Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/e2dTYMeCZd6X0oA4lUOujgNQInQ.roa
File:                     e2dTYMeCZd6X0oA4lUOujgNQInQ.roa (raw, json)
Hash identifier:          hBoqHGHNoAbsSyuO9aOHX1MOrKiWmnLEJDr9Szdue/4=
Subject key identifier:   7B:67:53:60:C7:82:65:DE:97:D2:80:38:95:43:AE:8E:03:50:22:74
Certificate issuer:       /CN=e9aab1446100a8fce03df19d755e06329ee24713
Certificate serial:       018CC56E00742B13964D6861D7033AF27621
Authority key identifier: E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/e2dTYMeCZd6X0oA4lUOujgNQInQ.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33886
IP address blocks:        2a00:1a28:1106::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:00:74:2b:13:96:4d:68:61:d7:03:3a:f2:76:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9aab1446100a8fce03df19d755e06329ee24713
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b675360c78265de97d280389543ae8e03502274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:f5:7c:2f:52:65:8d:ab:a9:fd:47:e4:10:
                    f7:dc:5a:22:f0:58:4f:27:f0:c8:52:3e:6f:b2:a1:
                    a7:20:68:16:f1:30:28:74:3e:67:ae:c8:e3:30:a6:
                    50:99:cc:5b:23:6c:3a:fc:d7:65:b3:10:38:02:5d:
                    28:83:9b:62:bf:8c:78:a0:a0:a8:0b:af:e0:ca:84:
                    0c:8a:ad:fb:b3:e8:94:88:52:1a:ed:99:fd:c2:2e:
                    56:6b:0b:d5:50:58:cc:6f:8b:c1:ca:40:47:89:71:
                    30:8c:b8:6b:23:d8:9b:22:91:2b:97:0f:f2:e1:4c:
                    81:24:b5:bb:94:03:f9:52:7f:09:e2:6a:aa:9a:a0:
                    e8:17:e5:94:c1:af:f9:94:98:47:21:14:af:4c:99:
                    5a:8f:02:f4:8e:3f:b4:d0:56:e4:31:c7:a2:37:4f:
                    d4:b4:84:69:18:cf:8d:78:23:6e:38:03:92:10:c6:
                    f6:25:9e:d0:66:c8:8b:e5:a2:b8:63:3e:67:b6:a6:
                    53:4f:4d:42:97:ce:c9:19:c0:70:5c:43:a5:c4:3e:
                    a5:af:b8:b4:b2:b1:cb:c3:25:2d:14:c2:22:c1:38:
                    5b:ba:71:bc:99:4a:8e:df:da:f8:a8:5e:54:1c:7d:
                    c5:64:9c:ad:94:d8:72:e6:0a:84:f6:cf:12:f4:60:
                    e7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:67:53:60:C7:82:65:DE:97:D2:80:38:95:43:AE:8E:03:50:22:74
            X509v3 Authority Key Identifier:
                keyid:E9:AA:B1:44:61:00:A8:FC:E0:3D:F1:9D:75:5E:06:32:9E:E2:47:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6aqxRGEAqPzgPfGddV4GMp7iRxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/e2dTYMeCZd6X0oA4lUOujgNQInQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/71e09c-28f3-4825-806f-a0dc354f4ca3/1/6aqxRGEAqPzgPfGddV4GMp7iRxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1a28:1106::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:77:75:ea:20:47:70:83:27:d5:9e:79:a3:b3:36:f4:5f:96:
         5d:5c:52:6b:25:92:b7:08:e4:3b:1b:2d:6c:eb:11:d6:51:3c:
         eb:e1:0f:23:1a:ba:e0:c0:a6:10:81:a7:2c:43:aa:36:94:db:
         ef:6c:98:a8:bb:25:b5:6c:91:33:ff:e9:36:c5:01:ee:64:78:
         7a:14:d0:0c:2b:a1:53:d1:fa:64:09:0e:84:76:c7:6a:32:f5:
         f4:0b:54:d1:71:6c:ce:d0:9c:7a:60:27:e9:cb:95:c3:d1:72:
         22:08:bb:c7:71:10:f5:3d:2f:32:d1:66:54:7d:91:62:c0:3f:
         d7:0e:bb:dd:ea:10:ab:f8:6a:6d:ee:58:38:6e:3b:3a:5d:1a:
         10:93:3d:3e:74:e5:e1:03:c6:a0:27:a5:9d:15:fd:77:9c:7d:
         99:7f:3c:cc:5c:2d:25:78:a6:f1:52:3b:58:73:6b:85:d8:2f:
         31:97:1e:d2:13:5d:7d:6f:3d:47:38:76:b6:36:85:b5:6c:da:
         db:c0:39:68:1b:9b:4f:51:9a:0f:74:cb:8c:85:6d:c2:53:11:
         81:cd:c7:dd:3b:fb:ef:3b:a3:f5:00:07:9b:00:5a:bc:a9:37:
         ea:2f:b8:d1:53:ee:62:e6:2c:0b:aa:a0:9c:bd:68:b2:34:62:
         35:8c:d8:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbgB0KxOWTWhh1wM68nYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWFiMTQ0NjEwMGE4ZmNlMDNkZjE5ZDc1NWUwNjMyOWVl
MjQ3MTMwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjY3NTM2MGM3ODI2NWRlOTdkMjgwMzg5NTQzYWU4ZTAzNTAyMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1z1fC9SZY2rqf1H5BD33Foi8FhP
J/DIUj5vsqGnIGgW8TAodD5nrsjjMKZQmcxbI2w6/NdlsxA4Al0og5tiv4x4oKCo
C6/gyoQMiq37s+iUiFIa7Zn9wi5WawvVUFjMb4vBykBHiXEwjLhrI9ibIpErlw/y
4UyBJLW7lAP5Un8J4mqqmqDoF+WUwa/5lJhHIRSvTJlajwL0jj+00FbkMceiN0/U
tIRpGM+NeCNuOAOSEMb2JZ7QZsiL5aK4Yz5ntqZTT01Cl87JGcBwXEOlxD6lr7i0
srHLwyUtFMIiwThbunG8mUqO39r4qF5UHH3FZJytlNhy5gqE9s8S9GDnpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHtnU2DHgmXel9KAOJVDro4DUCJ0MB8GA1UdIwQY
MBaAFOmqsURhAKj84D3xnXVeBjKe4kcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYt
YTBkYzM1NGY0Y2EzLzEvZTJkVFlNZUNaZDZYMG9BNGxVT3VqZ05RSW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83MWUwOWMtMjhmMy00ODI1LTgwNmYtYTBkYzM1NGY0Y2Ez
LzEvNmFxeFJHRUFxUHpnUGZHZGRWNEdNcDdpUnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAaKBEG
MA0GCSqGSIb3DQEBCwUAA4IBAQAjd3XqIEdwgyfVnnmjszb0X5ZdXFJrJZK3COQ7
Gy1s6xHWUTzr4Q8jGrrgwKYQgacsQ6o2lNvvbJiouyW1bJEz/+k2xQHuZHh6FNAM
K6FT0fpkCQ6EdsdqMvX0C1TRcWzO0Jx6YCfpy5XD0XIiCLvHcRD1PS8y0WZUfZFi
wD/XDrvd6hCr+Gpt7lg4bjs6XRoQkz0+dOXhA8agJ6WdFf13nH2ZfzzMXC0leKbx
UjtYc2uF2C8xlx7SE119bz1HOHa2NoW1bNrbwDloG5tPUZoPdMuMhW3CUxGBzcfd
O/vvO6P1AAebAFq8qTfqL7jRU+5i5iwLqqCcvWiyNGI1jNgV
-----END CERTIFICATE-----