a:6e:c6:a6:99:e0:d3:67:55:93:71:d8:a5:
                    c2:a7:d8:da:8f:f2:d5:ff:0a:24:6c:fb:e7:82:54:
                    c1:89:15:dd:ec:8a:7e:c4:0b:2e:03:e7:a8:62:f5:
                    13:86:a8:e5:48:fc:e4:98:b6:9f:bc:f2:b8:4c:84:
                    04:be:5d:78:3d:81:9c:ce:16:65:ab:d6:a6:e3:ed:
                    ae:56:40:b1:d6:09:46:59:ca:df:3f:3d:93:98:33:
                    6a:4d:5e:3c:9e:75:ce:c0:99:b3:61:96:fd:ea:de:
                    0d:94:e5:12:cf:b2:0d:5b:18:e7:1f:0a:80:4b:c6:
                    1c:f4:34:a4:6c:0b:d2:94:3a:d8:f3:1b:08:dc:6c:
                    fa:ea:2e:c2:1d:08:69:7c:e3:e4:67:6c:96:1a:11:
                    21:dd:66:8f:db:75:01:c2:02:db:c3:61:88:8b:1e:
                    78:63:9e:cb:89:23:a6:1a:8c:5d:cb:b0:b4:09:bd:
                    8f:63:48:84:d0:6c:ac:6b:79:98:71:96:23:e2:2c:
                    f7:e9:1c:99:0f:0f:5a:87:3c:f4:9a:1b:dd:b4:0d:
                    c9:f1:08:1c:8a:9a:4c:04:4c:fb:70:92:83:8c:cd:
                    fb:a2:ab:6b:df:ec:27:8d:05:36:6c:a3:ca:d8:33:
                    2d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:64:32:B3:12:87:F3:BB:19:B7:00:51:59:72:62:66:60:23:14:BE
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/2mQysxKH87sZtwBRWXJiZmAjFL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:648:2c10::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:bd:3f:59:2f:06:eb:8e:d1:9a:91:13:64:bc:1b:5e:a1:ac:
         8d:d2:ee:7e:80:c7:b7:80:0f:7a:f0:90:fa:1b:a8:04:0e:f5:
         3d:b1:45:db:58:a0:51:34:cc:63:3b:d7:9f:03:7d:af:5e:cf:
         f6:2e:9c:f8:1d:41:1c:4a:c7:3e:9f:b1:f1:5d:55:54:46:af:
         89:ea:92:7f:82:44:b5:d9:e4:07:ef:57:0e:ce:1d:5d:43:33:
         bc:69:4f:ac:49:b7:d2:27:10:d7:2d:20:93:0c:94:86:e5:c3:
         2e:fd:c7:17:b1:3d:3c:13:23:5d:f0:d8:91:8e:ae:a5:e4:81:
         ab:95:83:fe:f9:62:14:bd:5e:64:92:23:43:74:44:cb:f3:13:
         8a:be:06:a9:4b:90:7b:89:6e:e9:4d:f6:f1:e1:bc:13:53:42:
         e0:d2:18:35:5d:bb:37:f3:76:ff:18:09:ba:d6:b9:4f:6e:35:
         3d:c9:45:68:c9:83:1a:6c:93:d5:46:5f:cd:20:21:69:5b:09:
         62:68:f3:d5:86:9b:fa:bd:27:de:7a:db:10:d3:1a:f4:08:32:
         b3:83:3a:6d:30:4b:a3:5f:13:aa:ec:42:fa:3f:e0:76:5e:0e:
         84:2d:53:4a:a9:55:57:d8:be:d2:28:85:58:3b:6b:e3:f0:c3:
         44:cc:8e:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSPaG5FEdk3GA1TulCPofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTY0MzJiMzEyODdmM2JiMTliNzAwNTE1OTcyNjI2NjYwMjMxNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh4l3XFMIrwugzKs3RXgDXpuxqaZ
4NNnVZNx2KXCp9jaj/LV/wokbPvnglTBiRXd7Ip+xAsuA+eoYvUThqjlSPzkmLaf
vPK4TIQEvl14PYGczhZlq9am4+2uVkCx1glGWcrfPz2TmDNqTV48nnXOwJmzYZb9
6t4NlOUSz7INWxjnHwqAS8Yc9DSkbAvSlDrY8xsI3Gz66i7CHQhpfOPkZ2yWGhEh
3WaP23UBwgLbw2GIix54Y57LiSOmGoxdy7C0Cb2PY0iE0Gysa3mYcZYj4iz36RyZ
Dw9ahzz0mhvdtA3J8QgcippMBEz7cJKDjM37oqtr3+wnjQU2bKPK2DMtUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNpkMrMSh/O7GbcAUVlyYmZgIxS+MB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvMm1ReXN4S0g4N3NadHdCUldYSmlabUFqRkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGSCwQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAOvT9ZLwbrjtGakRNkvBteoayN0u5+gMe3gA96
8JD6G6gEDvU9sUXbWKBRNMxjO9efA32vXs/2Lpz4HUEcSsc+n7HxXVVURq+J6pJ/
gkS12eQH71cOzh1dQzO8aU+sSbfSJxDXLSCTDJSG5cMu/ccXsT08EyNd8NiRjq6l
5IGrlYP++WIUvV5kkiNDdETL8xOKvgapS5B7iW7pTfbx4bwTU0Lg0hg1Xbs383b/
GAm61rlPbjU9yUVoyYMabJPVRl/NICFpWwliaPPVhpv6vSfeetsQ0xr0CDKzgzpt
MEujXxOq7EL6P+B2Xg6ELVNKqVVX2L7SKIVYO2vj8MNEzI5M
-----END CERTIFICATE-----