Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/HdAEzj7VvLg4ArClc1vip8FVrjU.roa
File:                     HdAEzj7VvLg4ArClc1vip8FVrjU.roa (raw, json)
Hash identifier:          iRjDVu9NpfHultzKpaYQTkgS9zpxSsAAxBmeVw+Yi3Q=
Subject key identifier:   1D:D0:04:CE:3E:D5:BC:B8:38:02:B0:A5:73:5B:E2:A7:C1:55:AE:35
Certificate issuer:       /CN=0b4cfabe47e9285f65f1f2d686baaf15b8b41773
Certificate serial:       018CC9BC3ABE1C641C3367B71A0C824D882B
Authority key identifier: 0B:4C:FA:BE:47:E9:28:5F:65:F1:F2:D6:86:BA:AF:15:B8:B4:17:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/HdAEzj7VvLg4ArClc1vip8FVrjU.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64520
IP address blocks:        2a02:d58:200a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3a:be:1c:64:1c:33:67:b7:1a:0c:82:4d:88:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4cfabe47e9285f65f1f2d686baaf15b8b41773
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dd004ce3ed5bcb83802b0a5735be2a7c155ae35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:87:71:26:96:f4:83:af:3f:2f:58:f1:a3:0b:
                    ad:c3:e4:a9:49:eb:48:19:26:5a:8f:9c:98:25:2f:
                    ac:02:98:a0:a6:2a:43:d3:0b:40:0c:bc:96:9c:0b:
                    88:a0:f3:a0:2a:81:ec:9b:fb:ed:26:4c:99:4f:56:
                    96:87:62:00:0f:49:af:11:8e:d7:4e:13:3d:e0:ef:
                    cc:92:14:42:fb:7a:cf:f1:87:b0:76:8b:60:c1:8c:
                    3b:f6:ec:da:e5:6a:77:61:54:bf:e5:b1:50:da:ec:
                    76:a5:92:02:2e:3c:d2:b6:2b:46:ae:61:c5:a4:59:
                    c6:8a:aa:61:f0:f2:87:e6:91:fd:f8:5c:2f:6d:2f:
                    57:e9:50:0f:6e:b1:cd:4d:34:b5:03:13:74:55:da:
                    fd:93:33:24:97:98:2b:b9:d6:2a:27:b4:54:e3:2c:
                    69:bb:03:9c:79:da:5f:77:d6:2b:4e:d9:bd:d8:46:
                    e5:b7:24:e3:fd:e1:da:38:d4:8b:ec:e5:bc:74:d3:
                    53:aa:ae:92:46:66:7e:5f:b6:b0:3d:49:91:3e:07:
                    18:f2:73:00:f5:0b:e9:25:cf:de:13:79:b2:cf:e0:
                    1d:b4:3d:d0:5a:eb:a2:d6:7d:2a:c2:7f:ce:42:d8:
                    3b:ba:dd:aa:aa:ac:f1:42:c8:24:96:04:68:a0:9d:
                    50:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D0:04:CE:3E:D5:BC:B8:38:02:B0:A5:73:5B:E2:A7:C1:55:AE:35
            X509v3 Authority Key Identifier:
                keyid:0B:4C:FA:BE:47:E9:28:5F:65:F1:F2:D6:86:BA:AF:15:B8:B4:17:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C0z6vkfpKF9l8fLWhrqvFbi0F3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/HdAEzj7VvLg4ArClc1vip8FVrjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/1abe8a-45a2-4156-98d7-6806e3d4ce4f/1/C0z6vkfpKF9l8fLWhrqvFbi0F3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d58:200a::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:4a:ce:a9:de:55:84:09:af:02:a8:a2:47:a9:a7:04:40:b9:
         dd:06:ae:4c:d4:e7:fd:08:87:a1:ff:b6:ee:05:87:af:ac:e2:
         a6:a5:fa:bf:33:df:e6:6c:c4:86:26:2b:55:25:2f:a9:07:14:
         91:f2:57:f4:fb:dd:e8:d2:c7:ab:65:b7:23:86:75:89:28:72:
         90:17:cd:76:6c:b9:a2:4f:68:d0:14:69:e2:a6:29:d3:de:b8:
         5b:95:d2:c4:87:9b:48:41:a7:9e:9a:2b:70:f8:f5:26:d4:92:
         14:4c:eb:03:42:33:c3:29:1d:1c:66:e2:36:ae:bf:f8:35:76:
         93:47:1a:18:d7:3c:6d:f5:65:00:ca:d3:f1:4c:e1:df:a5:2a:
         cc:df:4a:eb:af:86:cf:5d:ce:d6:99:b1:d6:87:fd:b1:c3:6a:
         c9:59:1e:bd:0d:1f:ab:2c:cc:c4:9d:46:c9:b1:63:87:89:d4:
         b6:9f:6b:23:d5:27:24:8e:1a:dc:ad:a2:e1:3a:d4:d8:b5:27:
         be:7a:96:0a:04:fc:2f:1c:a4:d2:7f:ce:a2:82:56:91:31:ca:
         d5:b0:9d:4b:83:9d:5c:c3:e1:b9:c7:60:85:48:bd:65:9b:41:
         09:c4:01:5b:cc:7e:8a:d7:2f:cd:e4:0d:40:b9:6f:65:7c:30:
         ca:cd:d7:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvDq+HGQcM2e3GgyCTYgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGNmYWJlNDdlOTI4NWY2NWYxZjJkNjg2YmFhZjE1Yjhi
NDE3NzMwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQwMDRjZTNlZDViY2I4MzgwMmIwYTU3MzViZTJhN2MxNTVhZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIdxJpb0g68/L1jxowutw+SpSetI
GSZaj5yYJS+sApigpipD0wtADLyWnAuIoPOgKoHsm/vtJkyZT1aWh2IAD0mvEY7X
ThM94O/MkhRC+3rP8YewdotgwYw79uza5Wp3YVS/5bFQ2ux2pZICLjzStitGrmHF
pFnGiqph8PKH5pH9+FwvbS9X6VAPbrHNTTS1AxN0Vdr9kzMkl5grudYqJ7RU4yxp
uwOcedpfd9YrTtm92EbltyTj/eHaONSL7OW8dNNTqq6SRmZ+X7awPUmRPgcY8nMA
9QvpJc/eE3myz+AdtD3QWuui1n0qwn/OQtg7ut2qqqzxQsgklgRooJ1Q+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB3QBM4+1by4OAKwpXNb4qfBVa41MB8GA1UdIwQY
MBaAFAtM+r5H6ShfZfHy1oa6rxW4tBdzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzB6NnZrZnBLRjlsOGZMV2hycXZGYmkwRjNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8xYWJlOGEtNDVhMi00MTU2LTk4ZDct
NjgwNmUzZDRjZTRmLzEvSGRBRXpqN1Z2TGc0QXJDbGMxdmlwOEZWcmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8xYWJlOGEtNDVhMi00MTU2LTk4ZDctNjgwNmUzZDRjZTRm
LzEvQzB6NnZrZnBLRjlsOGZMV2hycXZGYmkwRjNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgINWCAK
MA0GCSqGSIb3DQEBCwUAA4IBAQAESs6p3lWECa8CqKJHqacEQLndBq5M1Of9CIeh
/7buBYevrOKmpfq/M9/mbMSGJitVJS+pBxSR8lf0+93o0serZbcjhnWJKHKQF812
bLmiT2jQFGnipinT3rhbldLEh5tIQaeemitw+PUm1JIUTOsDQjPDKR0cZuI2rr/4
NXaTRxoY1zxt9WUAytPxTOHfpSrM30rrr4bPXc7WmbHWh/2xw2rJWR69DR+rLMzE
nUbJsWOHidS2n2sj1SckjhrcraLhOtTYtSe+epYKBPwvHKTSf86iglaRMcrVsJ1L
g51cw+G5x2CFSL1lm0EJxAFbzH6K1y/N5A1AuW9lfDDKzdeB
-----END CERTIFICATE-----