Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/M5avupBoG4ZnMItchDzfP1XNufs.roa
File:                     M5avupBoG4ZnMItchDzfP1XNufs.roa (raw, json)
Hash identifier:          00Yc8FeK5s++MrLFXhqwsNitSHhHTgpK5QgWnPs/mCo=
Subject key identifier:   33:96:AF:BA:90:68:1B:86:67:30:8B:5C:84:3C:DF:3F:55:CD:B9:FB
Certificate issuer:       /CN=b22640351ab21a0dc7aaa15fab5b110977714a3c
Certificate serial:       018F254EA734552EB5AE3FBB52C92BC3875F
Authority key identifier: B2:26:40:35:1A:B2:1A:0D:C7:AA:A1:5F:AB:5B:11:09:77:71:4A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/siZANRqyGg3HqqFfq1sRCXdxSjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/M5avupBoG4ZnMItchDzfP1XNufs.roa
Signing time:             Sun 28 Apr 2024 15:24:22 +0000
ROA not before:           Sun 28 Apr 2024 15:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        2a14:2ec0:edea::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/siZANRqyGg3HqqFfq1sRCXdxSjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/siZANRqyGg3HqqFfq1sRCXdxSjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/siZANRqyGg3HqqFfq1sRCXdxSjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:25:4e:a7:34:55:2e:b5:ae:3f:bb:52:c9:2b:c3:87:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b22640351ab21a0dc7aaa15fab5b110977714a3c
        Validity
            Not Before: Apr 28 15:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3396afba90681b8667308b5c843cdf3f55cdb9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6c:7a:01:57:70:51:97:38:c0:39:84:29:33:
                    b5:b0:a5:9a:53:a7:ee:2c:43:a7:cd:1a:11:5e:7a:
                    54:ca:4c:0e:de:77:11:b0:b3:6f:8d:64:46:51:6e:
                    24:30:c9:cd:a5:14:bf:81:dc:87:bb:50:37:c3:c2:
                    00:59:5f:32:d4:0d:d9:12:df:64:db:d6:36:c3:5d:
                    05:cb:f7:1c:02:d6:38:4d:7d:ce:88:cf:fe:c1:a8:
                    c5:bc:2b:d7:76:6d:15:e3:a8:e6:07:b2:45:a1:74:
                    5f:d3:0e:b0:ba:30:39:79:96:97:09:10:26:d7:22:
                    24:c6:be:de:7f:53:26:9a:ce:aa:d0:f2:65:91:22:
                    e7:01:83:09:64:10:70:24:80:1a:c0:4a:fa:ae:98:
                    16:02:cd:ec:bd:fc:28:a2:e7:f3:ad:ff:c0:74:92:
                    d4:96:e4:e1:2d:65:3c:1b:f3:49:0a:ec:e8:fa:bc:
                    05:52:e3:e7:b3:39:c4:e5:8b:80:1b:a6:25:dc:bc:
                    6e:2c:38:dd:36:72:26:d2:13:e0:8c:1d:f6:0e:22:
                    45:66:1f:87:6b:05:cf:72:ba:29:f6:63:04:48:e1:
                    6e:30:65:ca:e6:24:28:74:ef:2d:3c:a0:a9:a5:ab:
                    1b:67:32:4d:9b:54:4d:5a:5b:5c:7a:1c:9b:b5:76:
                    34:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:96:AF:BA:90:68:1B:86:67:30:8B:5C:84:3C:DF:3F:55:CD:B9:FB
            X509v3 Authority Key Identifier:
                keyid:B2:26:40:35:1A:B2:1A:0D:C7:AA:A1:5F:AB:5B:11:09:77:71:4A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/siZANRqyGg3HqqFfq1sRCXdxSjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/M5avupBoG4ZnMItchDzfP1XNufs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/siZANRqyGg3HqqFfq1sRCXdxSjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2ec0:edea::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:55:94:9a:78:00:fd:70:a5:c8:42:97:6d:b4:4d:eb:e9:07:
         0a:be:70:ef:90:6f:e2:41:5c:94:72:8a:42:fb:10:d4:65:40:
         fc:6c:98:e9:42:b9:f4:cb:8d:ba:42:c6:3b:b0:fb:04:f0:c8:
         30:13:9d:9b:b5:24:e2:2b:cd:55:ec:02:8f:11:a1:a3:5f:2e:
         81:4e:bf:52:3d:88:bd:92:5b:08:a2:c7:f6:11:f6:83:90:8a:
         1b:4e:7c:4f:da:98:2b:d2:75:df:3f:7e:bf:0a:81:29:d6:a3:
         a4:e6:a6:21:22:db:a1:47:78:b9:01:03:21:43:97:57:5d:a7:
         cb:dc:4a:29:8b:4d:c5:4a:d6:92:48:59:57:38:05:f7:41:a5:
         71:53:f2:c9:79:7a:97:ed:b3:b6:93:f8:9f:a2:f4:ad:96:4d:
         c4:6a:2c:d5:d3:1a:38:3c:59:91:64:a3:63:70:c1:ea:d7:d2:
         41:c3:48:85:f7:cd:43:5a:be:3f:98:5e:7c:a5:62:69:e7:03:
         af:02:0b:e4:e7:b5:3e:53:e3:5b:b4:19:56:2e:f6:e4:0b:0b:
         b4:da:75:52:3f:b5:da:50:21:f4:01:a9:df:6a:53:d9:bd:51:
         4b:7e:66:fb:7e:9c:55:2b:31:2a:0b:90:73:32:fe:d8:f8:30:
         2f:b2:ff:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8lTqc0VS61rj+7Uskrw4dfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMjY0MDM1MWFiMjFhMGRjN2FhYTE1ZmFiNWIxMTA5Nzc3
MTRhM2MwHhcNMjQwNDI4MTUyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzk2YWZiYTkwNjgxYjg2NjczMDhiNWM4NDNjZGYzZjU1Y2RiOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2x6AVdwUZc4wDmEKTO1sKWaU6fu
LEOnzRoRXnpUykwO3ncRsLNvjWRGUW4kMMnNpRS/gdyHu1A3w8IAWV8y1A3ZEt9k
29Y2w10Fy/ccAtY4TX3OiM/+wajFvCvXdm0V46jmB7JFoXRf0w6wujA5eZaXCRAm
1yIkxr7ef1Mmms6q0PJlkSLnAYMJZBBwJIAawEr6rpgWAs3svfwooufzrf/AdJLU
luThLWU8G/NJCuzo+rwFUuPnsznE5YuAG6Yl3LxuLDjdNnIm0hPgjB32DiJFZh+H
awXPcrop9mMESOFuMGXK5iQodO8tPKCppasbZzJNm1RNWltcehybtXY0TQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDOWr7qQaBuGZzCLXIQ83z9Vzbn7MB8GA1UdIwQY
MBaAFLImQDUashoNx6qhX6tbEQl3cUo8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2laQU5ScXlHZzNIcXFGZnExc1JDWGR4U2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9lMzhmZjAtNDY5Yi00MWU1LWJiZWQt
MTc5ZTZlNDI5MGMwLzEvTTVhdnVwQm9HNFpuTUl0Y2hEemZQMVhOdWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9lMzhmZjAtNDY5Yi00MWU1LWJiZWQtMTc5ZTZlNDI5MGMw
LzEvc2laQU5ScXlHZzNIcXFGZnExc1JDWGR4U2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQuwO3q
MA0GCSqGSIb3DQEBCwUAA4IBAQCUVZSaeAD9cKXIQpdttE3r6QcKvnDvkG/iQVyU
copC+xDUZUD8bJjpQrn0y426QsY7sPsE8MgwE52btSTiK81V7AKPEaGjXy6BTr9S
PYi9klsIosf2EfaDkIobTnxP2pgr0nXfP36/CoEp1qOk5qYhItuhR3i5AQMhQ5dX
XafL3Eopi03FStaSSFlXOAX3QaVxU/LJeXqX7bO2k/ifovStlk3EaizV0xo4PFmR
ZKNjcMHq19JBw0iF981DWr4/mF58pWJp5wOvAgvk57U+U+NbtBlWLvbkCwu02nVS
P7XaUCH0AanfalPZvVFLfmb7fpxVKzEqC5BzMv7Y+DAvsv9V
-----END CERTIFICATE-----