Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa
File:                     1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa (raw, json)
Hash identifier:          9HW6WQzsDPY3tCz5NfEfWdymXIT9b6b0e84IPBjLTaw=
Subject key identifier:   FA:52:2D:D3:1D:9F:CF:5B:09:A0:DC:60:4E:AA:96:A1:45:72:B5:F1
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018CC9BB098CFAA1D6715BC399C643889A58
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31458
IP address blocks:        2a01:be60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:09:8c:fa:a1:d6:71:5b:c3:99:c6:43:88:9a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa522dd31d9fcf5b09a0dc604eaa96a14572b5f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cb:1a:fd:70:bc:c0:34:21:2b:ee:8a:20:b2:
                    89:f6:2a:93:cf:99:a3:8d:50:83:e5:c8:f4:fe:b2:
                    ab:9e:c7:06:2b:a2:fc:5e:1c:d3:6f:20:17:b1:0f:
                    06:f7:2e:a9:14:f3:0e:05:9e:8f:ac:2c:1a:4c:0a:
                    8a:dc:c7:03:d6:04:7b:36:66:25:32:0d:24:44:20:
                    b5:3a:8a:cd:c9:13:8f:92:9b:a0:e2:af:94:b6:53:
                    11:b4:4b:d8:f6:02:7c:60:74:46:f9:31:50:1e:47:
                    3f:df:95:f3:08:a8:63:5b:d6:c2:85:3f:e2:64:25:
                    d3:a6:fe:ea:14:44:1e:d0:c3:01:d7:9d:f9:2e:92:
                    78:b1:60:51:c9:85:e9:ff:3a:1f:9e:11:09:4d:ba:
                    cf:6f:be:3d:46:68:97:5d:0d:0d:c6:15:fd:91:7d:
                    81:0f:ff:f4:f0:70:f7:9d:dd:c6:36:60:eb:a0:a3:
                    11:01:26:89:e1:77:93:65:99:c5:76:4c:d1:74:19:
                    e6:23:38:26:81:ae:1b:70:f3:2b:ae:57:24:e6:28:
                    73:c8:a3:88:b3:66:2c:81:b6:12:6a:50:53:53:3c:
                    18:43:46:b2:b5:87:b5:7f:58:da:cf:38:65:1f:ec:
                    43:87:27:f5:05:dd:33:1e:19:1f:60:c3:27:37:9a:
                    73:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:52:2D:D3:1D:9F:CF:5B:09:A0:DC:60:4E:AA:96:A1:45:72:B5:F1
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:be60::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:b3:61:9d:8d:c5:89:5e:d8:86:e5:38:0b:30:ba:59:85:a3:
         90:a7:8c:7d:9b:13:76:20:6a:5a:ce:09:36:38:73:29:1c:2b:
         01:59:7b:17:56:66:26:25:2c:c0:a7:57:67:f3:1f:1c:68:19:
         5e:29:ab:d2:16:c0:04:cd:e3:eb:39:46:8a:1f:40:da:ac:38:
         49:0e:86:36:ea:7e:05:77:a9:41:1d:89:34:3f:82:fe:56:f4:
         9d:fc:2a:4f:2d:ce:db:8f:8a:df:88:37:fd:23:48:a7:43:5b:
         8f:d8:0f:e2:04:91:36:29:c2:d4:26:d7:b3:9b:24:5b:b8:ed:
         82:3e:58:f1:d7:2b:6f:b5:75:1b:1e:c4:2e:a5:b2:86:6e:38:
         6e:a6:e1:f2:24:02:ea:28:b2:d1:c8:a1:e1:81:48:6d:59:a5:
         ba:9c:29:a3:ab:d0:8b:37:b2:be:c5:d3:7e:e0:03:a7:c0:38:
         0a:14:6c:5b:34:ab:8b:5d:2c:49:42:a3:4d:fd:de:f3:8a:8c:
         be:70:ed:ca:7b:bd:0b:c5:37:7c:d7:8a:80:8e:ad:34:50:31:
         5e:3b:5d:bf:f7:75:39:b4:1a:58:3a:3f:2b:c3:55:79:36:8a:
         f3:ec:58:99:96:c0:b8:87:d2:96:fe:d4:6e:6b:19:97:08:60:
         c4:d3:5c:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJuwmM+qHWcVvDmcZDiJpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTUyMmRkMzFkOWZjZjViMDlhMGRjNjA0ZWFhOTZhMTQ1NzJiNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8sa/XC8wDQhK+6KILKJ9iqTz5mj
jVCD5cj0/rKrnscGK6L8XhzTbyAXsQ8G9y6pFPMOBZ6PrCwaTAqK3McD1gR7NmYl
Mg0kRCC1OorNyROPkpug4q+UtlMRtEvY9gJ8YHRG+TFQHkc/35XzCKhjW9bChT/i
ZCXTpv7qFEQe0MMB1535LpJ4sWBRyYXp/zofnhEJTbrPb749RmiXXQ0NxhX9kX2B
D//08HD3nd3GNmDroKMRASaJ4XeTZZnFdkzRdBnmIzgmga4bcPMrrlck5ihzyKOI
s2YsgbYSalBTUzwYQ0aytYe1f1jazzhlH+xDhyf1Bd0zHhkfYMMnN5pz4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPpSLdMdn89bCaDcYE6qlqFFcrXxMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvMS1sSXQweDJmejFzSm9OeGdUcXFXb1VWeXRmRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzkvNThlNjU1LWU3MTMtNDVkMi05NThhLTE4MjI4NjdlMTU5
Ni8xLzNFNUZPdl9vbGJaRks0UUNkRGZGd0FfVGNHYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoBvmAw
DQYJKoZIhvcNAQELBQADggEBADqzYZ2NxYle2IblOAswulmFo5CnjH2bE3YgalrO
CTY4cykcKwFZexdWZiYlLMCnV2fzHxxoGV4pq9IWwATN4+s5RoofQNqsOEkOhjbq
fgV3qUEdiTQ/gv5W9J38Kk8tztuPit+IN/0jSKdDW4/YD+IEkTYpwtQm17ObJFu4
7YI+WPHXK2+1dRsexC6lsoZuOG6m4fIkAuoostHIoeGBSG1ZpbqcKaOr0Is3sr7F
037gA6fAOAoUbFs0q4tdLElCo0393vOKjL5w7cp7vQvFN3zXioCOrTRQMV47Xb/3
dTm0Glg6PyvDVXk2ivPsWJmWwLiH0pb+1G5rGZcIYMTTXEA=
-----END CERTIFICATE-----