Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/UD7lYmm6ta_AImRUbggg1Mh4-1E.roa
File:                     UD7lYmm6ta_AImRUbggg1Mh4-1E.roa (raw, json)
Hash identifier:          9fDIrwtNGPYofe+dRo7TCYp2wl1vVMSDXrzPM7IJ4iI=
Subject key identifier:   50:3E:E5:62:69:BA:B5:AF:C0:22:64:54:6E:08:20:D4:C8:78:FB:51
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F1B81C34F5F56665ED5630986111
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/UD7lYmm6ta_AImRUbggg1Mh4-1E.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5470
IP address blocks:        2001:648:2800::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f1:b8:1c:34:f5:f5:66:65:ed:56:30:98:61:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=503ee56269bab5afc02264546e0820d4c878fb51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:9a:7f:f9:59:d3:78:42:54:eb:21:de:47:ee:
                    e5:6c:1e:75:d3:1c:16:60:be:91:70:2d:57:c2:63:
                    96:f1:17:f7:7d:5b:5a:3c:8d:d7:ab:d8:f0:27:ce:
                    c5:27:7b:c9:26:63:85:07:8a:74:0f:fb:39:b7:cd:
                    31:86:7e:08:f2:47:5d:1d:46:12:c9:dd:74:16:b8:
                    a6:c2:54:56:93:4c:fe:40:5f:58:d0:44:87:ff:05:
                    68:ac:f8:af:1c:4e:0a:8c:76:87:6e:69:a1:31:2e:
                    e1:a2:58:4c:2f:99:2a:a2:99:b6:8c:9f:ba:51:63:
                    9a:cf:b6:7c:9e:8f:55:19:4d:11:55:e0:c8:30:94:
                    63:06:d9:fd:98:d5:43:9a:8c:72:20:28:42:c3:20:
                    1a:98:8c:a9:ba:e1:a6:fb:92:20:f4:13:eb:ee:a2:
                    cb:cb:76:83:3a:eb:53:7c:ce:a0:9d:75:ef:d4:ba:
                    6c:7c:f1:d9:d4:76:e1:eb:2a:e2:1e:5c:5f:3f:74:
                    e2:7f:cd:f0:78:c8:78:7b:f7:cf:5d:2e:b5:9f:19:
                    cb:0f:b4:2d:15:a8:49:e0:d2:ce:47:d9:58:2e:1c:
                    37:e0:f9:d3:79:5f:84:5d:5e:43:8d:16:1f:69:82:
                    4c:f8:cb:06:0f:f6:00:95:54:20:60:3b:4d:7b:65:
                    3b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3E:E5:62:69:BA:B5:AF:C0:22:64:54:6E:08:20:D4:C8:78:FB:51
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/UD7lYmm6ta_AImRUbggg1Mh4-1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:648:2800::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:5b:8f:70:fd:e3:79:a4:cd:a8:61:40:ae:28:76:78:a3:19:
         93:f1:86:de:26:e8:1b:cb:21:7c:4d:8a:74:1f:e6:32:36:e5:
         55:a8:ae:37:a3:b9:e0:5d:41:e4:e1:fc:98:aa:be:3e:74:cf:
         c0:15:52:79:8a:40:83:9a:7f:bb:a3:2f:62:bb:6a:8f:1a:38:
         3e:cc:d1:a4:9a:6b:19:35:a8:4c:d8:7e:49:e1:58:82:22:8d:
         9e:60:14:c9:52:48:72:e3:3e:b4:ce:54:63:5b:58:de:c5:b9:
         cb:05:85:83:ff:ee:7b:ef:85:8f:e0:34:32:3a:ec:f6:ad:a7:
         69:33:07:4c:04:c0:f8:d5:5e:ac:49:6c:6d:b9:49:12:3e:9b:
         87:f6:2f:ad:cc:0e:03:a8:f9:41:fe:cb:47:6b:cc:49:61:45:
         b1:d9:cf:25:82:bc:77:5c:31:7d:84:a6:61:9b:26:7c:54:76:
         5a:b9:ca:fd:ca:49:84:12:e0:da:16:9a:4c:65:2a:f0:0b:af:
         e4:96:e2:3c:8a:87:b4:2c:59:92:db:5e:5d:52:ff:33:44:7b:
         2d:cb:b0:31:fa:f8:dd:1a:ed:bd:1c:d2:c5:5a:db:38:9b:4b:
         ab:74:d4:22:e5:78:29:bb:fd:d8:ca:24:67:69:7e:63:56:77:
         bd:b4:03:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSPG4HDT19WZl7VYwmGERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNlZTU2MjY5YmFiNWFmYzAyMjY0NTQ2ZTA4MjBkNGM4NzhmYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJp/+VnTeEJU6yHeR+7lbB510xwW
YL6RcC1XwmOW8Rf3fVtaPI3Xq9jwJ87FJ3vJJmOFB4p0D/s5t80xhn4I8kddHUYS
yd10FrimwlRWk0z+QF9Y0ESH/wVorPivHE4KjHaHbmmhMS7holhML5kqopm2jJ+6
UWOaz7Z8no9VGU0RVeDIMJRjBtn9mNVDmoxyIChCwyAamIypuuGm+5Ig9BPr7qLL
y3aDOutTfM6gnXXv1LpsfPHZ1Hbh6yriHlxfP3Tif83weMh4e/fPXS61nxnLD7Qt
FahJ4NLOR9lYLhw34PnTeV+EXV5DjRYfaYJM+MsGD/YAlVQgYDtNe2U7MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFA+5WJpurWvwCJkVG4IINTIePtRMB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvVUQ3bFltbTZ0YV9BSW1SVWJnZ2cxTWg0LTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGSCgA
MA0GCSqGSIb3DQEBCwUAA4IBAQBCW49w/eN5pM2oYUCuKHZ4oxmT8YbeJugbyyF8
TYp0H+YyNuVVqK43o7ngXUHk4fyYqr4+dM/AFVJ5ikCDmn+7oy9iu2qPGjg+zNGk
mmsZNahM2H5J4ViCIo2eYBTJUkhy4z60zlRjW1jexbnLBYWD/+5774WP4DQyOuz2
radpMwdMBMD41V6sSWxtuUkSPpuH9i+tzA4DqPlB/stHa8xJYUWx2c8lgrx3XDF9
hKZhmyZ8VHZaucr9ykmEEuDaFppMZSrwC6/kluI8ioe0LFmS215dUv8zRHsty7Ax
+vjdGu29HNLFWts4m0urdNQi5Xgpu/3YyiRnaX5jVne9tAND
-----END CERTIFICATE-----