Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/5AZVhGToB-joCSt8LvPyh1Zg9LE.roa
File:                     5AZVhGToB-joCSt8LvPyh1Zg9LE.roa (raw, json)
Hash identifier:          lvP5ZMryZO7caHlWMDVMDMH4TamdIxzaSWI9M8WT19w=
Subject key identifier:   E4:06:55:84:64:E8:07:E8:E8:09:2B:7C:2E:F3:F2:87:56:60:F4:B1
Certificate issuer:       /CN=97ea541c123faa9c0edc729f829e959fd292e37d
Certificate serial:       018CC9BC1BCA89E5909517028965F72D4A41
Authority key identifier: 97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/5AZVhGToB-joCSt8LvPyh1Zg9LE.roa
Signing time:             Tue 02 Jan 2024 10:33:17 +0000
ROA not before:           Tue 02 Jan 2024 10:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0d:9b84:ff00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:1b:ca:89:e5:90:95:17:02:89:65:f7:2d:4a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ea541c123faa9c0edc729f829e959fd292e37d
        Validity
            Not Before: Jan  2 10:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e406558464e807e8e8092b7c2ef3f2875660f4b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e6:9b:37:f0:4f:90:ba:cc:7f:da:4d:52:33:
                    2f:a5:75:a2:7f:83:12:6c:bc:68:de:35:56:fd:26:
                    e7:4f:a5:af:62:b2:cf:7d:0d:df:a5:52:ee:87:55:
                    1d:ec:e5:bd:7e:f5:12:c5:66:b5:b0:80:cb:64:9f:
                    b0:c8:e3:19:7e:28:7e:38:17:02:f8:eb:c5:01:c3:
                    fb:82:28:c9:22:2a:0e:1b:09:0d:c7:0e:6b:fb:5a:
                    2f:97:26:01:62:f1:44:fb:dd:7e:d2:2f:f3:f6:4e:
                    c7:b4:d8:ca:5c:ee:48:8d:22:2f:57:e2:f2:7b:e3:
                    71:36:09:08:09:64:ac:46:17:ce:85:b7:40:15:f0:
                    1c:94:e3:66:21:59:7b:69:71:b9:f6:33:da:43:d7:
                    9c:f8:f9:17:41:ac:94:f2:7e:ad:18:e8:76:72:04:
                    2d:59:9b:b7:71:5d:d8:ce:9a:aa:c0:16:34:54:01:
                    17:60:c8:11:7f:29:09:04:12:d8:b0:23:0d:30:fc:
                    bc:20:aa:a3:83:89:b3:75:17:0f:67:8a:a7:37:a3:
                    af:93:7e:4d:17:99:1f:20:6f:e8:29:df:b5:a9:c1:
                    c4:0d:8a:2c:f4:9b:4b:0c:08:58:06:16:e2:8f:8e:
                    ec:a7:44:c7:96:b4:7b:89:a7:8d:93:51:5e:b3:c2:
                    1e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:06:55:84:64:E8:07:E8:E8:09:2B:7C:2E:F3:F2:87:56:60:F4:B1
            X509v3 Authority Key Identifier:
                keyid:97:EA:54:1C:12:3F:AA:9C:0E:DC:72:9F:82:9E:95:9F:D2:92:E3:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-pUHBI_qpwO3HKfgp6Vn9KS430.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/5AZVhGToB-joCSt8LvPyh1Zg9LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/12155c-cd13-4aa7-8949-638dcfa13003/1/l-pUHBI_qpwO3HKfgp6Vn9KS430.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9b84:ff00::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:11:c4:58:a1:d4:50:fe:32:46:d8:9c:13:ac:6d:26:9c:b5:
         7c:1e:0e:65:b2:c7:f9:58:1c:3b:e5:ad:a5:59:7b:67:80:c3:
         b4:23:7c:7e:39:cc:97:68:ac:ca:ee:b6:bf:ac:55:61:6a:69:
         2e:cd:c8:d1:fa:d6:94:ed:3e:d0:dc:0b:3d:c5:41:b1:fb:9e:
         06:9e:1c:6f:17:9c:e0:bd:a0:2e:ba:f0:c6:9e:a9:ff:08:20:
         fc:8c:5c:d6:dd:4d:46:6e:39:52:d5:6e:99:51:1e:94:ad:76:
         b4:bc:a0:7c:42:df:28:0b:f4:7f:25:c2:03:b7:42:2f:21:e0:
         6e:a0:25:3a:cc:e1:7d:34:65:b2:5d:1a:e3:3d:b5:aa:be:32:
         4c:a4:fc:99:2e:e8:41:15:99:5b:71:8b:7b:ef:65:21:9c:0a:
         84:d1:81:cf:6d:15:05:5a:98:f0:fe:a0:54:8b:c0:83:59:fc:
         b1:7f:af:c7:21:ba:22:2c:2c:d0:8c:93:8b:3a:8d:21:1f:74:
         d9:f2:61:d7:8d:27:90:4b:fa:bd:3f:4b:b8:55:1a:3a:5e:e0:
         75:2d:e3:aa:9e:47:60:03:bf:1c:31:a5:18:dc:a1:5e:4a:18:
         90:42:3d:0c:f7:7f:f7:0f:88:86:8f:b0:bf:a8:8d:f8:9a:b4:
         19:33:51:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvBvKieWQlRcCiWX3LUpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWE1NDFjMTIzZmFhOWMwZWRjNzI5ZjgyOWU5NTlmZDI5
MmUzN2QwHhcNMjQwMTAyMTAzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDA2NTU4NDY0ZTgwN2U4ZTgwOTJiN2MyZWYzZjI4NzU2NjBmNGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheabN/BPkLrMf9pNUjMvpXWif4MS
bLxo3jVW/SbnT6WvYrLPfQ3fpVLuh1Ud7OW9fvUSxWa1sIDLZJ+wyOMZfih+OBcC
+OvFAcP7gijJIioOGwkNxw5r+1ovlyYBYvFE+91+0i/z9k7HtNjKXO5IjSIvV+Ly
e+NxNgkICWSsRhfOhbdAFfAclONmIVl7aXG59jPaQ9ec+PkXQayU8n6tGOh2cgQt
WZu3cV3YzpqqwBY0VAEXYMgRfykJBBLYsCMNMPy8IKqjg4mzdRcPZ4qnN6Ovk35N
F5kfIG/oKd+1qcHEDYos9JtLDAhYBhbij47sp0THlrR7iaeNk1Fes8IeiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOQGVYRk6Afo6AkrfC7z8odWYPSxMB8GA1UdIwQY
MBaAFJfqVBwSP6qcDtxyn4KelZ/SkuN9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC1wVUhCSV9xcHdPM0hLZmdwNlZuOUtTNDMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xMjE1NWMtY2QxMy00YWE3LTg5NDkt
NjM4ZGNmYTEzMDAzLzEvNUFaVmhHVG9CLWpvQ1N0OEx2UHloMVpnOUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xMjE1NWMtY2QxMy00YWE3LTg5NDktNjM4ZGNmYTEzMDAz
LzEvbC1wVUhCSV9xcHdPM0hLZmdwNlZuOUtTNDMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2bhP8A
MA0GCSqGSIb3DQEBCwUAA4IBAQCaEcRYodRQ/jJG2JwTrG0mnLV8Hg5lssf5WBw7
5a2lWXtngMO0I3x+OcyXaKzK7ra/rFVhamkuzcjR+taU7T7Q3As9xUGx+54Gnhxv
F5zgvaAuuvDGnqn/CCD8jFzW3U1GbjlS1W6ZUR6UrXa0vKB8Qt8oC/R/JcIDt0Iv
IeBuoCU6zOF9NGWyXRrjPbWqvjJMpPyZLuhBFZlbcYt772UhnAqE0YHPbRUFWpjw
/qBUi8CDWfyxf6/HIboiLCzQjJOLOo0hH3TZ8mHXjSeQS/q9P0u4VRo6XuB1LeOq
nkdgA78cMaUY3KFeShiQQj0M93/3D4iGj7C/qI34mrQZM1GY
-----END CERTIFICATE-----