Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/TUfnGtq8mTQ96RDFRQ6moMMoT_w.roa
File:                     TUfnGtq8mTQ96RDFRQ6moMMoT_w.roa (raw, json)
Hash identifier:          o6/MtcGaQt4D8zZXJcfUrJFM80jmKHqtuuVNU8URzcw=
Subject key identifier:   4D:47:E7:1A:DA:BC:99:34:3D:E9:10:C5:45:0E:A6:A0:C3:28:4F:FC
Certificate issuer:       /CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
Certificate serial:       018CC49343EF6C29BE84B6B817BA6379CF52
Authority key identifier: 51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/TUfnGtq8mTQ96RDFRQ6moMMoT_w.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216222
IP address blocks:        2a13:cc87:fc01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:43:ef:6c:29:be:84:b6:b8:17:ba:63:79:cf:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d47e71adabc99343de910c5450ea6a0c3284ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ac:31:72:2f:6d:56:52:af:0b:e5:9c:a8:d6:
                    7b:f5:d7:c3:73:23:1b:dd:a8:9a:a6:b6:fd:14:05:
                    a2:8b:f1:ab:73:44:75:96:02:ce:69:34:5f:94:8d:
                    53:5b:fa:a8:cd:63:3d:e2:e1:76:ca:f6:d2:75:2f:
                    bb:ec:f9:eb:38:c4:4d:82:ab:a4:a0:0c:09:8e:40:
                    87:63:c6:bd:f5:e0:7d:4d:31:dc:68:ca:8e:c5:0d:
                    79:c1:8f:2e:53:17:62:89:2a:60:44:af:ea:64:2d:
                    1f:43:b1:f7:7c:c6:f7:49:5f:84:48:b9:88:34:d0:
                    0c:15:d5:f7:cc:b6:6e:a8:c0:3e:0b:ed:5d:a9:88:
                    04:18:e6:a8:0f:b5:4b:bd:fe:ee:89:d9:22:ae:b5:
                    c3:ca:5e:d6:9e:a7:4e:b7:05:92:5a:5e:67:fc:1a:
                    66:d4:cf:50:ea:c3:39:3f:d5:72:04:e3:95:46:d6:
                    86:bb:72:d3:6e:32:d2:96:dd:8a:92:16:d4:c6:22:
                    b5:11:36:34:3b:67:16:7a:3a:62:70:e9:c2:0e:06:
                    06:00:9a:d2:c2:12:26:24:6b:a3:1f:16:b6:15:d8:
                    4b:e9:e8:8e:91:2c:8c:37:16:c9:61:07:06:b7:13:
                    2a:97:7a:50:b1:5b:e9:b9:76:fb:fd:9c:5d:9e:06:
                    33:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:47:E7:1A:DA:BC:99:34:3D:E9:10:C5:45:0E:A6:A0:C3:28:4F:FC
            X509v3 Authority Key Identifier:
                keyid:51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/TUfnGtq8mTQ96RDFRQ6moMMoT_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cc87:fc01::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:1a:48:a3:6c:c7:4d:6a:1c:66:ce:90:a5:1a:13:cd:e3:90:
         b3:8d:d2:a8:c8:ca:fd:a0:00:22:c2:d8:c4:d8:9a:24:84:ee:
         8a:52:e6:63:b7:55:70:d9:1d:51:1e:58:f4:1a:ef:5b:b5:9d:
         e0:2d:0a:bd:ab:49:75:51:88:52:7e:47:ac:01:54:c9:22:af:
         63:4a:09:4d:1c:a8:3c:79:55:46:0d:c0:5b:54:4d:d0:f3:a6:
         aa:d8:c4:df:71:5e:5d:b8:62:2d:5b:85:55:4f:16:ef:f1:7c:
         32:f0:84:d5:17:2f:92:3a:df:c0:76:c7:57:16:85:78:0b:bb:
         63:05:e3:c6:5e:7c:4a:67:ab:03:e9:47:51:a6:b0:48:86:bd:
         ce:ad:16:78:c1:79:03:e4:f0:c5:6f:45:70:36:35:0f:85:20:
         b8:8c:e2:02:ca:71:c5:06:00:27:d4:56:2d:d3:00:c0:12:c5:
         50:41:1c:57:94:28:be:ae:96:2d:97:51:35:3f:d1:15:6d:98:
         02:4e:e6:10:e8:27:2f:1a:2f:92:a9:85:7e:b0:bc:ec:cb:a0:
         75:a6:66:55:bc:6b:38:33:15:9b:6c:00:d2:60:ad:65:64:e3:
         dc:bd:5c:cf:aa:df:56:c1:fb:05:19:5f:ba:66:4d:54:8f:d1:
         c8:aa:ac:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk0PvbCm+hLa4F7pjec9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxN2EwYzk2ODQyYmFmYzlmNjMwYmExNGI4M2VhNzliZDEy
YTUzYjkwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ3ZTcxYWRhYmM5OTM0M2RlOTEwYzU0NTBlYTZhMGMzMjg0ZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqwxci9tVlKvC+WcqNZ79dfDcyMb
3aiaprb9FAWii/Grc0R1lgLOaTRflI1TW/qozWM94uF2yvbSdS+77PnrOMRNgquk
oAwJjkCHY8a99eB9TTHcaMqOxQ15wY8uUxdiiSpgRK/qZC0fQ7H3fMb3SV+ESLmI
NNAMFdX3zLZuqMA+C+1dqYgEGOaoD7VLvf7uidkirrXDyl7WnqdOtwWSWl5n/Bpm
1M9Q6sM5P9VyBOOVRtaGu3LTbjLSlt2KkhbUxiK1ETY0O2cWejpicOnCDgYGAJrS
whImJGujHxa2FdhL6eiOkSyMNxbJYQcGtxMql3pQsVvpuXb7/ZxdngYzkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE1H5xravJk0PekQxUUOpqDDKE/8MB8GA1UdIwQY
MBaAFFF6DJaEK6/J9jC6FLg+p5vRKlO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMt
YjBlYjY3MTVlMGFmLzEvVFVmbkd0cThtVFE5NlJERlJRNm1vTU1vVF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMtYjBlYjY3MTVlMGFm
LzEvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPMh/wB
MA0GCSqGSIb3DQEBCwUAA4IBAQDWGkijbMdNahxmzpClGhPN45CzjdKoyMr9oAAi
wtjE2JokhO6KUuZjt1Vw2R1RHlj0Gu9btZ3gLQq9q0l1UYhSfkesAVTJIq9jSglN
HKg8eVVGDcBbVE3Q86aq2MTfcV5duGItW4VVTxbv8Xwy8ITVFy+SOt/AdsdXFoV4
C7tjBePGXnxKZ6sD6UdRprBIhr3OrRZ4wXkD5PDFb0VwNjUPhSC4jOICynHFBgAn
1FYt0wDAEsVQQRxXlCi+rpYtl1E1P9EVbZgCTuYQ6CcvGi+SqYV+sLzsy6B1pmZV
vGs4MxWbbADSYK1lZOPcvVzPqt9WwfsFGV+6Zk1Uj9HIqqy9
-----END CERTIFICATE-----