Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/UDDIj4jK3Eev7dkzg5PAj5lzjnk.roa
File:                     UDDIj4jK3Eev7dkzg5PAj5lzjnk.roa (raw, json)
Hash identifier:          n0/zd9CbtRflNkHeIp7YE++xnlex4D33T4dd0l4ZZS8=
Subject key identifier:   50:30:C8:8F:88:CA:DC:47:AF:ED:D9:33:83:93:C0:8F:99:73:8E:79
Certificate issuer:       /CN=18e1732f2c80e3ea4d7279d252b874a6164c35b4
Certificate serial:       018CC8705FE0E285429E6BB8A5C2F796923F
Authority key identifier: 18:E1:73:2F:2C:80:E3:EA:4D:72:79:D2:52:B8:74:A6:16:4C:35:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GOFzLyyA4-pNcnnSUrh0phZMNbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/UDDIj4jK3Eev7dkzg5PAj5lzjnk.roa
Signing time:             Tue 02 Jan 2024 04:30:56 +0000
ROA not before:           Tue 02 Jan 2024 04:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0e:c147::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/GOFzLyyA4-pNcnnSUrh0phZMNbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/GOFzLyyA4-pNcnnSUrh0phZMNbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GOFzLyyA4-pNcnnSUrh0phZMNbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:5f:e0:e2:85:42:9e:6b:b8:a5:c2:f7:96:92:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18e1732f2c80e3ea4d7279d252b874a6164c35b4
        Validity
            Not Before: Jan  2 04:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5030c88f88cadc47afedd9338393c08f99738e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:de:7f:27:76:e2:b8:f5:1d:af:05:77:72:60:
                    5f:d0:b4:77:21:72:e8:04:67:cf:31:cd:99:17:cb:
                    71:0b:2d:0e:4b:73:79:89:68:c9:0c:b6:5b:8b:9d:
                    81:89:2a:fa:83:97:ff:9b:f6:69:5a:03:1e:2d:4e:
                    96:62:bb:ac:8b:e7:2e:bb:dc:33:38:69:3a:82:42:
                    9e:db:7c:5b:7c:09:43:cc:7e:21:e9:05:b4:b9:3a:
                    0d:97:7d:10:45:53:bc:f8:6f:d8:cf:e4:32:5e:3d:
                    85:7b:52:8c:c9:5b:56:ab:29:28:12:70:14:bc:0b:
                    96:ec:50:ab:94:6c:8b:f0:3b:f1:67:e5:88:09:6d:
                    69:95:91:b3:b3:11:47:e9:19:d8:31:b4:67:89:9b:
                    43:fe:24:4f:f6:29:23:c1:7f:51:9a:cb:f3:9e:bc:
                    0f:4d:15:b0:48:96:77:3b:f2:e6:ae:aa:06:5a:b9:
                    7b:3a:69:24:5c:df:dc:c8:73:1c:0f:f0:50:5c:d8:
                    20:33:98:94:d7:25:97:6e:ea:a4:e3:af:8c:b0:ad:
                    04:86:e2:5f:b5:4f:ab:f5:00:b8:79:b4:61:0b:22:
                    9b:bf:f0:09:5e:60:bc:d7:34:3e:81:66:5e:71:b0:
                    99:ad:66:ad:4c:13:df:6f:a5:a2:ca:54:df:7c:82:
                    01:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:30:C8:8F:88:CA:DC:47:AF:ED:D9:33:83:93:C0:8F:99:73:8E:79
            X509v3 Authority Key Identifier:
                keyid:18:E1:73:2F:2C:80:E3:EA:4D:72:79:D2:52:B8:74:A6:16:4C:35:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GOFzLyyA4-pNcnnSUrh0phZMNbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/UDDIj4jK3Eev7dkzg5PAj5lzjnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ace18f-ed7c-479f-855d-e409260015ef/1/GOFzLyyA4-pNcnnSUrh0phZMNbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c147::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:63:51:59:56:46:ab:9a:69:78:1c:0d:58:9d:c9:d6:7f:92:
         56:b0:35:42:bc:13:44:ac:7c:5c:6c:2a:f1:0d:fc:81:63:1e:
         c2:91:a2:75:b5:cd:1b:84:ba:8c:e6:aa:a1:49:e0:dc:e2:17:
         20:ea:c3:0b:ef:eb:90:07:a8:37:a5:da:d0:0e:3a:17:28:f9:
         c2:ae:b1:1a:5b:a2:8f:d3:5e:0d:35:81:ed:4c:df:47:42:7a:
         1e:71:8d:24:8e:1b:c0:20:12:22:5d:96:b8:72:a9:f7:d8:98:
         6b:5d:e3:4c:8d:0c:34:67:9d:95:45:2e:3a:a1:97:61:2a:d7:
         60:73:66:a5:9d:56:66:16:74:57:31:54:5a:a1:70:9d:b4:39:
         f2:bf:a3:95:9f:e2:95:51:da:c2:26:6b:4a:1c:59:7f:60:68:
         ae:25:07:99:f4:a1:7f:6a:c3:33:6c:ff:60:bd:3e:d0:ac:d2:
         b2:79:fd:13:ba:9f:e0:5e:06:a8:50:be:67:cb:35:26:43:91:
         a0:40:d5:84:a0:58:a3:2d:fd:8c:2a:39:07:11:67:8b:bc:24:
         1a:b3:60:72:5c:4b:41:80:dc:c4:80:67:e4:d8:48:b6:f8:b5:
         85:cb:81:1a:74:3a:28:e5:34:24:1d:76:7e:d4:ae:d1:16:8f:
         d3:24:c1:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIcF/g4oVCnmu4pcL3lpI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZTE3MzJmMmM4MGUzZWE0ZDcyNzlkMjUyYjg3NGE2MTY0
YzM1YjQwHhcNMjQwMTAyMDQzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDMwYzg4Zjg4Y2FkYzQ3YWZlZGQ5MzM4MzkzYzA4Zjk5NzM4ZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmt5/J3biuPUdrwV3cmBf0LR3IXLo
BGfPMc2ZF8txCy0OS3N5iWjJDLZbi52BiSr6g5f/m/ZpWgMeLU6WYrusi+cuu9wz
OGk6gkKe23xbfAlDzH4h6QW0uToNl30QRVO8+G/Yz+QyXj2Fe1KMyVtWqykoEnAU
vAuW7FCrlGyL8DvxZ+WICW1plZGzsxFH6RnYMbRniZtD/iRP9ikjwX9RmsvznrwP
TRWwSJZ3O/LmrqoGWrl7OmkkXN/cyHMcD/BQXNggM5iU1yWXbuqk46+MsK0EhuJf
tU+r9QC4ebRhCyKbv/AJXmC81zQ+gWZecbCZrWatTBPfb6WiylTffIIBmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFAwyI+IytxHr+3ZM4OTwI+Zc455MB8GA1UdIwQY
MBaAFBjhcy8sgOPqTXJ50lK4dKYWTDW0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR09Gekx5eUE0LXBOY25uU1VyaDBwaFpNTmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hY2UxOGYtZWQ3Yy00NzlmLTg1NWQt
ZTQwOTI2MDAxNWVmLzEvVURESWo0akszRWV2N2Rremc1UEFqNWx6am5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hY2UxOGYtZWQ3Yy00NzlmLTg1NWQtZTQwOTI2MDAxNWVm
LzEvR09Gekx5eUE0LXBOY25uU1VyaDBwaFpNTmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7BRzAN
BgkqhkiG9w0BAQsFAAOCAQEAW2NRWVZGq5ppeBwNWJ3J1n+SVrA1QrwTRKx8XGwq
8Q38gWMewpGidbXNG4S6jOaqoUng3OIXIOrDC+/rkAeoN6Xa0A46Fyj5wq6xGlui
j9NeDTWB7UzfR0J6HnGNJI4bwCASIl2WuHKp99iYa13jTI0MNGedlUUuOqGXYSrX
YHNmpZ1WZhZ0VzFUWqFwnbQ58r+jlZ/ilVHawiZrShxZf2BoriUHmfShf2rDM2z/
YL0+0KzSsnn9E7qf4F4GqFC+Z8s1JkORoEDVhKBYoy39jCo5BxFni7wkGrNgclxL
QYDcxIBn5NhItvi1hcuBGnQ6KOU0JB12ftSu0RaP0yTBEg==
-----END CERTIFICATE-----