Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/Vn39jm42pLwbj2yOKKQ68Oxhyic.roa
File:                     Vn39jm42pLwbj2yOKKQ68Oxhyic.roa (raw, json)
Hash identifier:          rxTLAzr4jnzYrINFXI8uZ7CWbofGDh+1Uu/IShDUcoo=
Subject key identifier:   56:7D:FD:8E:6E:36:A4:BC:1B:8F:6C:8E:28:A4:3A:F0:EC:61:CA:27
Certificate issuer:       /CN=a6a0434bebe5dfa63dda78c24a4ebc1d2cd7369d
Certificate serial:       018CC56EC84E6B6B4F9A5D9BE690700F2946
Authority key identifier: A6:A0:43:4B:EB:E5:DF:A6:3D:DA:78:C2:4A:4E:BC:1D:2C:D7:36:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqBDS-vl36Y92njCSk68HSzXNp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/Vn39jm42pLwbj2yOKKQ68Oxhyic.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208583
IP address blocks:        2a0a:56c4:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/pqBDS-vl36Y92njCSk68HSzXNp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/pqBDS-vl36Y92njCSk68HSzXNp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqBDS-vl36Y92njCSk68HSzXNp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c8:4e:6b:6b:4f:9a:5d:9b:e6:90:70:0f:29:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6a0434bebe5dfa63dda78c24a4ebc1d2cd7369d
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=567dfd8e6e36a4bc1b8f6c8e28a43af0ec61ca27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b1:78:07:ed:56:5c:2a:91:32:81:20:09:b7:
                    ac:cc:4c:3b:6b:58:45:16:0b:19:b3:c4:93:45:82:
                    25:72:dc:6d:d4:a3:e2:cb:31:a0:bd:5e:8c:1e:69:
                    2d:06:d9:00:67:68:00:fd:4e:1c:86:65:ec:37:16:
                    b7:72:1b:f7:bf:9c:da:c4:ae:8a:25:f1:76:02:7e:
                    a2:0d:68:dd:92:df:d5:23:63:0b:3b:aa:bc:17:52:
                    30:2c:14:de:d8:c2:f2:d7:d5:ea:36:91:93:df:d7:
                    c3:b4:6c:af:db:9a:60:4f:99:a5:35:0b:1e:25:82:
                    5b:f5:95:48:4b:58:d9:71:dc:70:6d:3e:2c:6d:2a:
                    b1:dd:85:84:9c:f7:eb:56:84:9d:cc:bb:32:c4:02:
                    58:b3:36:79:e2:d1:01:4e:80:2f:98:bd:c8:8d:78:
                    01:cc:53:cb:e5:c2:60:0d:e2:c3:6d:a2:27:93:92:
                    81:94:2d:41:80:94:c3:cb:75:7a:39:a6:3b:2c:8a:
                    27:2b:94:df:3b:33:09:f3:b7:c5:32:a4:96:4e:9d:
                    68:28:14:79:62:fc:4f:71:4e:70:a4:16:45:98:94:
                    a1:71:30:a5:3f:10:cb:ad:7a:80:2b:70:fd:66:15:
                    71:af:ea:52:46:bd:f7:43:03:cc:1a:87:f3:f6:43:
                    ba:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7D:FD:8E:6E:36:A4:BC:1B:8F:6C:8E:28:A4:3A:F0:EC:61:CA:27
            X509v3 Authority Key Identifier:
                keyid:A6:A0:43:4B:EB:E5:DF:A6:3D:DA:78:C2:4A:4E:BC:1D:2C:D7:36:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqBDS-vl36Y92njCSk68HSzXNp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/Vn39jm42pLwbj2yOKKQ68Oxhyic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/pqBDS-vl36Y92njCSk68HSzXNp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:56c4:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:2f:bb:22:26:71:9b:28:28:ac:f0:41:67:24:81:a2:d8:bb:
         74:77:e2:a6:32:5b:24:fc:15:7f:b4:35:79:4e:1f:d6:9b:95:
         bd:d7:96:e9:8f:8c:39:fc:87:6a:f9:3e:eb:4d:d9:5a:08:b3:
         83:d5:12:2c:d3:a4:b2:dc:99:89:13:67:17:f4:61:04:c8:0f:
         86:62:b9:0b:9f:5b:a8:42:fb:24:f9:e3:30:5d:f9:13:21:5c:
         17:59:8a:fb:e2:49:fa:1e:04:61:78:3f:c3:3e:d6:91:be:55:
         96:d6:30:8c:60:b4:d4:d6:66:7f:c9:d0:b2:3a:aa:96:14:3c:
         d6:62:eb:a6:da:4b:39:2c:ed:ab:58:ed:2c:f7:9c:a5:ac:53:
         ba:3e:9a:b3:d2:7d:2d:92:08:b7:48:54:49:ce:d0:21:16:00:
         78:b3:9d:43:d1:ad:97:d9:99:69:ed:4d:8b:b2:ba:ec:58:a1:
         28:49:5c:fc:8b:cb:e8:86:41:74:b9:3c:1d:64:a8:54:c9:9c:
         c5:3d:df:73:f4:a5:c2:da:cd:01:c5:4c:41:ce:1a:4f:10:40:
         13:8d:a0:43:f5:b2:ec:b1:2f:c3:e5:73:94:53:37:0b:b6:2c:
         dd:c3:bb:9a:d7:17:4f:35:ca:29:9a:c8:77:f1:10:91:22:a3:
         a7:a9:b8:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbshOa2tPml2b5pBwDylGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YTA0MzRiZWJlNWRmYTYzZGRhNzhjMjRhNGViYzFkMmNk
NzM2OWQwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjdkZmQ4ZTZlMzZhNGJjMWI4ZjZjOGUyOGE0M2FmMGVjNjFjYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrF4B+1WXCqRMoEgCbeszEw7a1hF
FgsZs8STRYIlctxt1KPiyzGgvV6MHmktBtkAZ2gA/U4chmXsNxa3chv3v5zaxK6K
JfF2An6iDWjdkt/VI2MLO6q8F1IwLBTe2MLy19XqNpGT39fDtGyv25pgT5mlNQse
JYJb9ZVIS1jZcdxwbT4sbSqx3YWEnPfrVoSdzLsyxAJYszZ54tEBToAvmL3IjXgB
zFPL5cJgDeLDbaInk5KBlC1BgJTDy3V6OaY7LIonK5TfOzMJ87fFMqSWTp1oKBR5
YvxPcU5wpBZFmJShcTClPxDLrXqAK3D9ZhVxr+pSRr33QwPMGofz9kO6eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFZ9/Y5uNqS8G49sjiikOvDsYconMB8GA1UdIwQY
MBaAFKagQ0vr5d+mPdp4wkpOvB0s1zadMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFCRFMtdmwzNlk5Mm5qQ1NrNjhIU3pYTnAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kODM5OGUtMjMyYy00NWMyLWI4ZTAt
OWNlNDc2N2RhMmMxLzEvVm4zOWptNDJwTHdiajJ5T0tLUTY4T3hoeWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kODM5OGUtMjMyYy00NWMyLWI4ZTAtOWNlNDc2N2RhMmMx
LzEvcHFCRFMtdmwzNlk5Mm5qQ1NrNjhIU3pYTnAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgpWxAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQACL7siJnGbKCis8EFnJIGi2Lt0d+KmMlsk/BV/
tDV5Th/Wm5W915bpj4w5/Idq+T7rTdlaCLOD1RIs06Sy3JmJE2cX9GEEyA+GYrkL
n1uoQvsk+eMwXfkTIVwXWYr74kn6HgRheD/DPtaRvlWW1jCMYLTU1mZ/ydCyOqqW
FDzWYuum2ks5LO2rWO0s95ylrFO6Ppqz0n0tkgi3SFRJztAhFgB4s51D0a2X2Zlp
7U2LsrrsWKEoSVz8i8vohkF0uTwdZKhUyZzFPd9z9KXC2s0BxUxBzhpPEEATjaBD
9bLssS/D5XOUUzcLtizdw7ua1xdPNcopmsh38RCRIqOnqbhQ
-----END CERTIFICATE-----