Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/rIaJuOye-KwMQizwOMJmgYsq7U4.roa
File:                     rIaJuOye-KwMQizwOMJmgYsq7U4.roa (raw, json)
Hash identifier:          swzf2w7YkekDJOCAUcDooLBgfpMJrExvcuugV5bkr2Y=
Subject key identifier:   AC:86:89:B8:EC:9E:F8:AC:0C:42:2C:F0:38:C2:66:81:8B:2A:ED:4E
Certificate issuer:       /CN=5f0226a704cf620eb2000f27e7a919ce730991be
Certificate serial:       018CC79535F85FB79F01638CBB2F00501B49
Authority key identifier: 5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/rIaJuOye-KwMQizwOMJmgYsq7U4.roa
Signing time:             Tue 02 Jan 2024 00:31:33 +0000
ROA not before:           Tue 02 Jan 2024 00:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        2a0c:b840:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:35:f8:5f:b7:9f:01:63:8c:bb:2f:00:50:1b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0226a704cf620eb2000f27e7a919ce730991be
        Validity
            Not Before: Jan  2 00:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac8689b8ec9ef8ac0c422cf038c266818b2aed4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7e:72:0a:ba:80:33:36:50:65:41:e2:d5:22:
                    8f:30:c2:d2:df:02:2f:9e:83:4b:91:ac:cf:da:63:
                    cd:74:6d:c4:1b:8a:b1:71:b6:6c:06:7f:25:80:0d:
                    aa:e9:a4:a9:01:c3:07:a5:40:47:81:0e:52:53:7c:
                    db:a9:d3:b3:77:69:bd:74:f1:16:68:83:92:a8:02:
                    2e:41:9d:4b:0b:4f:1f:0b:e9:c2:97:22:51:a5:da:
                    a2:79:c2:39:13:13:5b:a6:ea:aa:e9:9d:84:94:45:
                    d4:5f:d4:74:00:c1:a2:da:41:f9:21:1f:96:52:c9:
                    cb:04:75:78:3a:16:6b:bf:51:c4:e7:ef:c6:d8:aa:
                    18:17:bb:d9:6e:e5:01:71:93:d7:31:67:ee:42:5e:
                    46:92:cc:77:59:b3:2a:6d:1f:09:27:e2:b5:ae:65:
                    cb:a0:62:ac:ab:cb:97:5f:33:a9:94:24:0d:2a:19:
                    0e:e8:6c:3e:9e:32:4b:f0:f7:27:06:53:d4:05:4a:
                    25:c4:ce:eb:f0:40:4a:38:20:f1:1f:47:d6:c4:fc:
                    c9:d5:9b:fe:94:fe:90:67:ec:fb:1d:bf:0f:73:13:
                    12:cd:3d:da:86:c7:a4:82:e0:29:eb:12:12:39:a6:
                    45:b6:bc:14:05:91:95:3f:01:07:1e:5a:b5:0e:c9:
                    d4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:86:89:B8:EC:9E:F8:AC:0C:42:2C:F0:38:C2:66:81:8B:2A:ED:4E
            X509v3 Authority Key Identifier:
                keyid:5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/rIaJuOye-KwMQizwOMJmgYsq7U4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b840:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:8c:96:26:66:f7:9d:5a:99:ce:af:af:d9:92:58:9c:d1:64:
         73:96:40:6f:c6:83:f6:27:3b:29:87:6a:fc:de:57:3a:ee:3d:
         9c:ac:29:c6:f4:f5:cb:a7:f0:37:f4:35:73:4a:6c:67:f0:ec:
         b9:e7:7b:db:72:52:a0:b0:9d:35:5e:7a:e4:5e:e6:f8:7a:a2:
         fd:0e:a0:d5:cb:8a:b0:9f:22:64:9a:4a:09:58:85:f9:f3:6c:
         ce:af:a1:2a:0e:a4:9d:d8:d5:27:1f:32:d6:63:8c:44:50:60:
         6b:93:d0:99:bf:03:8f:e9:bd:a8:c5:bd:8d:6b:bb:41:36:61:
         95:25:67:de:b0:18:7a:c9:3d:6a:1a:72:40:4f:80:bc:11:33:
         85:d0:f5:4c:b4:76:6b:68:e4:af:e2:50:3c:81:08:66:45:c0:
         97:b8:be:28:3c:39:57:91:f7:9f:b4:2a:17:cc:07:92:d6:94:
         d5:99:b4:3a:f2:e4:a1:7e:3f:ff:32:16:d4:d8:d2:54:cc:41:
         a0:a8:41:24:d7:1a:71:72:de:91:c4:4a:9e:b7:53:3d:2b:4d:
         bd:2a:25:06:3e:c7:ac:ef:7a:0c:fd:8e:14:12:a9:cd:de:19:
         1d:5b:07:5d:ce:df:6a:5d:fb:dc:21:b1:31:53:fd:e0:7f:e4:
         1b:2c:3d:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlTX4X7efAWOMuy8AUBtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIyNmE3MDRjZjYyMGViMjAwMGYyN2U3YTkxOWNlNzMw
OTkxYmUwHhcNMjQwMTAyMDAzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzg2ODliOGVjOWVmOGFjMGM0MjJjZjAzOGMyNjY4MThiMmFlZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35yCrqAMzZQZUHi1SKPMMLS3wIv
noNLkazP2mPNdG3EG4qxcbZsBn8lgA2q6aSpAcMHpUBHgQ5SU3zbqdOzd2m9dPEW
aIOSqAIuQZ1LC08fC+nClyJRpdqiecI5ExNbpuqq6Z2ElEXUX9R0AMGi2kH5IR+W
UsnLBHV4OhZrv1HE5+/G2KoYF7vZbuUBcZPXMWfuQl5Gksx3WbMqbR8JJ+K1rmXL
oGKsq8uXXzOplCQNKhkO6Gw+njJL8PcnBlPUBUolxM7r8EBKOCDxH0fWxPzJ1Zv+
lP6QZ+z7Hb8PcxMSzT3ahsekguAp6xISOaZFtrwUBZGVPwEHHlq1DsnUAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKyGibjsnvisDEIs8DjCZoGLKu1OMB8GA1UdIwQY
MBaAFF8CJqcEz2IOsgAPJ+epGc5zCZG+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAt
NzVkOWNlNWI4ZDljLzEvcklhSnVPeWUtS3dNUWl6d09NSm1nWXNxN1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAtNzVkOWNlNWI4ZDlj
LzEvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy4QAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCRjJYmZvedWpnOr6/Zklic0WRzlkBvxoP2Jzsp
h2r83lc67j2crCnG9PXLp/A39DVzSmxn8Oy553vbclKgsJ01XnrkXub4eqL9DqDV
y4qwnyJkmkoJWIX582zOr6EqDqSd2NUnHzLWY4xEUGBrk9CZvwOP6b2oxb2Na7tB
NmGVJWfesBh6yT1qGnJAT4C8ETOF0PVMtHZraOSv4lA8gQhmRcCXuL4oPDlXkfef
tCoXzAeS1pTVmbQ68uShfj//MhbU2NJUzEGgqEEk1xpxct6RxEqet1M9K029KiUG
Pses73oM/Y4UEqnN3hkdWwddzt9qXfvcIbExU/3gf+QbLD1I
-----END CERTIFICATE-----