Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/_5L-PSEIDBPcMxHjH3njgGI3qug.roa
File:                     _5L-PSEIDBPcMxHjH3njgGI3qug.roa (raw, json)
Hash identifier:          YHVJ+ihk5IXL/87/OCwC3VOP8A/OfNo+PfVVHtFFOUQ=
Subject key identifier:   FF:92:FE:3D:21:08:0C:13:DC:33:11:E3:1F:79:E3:80:62:37:AA:E8
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE9E41007B96E51051D88BFF28FBE
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/_5L-PSEIDBPcMxHjH3njgGI3qug.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        2a09:e1c1:efd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e9:e4:10:07:b9:6e:51:05:1d:88:bf:f2:8f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff92fe3d21080c13dc3311e31f79e3806237aae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fa:ac:6f:44:6e:75:40:fd:ac:c4:7b:4d:77:
                    49:4b:91:68:38:eb:70:6a:04:3f:16:cb:61:49:1e:
                    c9:1d:25:a3:5b:67:9a:30:7f:5a:20:b1:81:3d:8e:
                    67:16:73:50:bc:a8:fc:6e:e9:54:b2:5b:9a:60:26:
                    0d:b6:48:02:f3:97:11:ef:85:5d:6a:a5:f0:12:71:
                    2e:d2:de:1a:76:96:43:c8:b0:97:f2:df:0c:ea:ac:
                    4c:58:63:f9:13:8b:b6:7a:ab:87:84:29:9e:ba:ab:
                    5b:c1:76:ab:14:7c:cd:e6:b7:85:43:00:8d:fc:65:
                    27:9c:11:7d:aa:43:28:fe:81:e8:29:4b:6f:c5:43:
                    39:55:53:b1:af:a0:07:f6:2e:c5:80:db:51:71:c4:
                    d1:e7:b8:d8:ff:df:f1:96:8a:af:8a:e3:f9:3e:ac:
                    08:d7:f8:21:4a:52:e0:4f:db:8e:32:03:4b:cd:36:
                    74:04:46:a8:02:4c:e8:0c:05:39:86:70:92:8f:3e:
                    b5:f4:7e:af:74:fa:75:a3:ac:a1:80:62:00:b3:fb:
                    ec:46:06:87:6f:91:2e:46:be:76:be:88:14:90:f6:
                    89:cd:61:58:50:ed:a0:db:70:46:cf:83:df:51:83:
                    54:d0:51:b5:3f:52:1b:1a:d0:a8:45:8e:01:10:7f:
                    c8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:92:FE:3D:21:08:0C:13:DC:33:11:E3:1F:79:E3:80:62:37:AA:E8
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/_5L-PSEIDBPcMxHjH3njgGI3qug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:efd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         37:99:88:f4:72:4e:84:fe:4b:4d:04:80:b6:da:6d:fc:55:80:
         ee:14:e5:6c:69:fa:e7:85:0c:59:fd:51:84:0c:2a:94:4f:c8:
         d3:9f:8f:ff:5b:9a:b2:23:a7:16:dd:05:50:af:74:40:bb:a5:
         f7:ee:7a:79:ae:03:3e:66:95:f0:cb:32:54:34:06:9e:9c:58:
         e9:e7:08:7d:f0:cc:76:df:7f:08:5d:76:5c:95:79:ab:73:c5:
         6a:e2:39:97:25:39:e1:7d:25:5f:ff:47:bb:e6:e6:b2:ca:5a:
         d6:f6:ee:07:69:d4:98:24:1e:fe:60:4d:9f:e2:4a:3f:60:76:
         b9:4e:72:12:19:aa:2e:a1:53:02:2c:3e:e1:de:1a:27:8d:ab:
         47:93:53:c7:a6:c1:e9:ba:74:5d:e2:09:62:b9:7e:70:91:b9:
         13:d4:68:79:6e:b5:57:82:30:86:29:b2:a9:f0:89:f5:d1:c2:
         94:81:03:d1:1c:f4:f2:12:5f:e3:21:5e:42:24:89:f0:fd:68:
         5d:e4:a3:64:47:c4:b7:c1:10:43:f3:0c:ef:f5:54:61:b1:5b:
         90:2d:5f:58:00:f4:71:5a:74:a4:90:d9:74:b7:69:ca:9b:e1:
         ac:f9:6c:fd:4a:d3:51:92:fa:01:22:3d:5d:a0:f1:77:00:f6:
         ef:25:d9:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSunkEAe5blEFHYi/8o++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjkyZmUzZDIxMDgwYzEzZGMzMzExZTMxZjc5ZTM4MDYyMzdhYWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvqsb0RudUD9rMR7TXdJS5FoOOtw
agQ/FsthSR7JHSWjW2eaMH9aILGBPY5nFnNQvKj8bulUsluaYCYNtkgC85cR74Vd
aqXwEnEu0t4adpZDyLCX8t8M6qxMWGP5E4u2equHhCmeuqtbwXarFHzN5reFQwCN
/GUnnBF9qkMo/oHoKUtvxUM5VVOxr6AH9i7FgNtRccTR57jY/9/xloqviuP5PqwI
1/ghSlLgT9uOMgNLzTZ0BEaoAkzoDAU5hnCSjz619H6vdPp1o6yhgGIAs/vsRgaH
b5EuRr52vogUkPaJzWFYUO2g23BGz4PfUYNU0FG1P1IbGtCoRY4BEH/ImwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP+S/j0hCAwT3DMR4x9544BiN6roMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvXzVMLVBTRUlEQlBjTXhIakgzbmpnR0kzcXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwe/Q
MA0GCSqGSIb3DQEBCwUAA4IBAQA3mYj0ck6E/ktNBIC22m38VYDuFOVsafrnhQxZ
/VGEDCqUT8jTn4//W5qyI6cW3QVQr3RAu6X37np5rgM+ZpXwyzJUNAaenFjp5wh9
8Mx2338IXXZclXmrc8Vq4jmXJTnhfSVf/0e75uayylrW9u4HadSYJB7+YE2f4ko/
YHa5TnISGaouoVMCLD7h3honjatHk1PHpsHpunRd4gliuX5wkbkT1Gh5brVXgjCG
KbKp8In10cKUgQPRHPTyEl/jIV5CJInw/Whd5KNkR8S3wRBD8wzv9VRhsVuQLV9Y
APRxWnSkkNl0t2nKm+Gs+Wz9StNRkvoBIj1doPF3APbvJdnc
-----END CERTIFICATE-----