Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/S2abFgVBaX0vxIMVaBvfqkautT8.roa
File:                     S2abFgVBaX0vxIMVaBvfqkautT8.roa (raw, json)
Hash identifier:          ZIJ5a+Cyw/DlmQJsbFP/o6mLYtorGNIc27EwACJUnDI=
Subject key identifier:   4B:66:9B:16:05:41:69:7D:2F:C4:83:15:68:1B:DF:AA:46:AE:B5:3F
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF9DF37970C136F8ECAEBC92B2746
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/S2abFgVBaX0vxIMVaBvfqkautT8.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210932
IP address blocks:        2a0f:607:1500::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f9:df:37:97:0c:13:6f:8e:ca:eb:c9:2b:27:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b669b160541697d2fc48315681bdfaa46aeb53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8c:83:2f:84:a5:aa:de:af:13:53:f7:3c:7b:
                    a0:d8:64:40:10:7f:90:68:cd:42:a5:2f:de:e8:18:
                    7f:06:da:b3:68:2d:15:41:13:cd:1c:27:a8:5c:66:
                    52:66:6f:74:c6:5e:fb:a0:64:b6:36:37:68:7b:4b:
                    75:05:f6:f8:61:8a:76:26:ce:cb:6d:2e:25:eb:84:
                    59:a1:b8:1e:03:3e:b8:74:61:5d:aa:82:e1:eb:ef:
                    ec:d3:a5:8e:c7:e3:5d:39:47:b7:85:cc:1e:f3:5b:
                    03:d4:3c:6e:c7:b7:4e:d3:77:b4:16:5f:72:24:da:
                    b0:4c:b8:c9:55:19:44:cd:5f:2c:d0:bf:0d:fe:42:
                    3d:26:db:68:bf:1f:b0:6e:b6:6e:95:82:f2:2a:fa:
                    4b:11:79:a6:3d:2d:1f:43:ec:db:2e:c0:74:6a:63:
                    6e:c6:73:7b:3a:74:aa:5f:19:75:6b:f6:dd:c6:9e:
                    e1:86:54:21:87:76:a9:77:fb:f8:67:73:20:58:8e:
                    70:c3:b2:59:3b:e1:7b:2d:fc:07:9a:05:5a:dd:28:
                    46:24:19:89:43:54:cd:a2:e5:3d:5a:6a:d7:7a:6d:
                    c3:41:d2:f4:09:d8:8f:f9:4b:c2:a9:05:5c:d4:5d:
                    05:88:d9:52:7b:88:33:99:49:f9:d4:aa:be:16:be:
                    7b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:66:9B:16:05:41:69:7D:2F:C4:83:15:68:1B:DF:AA:46:AE:B5:3F
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/S2abFgVBaX0vxIMVaBvfqkautT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1500::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:c8:84:54:74:bb:39:c2:a1:e8:56:b3:2d:bd:72:3a:fd:d5:
         b3:aa:42:2c:e6:47:1b:46:6c:1c:3e:7e:d4:58:e6:cc:8f:6e:
         dd:2e:46:f8:15:07:be:9a:dc:d2:45:ad:43:92:31:9a:b9:f7:
         d3:44:f3:7d:33:89:eb:27:c4:d8:a5:4b:fd:7f:67:b9:31:ba:
         af:24:e3:e8:eb:35:36:f7:c1:9e:10:43:68:5f:80:28:80:aa:
         fd:5c:69:84:7e:65:3f:fa:c4:93:cf:ce:ee:67:05:5c:e4:e8:
         d4:cd:d1:26:d0:68:d4:9e:9b:68:96:e5:c7:b0:c7:ae:a9:a8:
         a4:a5:81:4c:94:ec:f0:3f:b3:67:94:7c:0c:86:6a:00:bb:98:
         52:85:b0:68:70:cc:fe:4e:07:41:43:96:8f:04:8d:fe:e4:22:
         21:ca:aa:a6:d2:af:6b:81:5a:bb:b2:68:01:63:fd:95:41:66:
         86:a7:78:53:1f:a7:99:f8:13:29:7c:67:d2:ef:53:2f:79:eb:
         b9:fa:10:d2:b0:04:00:8f:6c:32:73:2a:87:57:6c:e5:1f:4f:
         1a:81:db:31:b0:b9:ed:8a:af:c6:eb:27:56:04:4c:c7:a3:5d:
         88:99:8d:e4:81:af:dd:23:30:9d:e9:11:13:33:d4:b9:a1:16:
         ed:c2:cb:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PnfN5cME2+OyuvJKydGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY2OWIxNjA1NDE2OTdkMmZjNDgzMTU2ODFiZGZhYTQ2YWViNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoyDL4Slqt6vE1P3PHug2GRAEH+Q
aM1CpS/e6Bh/BtqzaC0VQRPNHCeoXGZSZm90xl77oGS2Njdoe0t1Bfb4YYp2Js7L
bS4l64RZobgeAz64dGFdqoLh6+/s06WOx+NdOUe3hcwe81sD1Dxux7dO03e0Fl9y
JNqwTLjJVRlEzV8s0L8N/kI9Jttovx+wbrZulYLyKvpLEXmmPS0fQ+zbLsB0amNu
xnN7OnSqXxl1a/bdxp7hhlQhh3apd/v4Z3MgWI5ww7JZO+F7LfwHmgVa3ShGJBmJ
Q1TNouU9WmrXem3DQdL0CdiP+UvCqQVc1F0FiNlSe4gzmUn51Kq+Fr57ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEtmmxYFQWl9L8SDFWgb36pGrrU/MB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvUzJhYkZnVkJhWDB2eElNVmFCdmZxa2F1dFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxUA
MA0GCSqGSIb3DQEBCwUAA4IBAQAHyIRUdLs5wqHoVrMtvXI6/dWzqkIs5kcbRmwc
Pn7UWObMj27dLkb4FQe+mtzSRa1DkjGauffTRPN9M4nrJ8TYpUv9f2e5MbqvJOPo
6zU298GeEENoX4AogKr9XGmEfmU/+sSTz87uZwVc5OjUzdEm0GjUnptoluXHsMeu
qaikpYFMlOzwP7NnlHwMhmoAu5hShbBocMz+TgdBQ5aPBI3+5CIhyqqm0q9rgVq7
smgBY/2VQWaGp3hTH6eZ+BMpfGfS71Mveeu5+hDSsAQAj2wycyqHV2zlH08agdsx
sLntiq/G6ydWBEzHo12ImY3kga/dIzCd6RETM9S5oRbtwst8
-----END CERTIFICATE-----