Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/xyXSw3CkjzNAb0Kkb0l4DUa0QZU.roa
File:                     xyXSw3CkjzNAb0Kkb0l4DUa0QZU.roa (raw, json)
Hash identifier:          qV+n5eOYG+qt2TiXEIwjHol1fecoOB0qRzExuBlf/Zg=
Subject key identifier:   C7:25:D2:C3:70:A4:8F:33:40:6F:42:A4:6F:49:78:0D:46:B4:41:95
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       019318559221706EFC5F011C61E76746DED4
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/xyXSw3CkjzNAb0Kkb0l4DUa0QZU.roa
Signing time:             Sun 10 Nov 2024 23:08:01 +0000
ROA not before:           Sun 10 Nov 2024 23:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        2a0b:4141::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:18:55:92:21:70:6e:fc:5f:01:1c:61:e7:67:46:de:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Nov 10 23:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c725d2c370a48f33406f42a46f49780d46b44195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ea:14:48:49:fc:e8:bb:a0:e6:f5:4b:c4:eb:
                    b2:ae:2f:76:9c:25:0b:f6:12:75:e9:55:b6:ff:62:
                    d6:9a:c9:2b:e8:bc:5b:88:ce:63:69:ff:2c:fc:b4:
                    5b:e8:4e:90:3b:1d:09:14:cb:6f:c3:b0:95:e6:13:
                    f2:f3:ef:eb:e9:4c:08:20:63:23:ae:15:d6:ed:29:
                    4d:d8:eb:43:e0:92:c1:60:80:a9:e6:ff:36:d0:93:
                    c6:e5:c5:6e:14:cb:64:be:06:26:a0:4e:51:96:7c:
                    e4:d0:10:c9:56:c9:14:ee:8f:ab:40:d1:5f:2d:22:
                    d4:78:2a:ca:32:84:5e:2d:58:98:6c:88:90:3e:f3:
                    63:d1:79:bd:72:1d:d6:58:45:c2:20:ce:eb:01:c0:
                    f2:dd:9e:50:90:26:7f:21:06:db:bd:3a:82:1a:d4:
                    95:d9:07:cb:6c:c7:c9:3b:0f:2a:62:97:a8:3b:81:
                    18:01:b4:99:bc:af:3b:15:c1:4c:e9:16:48:c8:37:
                    26:8a:7f:50:f3:ae:4c:52:2e:ef:ca:aa:9b:10:af:
                    4e:59:2c:de:8e:9d:15:4f:a2:d4:d6:60:dd:19:4a:
                    33:63:15:a5:d4:51:e1:e4:2f:e3:88:67:90:ad:35:
                    79:3c:a0:2d:d2:bb:0e:d7:50:d6:c2:a5:90:f9:ca:
                    52:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:25:D2:C3:70:A4:8F:33:40:6F:42:A4:6F:49:78:0D:46:B4:41:95
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/xyXSw3CkjzNAb0Kkb0l4DUa0QZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4141::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:4c:c1:f2:35:db:a4:75:e1:fc:6e:20:42:f8:27:f7:ff:54:
         29:69:b2:47:52:45:f4:bb:cb:fc:12:a1:b3:ef:1f:6a:f7:be:
         d8:f8:dc:40:a6:e6:2f:8c:6f:4a:93:3b:8d:51:bf:82:8a:2f:
         6d:8c:e7:20:95:5c:25:41:ed:2b:39:46:0c:7f:a8:c1:88:e0:
         b2:67:4f:10:3d:20:57:34:83:4a:a5:1b:f7:c1:ac:31:db:92:
         25:06:ee:78:3c:34:f5:a7:c4:0c:a5:f8:7b:71:f2:32:36:9b:
         e6:b4:fe:b1:3b:32:c0:af:ff:1f:af:29:17:c6:84:56:77:39:
         72:64:c1:ff:e5:f4:6d:2b:ee:76:bd:e1:40:45:70:fd:59:61:
         c7:76:1b:ab:70:40:71:af:11:5a:fc:dd:ad:e0:90:1e:f8:f8:
         48:7a:6a:df:d9:0b:e0:96:bd:2d:42:e3:c9:00:ea:a7:9e:e1:
         8e:c1:40:f8:c7:cb:53:c5:9b:5c:a4:33:33:b0:8c:87:78:49:
         df:0b:b2:9b:4d:93:4c:9c:67:89:8a:9d:cd:ce:d9:05:63:1d:
         61:ff:39:a3:2b:31:34:a1:59:48:ae:f3:1c:7d:1d:a1:e4:9b:
         7a:12:bb:6c:e9:50:55:16:20:f4:a4:5a:eb:87:23:b7:0c:73:
         10:b6:7f:24
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMYVZIhcG78XwEcYednRt7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQxMTEwMjMwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI1ZDJjMzcwYTQ4ZjMzNDA2ZjQyYTQ2ZjQ5NzgwZDQ2YjQ0MTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeoUSEn86Lug5vVLxOuyri92nCUL
9hJ16VW2/2LWmskr6LxbiM5jaf8s/LRb6E6QOx0JFMtvw7CV5hPy8+/r6UwIIGMj
rhXW7SlN2OtD4JLBYICp5v820JPG5cVuFMtkvgYmoE5Rlnzk0BDJVskU7o+rQNFf
LSLUeCrKMoReLViYbIiQPvNj0Xm9ch3WWEXCIM7rAcDy3Z5QkCZ/IQbbvTqCGtSV
2QfLbMfJOw8qYpeoO4EYAbSZvK87FcFM6RZIyDcmin9Q865MUi7vyqqbEK9OWSze
jp0VT6LU1mDdGUozYxWl1FHh5C/jiGeQrTV5PKAt0rsO11DWwqWQ+cpSlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMcl0sNwpI8zQG9CpG9JeA1GtEGVMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEveHlYU3czQ2tqek5BYjBLa2IwbDREVWEwUVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtBQTAN
BgkqhkiG9w0BAQsFAAOCAQEAo0zB8jXbpHXh/G4gQvgn9/9UKWmyR1JF9LvL/BKh
s+8fave+2PjcQKbmL4xvSpM7jVG/goovbYznIJVcJUHtKzlGDH+owYjgsmdPED0g
VzSDSqUb98GsMduSJQbueDw09afEDKX4e3HyMjab5rT+sTsywK//H68pF8aEVnc5
cmTB/+X0bSvudr3hQEVw/Vlhx3Ybq3BAca8RWvzdreCQHvj4SHpq39kL4Ja9LULj
yQDqp57hjsFA+MfLU8WbXKQzM7CMh3hJ3wuym02TTJxniYqdzc7ZBWMdYf85oysx
NKFZSK7zHH0doeSbehK7bOlQVRYg9KRa64cjtwxzELZ/JA==
-----END CERTIFICATE-----