Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/4a8yVvkjY-NtaZDAHs_-VuIR7O8.roa
File:                     4a8yVvkjY-NtaZDAHs_-VuIR7O8.roa (raw, json)
Hash identifier:          ZtPGil4SPinYR7ohWwqzx3Vzt7UVXyskYujmHC1naRo=
Subject key identifier:   E1:AF:32:56:F9:23:63:E3:6D:69:90:C0:1E:CF:FE:56:E2:11:EC:EF
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0193559E2E58B9A9B29D17DED8CFCDB73340
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/4a8yVvkjY-NtaZDAHs_-VuIR7O8.roa
Signing time:             Fri 22 Nov 2024 20:44:10 +0000
ROA not before:           Fri 22 Nov 2024 20:44:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213893
IP address blocks:        2a0d:d940:10::/48 maxlen: 48
                          2a0d:d940:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:9e:2e:58:b9:a9:b2:9d:17:de:d8:cf:cd:b7:33:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Nov 22 20:44:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1af3256f92363e36d6990c01ecffe56e211ecef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:30:f3:73:16:40:b9:9c:b8:42:6a:79:82:
                    d1:9f:71:f7:f2:05:d9:0e:d8:13:23:95:21:4a:d3:
                    2a:f0:99:e8:d6:49:d8:93:63:e5:63:ae:a4:9b:f5:
                    61:34:0e:5d:7a:86:67:29:da:e4:37:ed:ba:52:c3:
                    29:63:c9:d0:48:2c:88:da:85:d2:bb:8b:bf:72:f0:
                    e4:d1:5f:8b:12:33:4c:b8:01:24:ee:50:c0:7b:a6:
                    3d:a1:68:bc:ad:33:85:6c:34:e9:ef:62:e0:a9:e6:
                    c6:ca:ad:a0:9f:14:79:1b:7e:25:fe:36:57:fd:bb:
                    58:b1:ab:d3:93:e1:e7:15:69:62:3a:9b:64:92:97:
                    86:98:3c:3d:2b:15:2b:17:00:ec:f4:48:40:8f:0a:
                    f7:14:f8:1d:1b:aa:f7:fb:7b:65:c4:78:57:4c:25:
                    1e:41:78:7b:3b:ce:7b:04:32:38:64:8f:50:09:17:
                    ce:30:28:3e:de:d1:79:19:78:41:9a:b7:13:0b:d0:
                    9c:04:a1:a8:79:46:c3:f1:d4:ad:66:b9:e2:60:6b:
                    f2:15:56:ff:30:ce:22:1d:44:99:f6:55:6a:73:73:
                    7c:97:0c:24:a3:bb:a5:a8:8b:6f:97:85:0f:8e:b7:
                    60:07:ba:40:20:87:c2:e3:a0:1d:5c:b5:29:95:66:
                    08:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:AF:32:56:F9:23:63:E3:6D:69:90:C0:1E:CF:FE:56:E2:11:EC:EF
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/4a8yVvkjY-NtaZDAHs_-VuIR7O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:10::/47

    Signature Algorithm: sha256WithRSAEncryption
         b7:19:f0:ee:33:26:e0:92:de:c9:3b:00:74:c5:ae:aa:ac:72:
         02:bf:62:7d:16:66:d5:5b:ae:12:35:ec:7a:1c:a1:f5:a7:2a:
         43:72:ec:3d:5a:8c:d9:4d:1f:03:00:17:45:29:7a:3c:71:f1:
         0f:43:c1:26:d1:0d:0f:6d:56:db:27:68:92:e1:80:dd:2a:ef:
         b9:00:db:88:e8:4d:e0:07:16:e2:e5:24:c2:8b:00:4e:ea:83:
         e9:e7:f9:9d:b0:8c:0c:ac:74:23:e7:f9:88:6d:a6:04:e8:fd:
         db:d8:be:e1:9c:4c:de:97:ed:e7:f2:b8:e3:b4:a0:ef:19:d2:
         2e:00:53:e2:af:6a:ce:59:bb:a9:1f:87:d3:58:c7:2d:a9:3f:
         8f:2c:51:78:ab:5b:35:60:35:39:d6:d1:b5:29:57:03:e4:9b:
         59:2d:c1:1d:63:b7:1a:69:ce:da:5c:a6:02:f1:0b:dd:7f:08:
         c7:3f:d5:77:1b:31:53:9b:2a:c2:ce:4a:d7:22:52:a7:77:9b:
         72:7c:a6:9d:83:8f:1a:1d:48:da:11:4d:c2:d1:20:cf:12:fe:
         b3:ba:d9:1d:72:ce:53:ad:ca:f0:98:5d:12:8f:18:4f:63:cb:
         3e:e3:24:9e:85:72:20:d6:9b:94:4e:24:b2:5e:95:0a:3d:96:
         24:a4:0a:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNVni5YuamynRfe2M/NtzNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjQxMTIyMjA0NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWFmMzI1NmY5MjM2M2UzNmQ2OTkwYzAxZWNmZmU1NmUyMTFlY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL0w83MWQLmcuEJqeYLRn3H38gXZ
DtgTI5UhStMq8Jno1knYk2PlY66km/VhNA5deoZnKdrkN+26UsMpY8nQSCyI2oXS
u4u/cvDk0V+LEjNMuAEk7lDAe6Y9oWi8rTOFbDTp72LgqebGyq2gnxR5G34l/jZX
/btYsavTk+HnFWliOptkkpeGmDw9KxUrFwDs9EhAjwr3FPgdG6r3+3tlxHhXTCUe
QXh7O857BDI4ZI9QCRfOMCg+3tF5GXhBmrcTC9CcBKGoeUbD8dStZrniYGvyFVb/
MM4iHUSZ9lVqc3N8lwwko7ulqItvl4UPjrdgB7pAIIfC46AdXLUplWYIrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOGvMlb5I2PjbWmQwB7P/lbiEezvMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvNGE4eVZ2a2pZLU50YVpEQUhzXy1WdUlSN084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg3ZQAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC3GfDuMybgkt7JOwB0xa6qrHICv2J9FmbVW64S
Nex6HKH1pypDcuw9WozZTR8DABdFKXo8cfEPQ8Em0Q0PbVbbJ2iS4YDdKu+5ANuI
6E3gBxbi5STCiwBO6oPp5/mdsIwMrHQj5/mIbaYE6P3b2L7hnEzel+3n8rjjtKDv
GdIuAFPir2rOWbupH4fTWMctqT+PLFF4q1s1YDU51tG1KVcD5JtZLcEdY7caac7a
XKYC8QvdfwjHP9V3GzFTmyrCzkrXIlKnd5tyfKadg48aHUjaEU3C0SDPEv6zutkd
cs5TrcrwmF0SjxhPY8s+4ySehXIg1puUTiSyXpUKPZYkpArL
-----END CERTIFICATE-----