Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/M8VrCkB0y84JIHY8-QDByE6uxVM.roa
File:                     M8VrCkB0y84JIHY8-QDByE6uxVM.roa (raw, json)
Hash identifier:          WQM+QuWz/dYnVa2kWhowZA4ntSgB2a7se507cq5zFUg=
Subject key identifier:   33:C5:6B:0A:40:74:CB:CE:09:20:76:3C:F9:00:C1:C8:4E:AE:C5:53
Certificate issuer:       /CN=525b705a91dbc30ed10eb7222b7797b834e01863
Certificate serial:       018CC5002DCFA2703DCE6378A748EE08254A
Authority key identifier: 52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/M8VrCkB0y84JIHY8-QDByE6uxVM.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209673
IP address blocks:        2a0d:eb04:4::/46 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2d:cf:a2:70:3d:ce:63:78:a7:48:ee:08:25:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525b705a91dbc30ed10eb7222b7797b834e01863
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33c56b0a4074cbce0920763cf900c1c84eaec553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8f:4d:50:d7:fb:a3:b6:b1:a9:05:fb:2b:ef:
                    13:c8:4c:c7:89:3c:c1:88:ea:89:aa:5c:47:08:38:
                    f5:65:a2:35:b6:7c:07:0f:b3:bd:9e:16:bb:44:47:
                    53:c2:d1:c2:1d:4f:1a:fd:ee:32:69:ab:61:72:83:
                    1a:49:cc:4f:ff:8f:fe:4d:fe:7c:93:40:5d:95:40:
                    c2:f2:7e:fd:57:ee:22:fe:14:9a:e0:9b:d1:7d:41:
                    8a:6e:bc:ad:d9:c8:94:85:d7:ce:df:18:90:15:5b:
                    9f:9a:d8:77:f0:e1:66:93:55:6e:e6:8b:68:8e:10:
                    19:8d:33:bf:7a:21:96:d2:3e:5c:bb:af:75:3b:87:
                    df:d2:9e:47:77:d1:6f:38:e9:5e:b6:e6:8f:4d:a1:
                    5c:a9:f9:4b:b5:e3:fd:61:89:fe:66:c5:98:53:3e:
                    56:15:08:d2:28:5b:fe:de:fd:32:a3:8c:fe:31:c0:
                    2b:8b:9e:8f:8e:94:a1:c6:16:cc:65:a4:13:df:20:
                    af:20:58:0d:30:b9:5f:7b:69:1d:26:97:b9:f5:0b:
                    06:d0:8a:36:eb:13:e9:cf:be:83:b0:c4:90:58:c0:
                    52:dc:b3:76:fb:28:ac:40:f4:a1:ad:c6:b3:11:46:
                    2a:27:45:d7:3f:f4:e2:35:10:6b:76:c0:12:1e:22:
                    85:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C5:6B:0A:40:74:CB:CE:09:20:76:3C:F9:00:C1:C8:4E:AE:C5:53
            X509v3 Authority Key Identifier:
                keyid:52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/M8VrCkB0y84JIHY8-QDByE6uxVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:eb04:4::/46

    Signature Algorithm: sha256WithRSAEncryption
         83:b7:06:c1:d2:71:99:a0:d6:07:4f:d9:c2:7c:4c:b6:a1:4e:
         b0:bd:a4:5f:c9:a7:4b:3f:ac:a1:1d:2b:ed:ea:a8:09:d5:f2:
         54:c1:e3:e2:27:8f:35:af:7c:17:b0:1a:1f:bd:75:97:a6:96:
         08:26:af:6e:ee:80:f0:bc:15:be:51:c8:d3:8e:74:1e:35:f9:
         57:8d:4f:db:59:2b:27:60:20:37:ba:a2:9b:17:40:b3:f3:01:
         bb:8c:2f:eb:81:1d:c9:7e:9a:fe:6d:b6:53:d3:db:a7:3c:19:
         9c:d1:d0:c2:b6:04:d0:6a:58:cb:da:34:b4:d8:0c:ae:63:74:
         9a:b5:b5:e2:41:4d:e2:dd:fb:fb:da:b1:f7:a7:06:f4:6e:d0:
         53:0d:76:c6:a5:b3:b2:a8:b8:74:86:b8:da:3a:84:83:73:7d:
         76:56:66:a0:1a:a6:58:a0:76:95:36:6c:19:1a:47:eb:74:8b:
         89:46:81:0b:64:04:b1:3c:49:9b:a7:cf:26:79:ab:2e:41:7d:
         9a:2e:d8:f5:79:a7:9e:7f:cd:88:7e:b3:aa:01:d5:d6:35:1c:
         a9:5a:cc:61:67:8f:1f:e7:fb:57:83:d0:73:91:23:42:82:0f:
         11:61:72:fd:40:47:5c:85:a2:29:5e:ad:87:36:56:a3:ea:d9:
         5a:2a:39:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAC3PonA9zmN4p0juCCVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWI3MDVhOTFkYmMzMGVkMTBlYjcyMjJiNzc5N2I4MzRl
MDE4NjMwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2M1NmIwYTQwNzRjYmNlMDkyMDc2M2NmOTAwYzFjODRlYWVjNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn49NUNf7o7axqQX7K+8TyEzHiTzB
iOqJqlxHCDj1ZaI1tnwHD7O9nha7REdTwtHCHU8a/e4yaathcoMaScxP/4/+Tf58
k0BdlUDC8n79V+4i/hSa4JvRfUGKbryt2ciUhdfO3xiQFVufmth38OFmk1Vu5oto
jhAZjTO/eiGW0j5cu691O4ff0p5Hd9FvOOletuaPTaFcqflLteP9YYn+ZsWYUz5W
FQjSKFv+3v0yo4z+McAri56PjpShxhbMZaQT3yCvIFgNMLlfe2kdJpe59QsG0Io2
6xPpz76DsMSQWMBS3LN2+yisQPShrcazEUYqJ0XXP/TiNRBrdsASHiKFdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDPFawpAdMvOCSB2PPkAwchOrsVTMB8GA1UdIwQY
MBaAFFJbcFqR28MO0Q63Iit3l7g04BhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQt
ZjQ2ODg3ZGY5ODYzLzEvTThWckNrQjB5ODRKSUhZOC1RREJ5RTZ1eFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQtZjQ2ODg3ZGY5ODYz
LzEvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg3rBAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQCDtwbB0nGZoNYHT9nCfEy2oU6wvaRfyadLP6yh
HSvt6qgJ1fJUwePiJ481r3wXsBofvXWXppYIJq9u7oDwvBW+UcjTjnQeNflXjU/b
WSsnYCA3uqKbF0Cz8wG7jC/rgR3Jfpr+bbZT09unPBmc0dDCtgTQaljL2jS02Ayu
Y3SatbXiQU3i3fv72rH3pwb0btBTDXbGpbOyqLh0hrjaOoSDc312VmagGqZYoHaV
NmwZGkfrdIuJRoELZASxPEmbp88measuQX2aLtj1eaeef82IfrOqAdXWNRypWsxh
Z48f5/tXg9BzkSNCgg8RYXL9QEdchaIpXq2HNlaj6tlaKjkP
-----END CERTIFICATE-----