Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/THTTTPQt1NwqzQ6hmAwHKbNq1xo.roa
File:                     THTTTPQt1NwqzQ6hmAwHKbNq1xo.roa (raw, json)
Hash identifier:          bLk/E3NLOsR4HG9U9oyIyT9zxDb5OWgpB4d5A+DD/WI=
Subject key identifier:   4C:74:D3:4C:F4:2D:D4:DC:2A:CD:0E:A1:98:0C:07:29:B3:6A:D7:1A
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018F82257B19ED3C48CFE8AC7DD1437A4646
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/THTTTPQt1NwqzQ6hmAwHKbNq1xo.roa
Signing time:             Thu 16 May 2024 16:04:05 +0000
ROA not before:           Thu 16 May 2024 16:04:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51714
IP address blocks:        2a09:ff00:103::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:82:25:7b:19:ed:3c:48:cf:e8:ac:7d:d1:43:7a:46:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: May 16 16:04:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c74d34cf42dd4dc2acd0ea1980c0729b36ad71a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:18:42:0c:06:01:c5:6b:34:5f:1a:77:62:07:
                    3f:7b:f7:14:cd:cb:e9:e4:d4:bc:06:af:d9:bd:16:
                    1c:a0:d6:4e:7e:5d:77:62:83:2d:fb:07:33:df:ac:
                    b1:70:b0:d6:bd:a8:d7:f9:ca:70:b8:d7:ce:7f:bb:
                    47:c4:86:03:92:d4:7c:1c:80:39:81:46:40:2c:9b:
                    cb:b0:bf:1b:6a:73:08:d5:13:79:5d:36:2e:a5:9e:
                    b2:1d:5f:2b:3d:b3:b1:a6:33:58:b8:10:16:48:bf:
                    d6:fa:bc:b9:de:3c:3e:38:72:52:c1:7c:13:5e:f7:
                    a8:54:33:88:d1:c1:48:c8:d6:68:22:e6:5f:06:7a:
                    3e:cd:a4:38:81:33:22:54:66:37:14:d2:07:9b:6b:
                    85:cf:da:a7:6c:22:90:d5:63:cf:2f:57:d0:9c:cb:
                    b6:c6:ae:26:83:1f:88:e8:0f:55:c7:42:0a:8d:5d:
                    82:8b:a0:a9:3d:96:2f:15:ac:48:10:48:5d:c6:22:
                    dd:30:77:6a:e5:ab:29:bd:ba:d6:f4:b4:a9:c6:78:
                    33:90:30:91:33:70:84:d0:fd:f1:56:4d:03:f1:fa:
                    73:65:a7:22:60:dd:d1:9b:df:49:6a:aa:9d:01:0a:
                    7e:58:1d:6d:93:de:a4:46:69:93:95:70:64:7f:d9:
                    e5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:74:D3:4C:F4:2D:D4:DC:2A:CD:0E:A1:98:0C:07:29:B3:6A:D7:1A
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/THTTTPQt1NwqzQ6hmAwHKbNq1xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:ff00:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:97:ef:93:c4:0a:30:6f:a5:01:3b:d8:8d:ac:4a:69:91:7c:
         55:81:91:c6:d0:31:83:22:32:ea:da:a4:d8:26:6c:db:5e:79:
         6a:0a:70:50:40:fa:6d:de:8c:d0:39:82:04:7c:7a:b7:3a:6d:
         c1:a4:c9:75:76:72:83:f9:18:ac:aa:0d:40:ec:4a:98:ba:05:
         03:3b:8a:ef:bf:e1:57:61:c4:22:7d:11:a0:b6:1e:6b:4c:2d:
         e6:11:4d:0e:e3:e5:85:6f:f4:9c:7b:90:21:4f:0b:2a:10:e7:
         0d:a5:4c:f5:28:96:67:f0:04:ca:1d:5c:85:b4:40:ae:0d:7a:
         85:5f:4e:00:64:a3:72:0f:52:27:e8:d8:a8:1a:05:32:df:b1:
         a1:90:68:3c:0a:21:bf:ab:e1:5c:bb:0c:d7:dc:2b:ac:67:16:
         7b:84:f5:30:76:4f:7d:f7:0d:d2:24:ca:28:43:3e:98:1c:a7:
         93:0e:d0:1c:01:49:5d:3f:8d:5e:4f:69:99:21:ff:5b:c8:ac:
         02:2f:00:3f:73:b0:f0:c1:59:87:28:86:80:4f:0a:95:5a:76:
         a4:dc:c7:18:1f:4b:10:bf:61:f4:3f:77:33:06:02:a4:79:74:
         a1:79:a9:ce:8b:9c:b4:a9:3a:c8:b1:29:56:d2:b9:b0:ce:c0:
         6f:b6:df:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+CJXsZ7TxIz+isfdFDekZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwNTE2MTYwNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzc0ZDM0Y2Y0MmRkNGRjMmFjZDBlYTE5ODBjMDcyOWIzNmFkNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhhCDAYBxWs0Xxp3Ygc/e/cUzcvp
5NS8Bq/ZvRYcoNZOfl13YoMt+wcz36yxcLDWvajX+cpwuNfOf7tHxIYDktR8HIA5
gUZALJvLsL8banMI1RN5XTYupZ6yHV8rPbOxpjNYuBAWSL/W+ry53jw+OHJSwXwT
XveoVDOI0cFIyNZoIuZfBno+zaQ4gTMiVGY3FNIHm2uFz9qnbCKQ1WPPL1fQnMu2
xq4mgx+I6A9Vx0IKjV2Ci6CpPZYvFaxIEEhdxiLdMHdq5aspvbrW9LSpxngzkDCR
M3CE0P3xVk0D8fpzZaciYN3Rm99JaqqdAQp+WB1tk96kRmmTlXBkf9nl0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEx000z0LdTcKs0OoZgMBymzatcaMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvVEhUVFRQUXQxTndxelE2aG1Bd0hLYk5xMXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgn/AAED
MA0GCSqGSIb3DQEBCwUAA4IBAQA2l++TxAowb6UBO9iNrEppkXxVgZHG0DGDIjLq
2qTYJmzbXnlqCnBQQPpt3ozQOYIEfHq3Om3BpMl1dnKD+Risqg1A7EqYugUDO4rv
v+FXYcQifRGgth5rTC3mEU0O4+WFb/Sce5AhTwsqEOcNpUz1KJZn8ATKHVyFtECu
DXqFX04AZKNyD1In6NioGgUy37GhkGg8CiG/q+FcuwzX3CusZxZ7hPUwdk999w3S
JMooQz6YHKeTDtAcAUldP41eT2mZIf9byKwCLwA/c7DwwVmHKIaATwqVWnak3McY
H0sQv2H0P3czBgKkeXSheanOi5y0qTrIsSlW0rmwzsBvtt9x
-----END CERTIFICATE-----