Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/c7b495-0119-4cf9-b0b2-d2060d3a4332/1/2LL-AKmmbsQRdC1Q5QdGWut78d4.roa
File:                     2LL-AKmmbsQRdC1Q5QdGWut78d4.roa (raw, json)
Hash identifier:          urfoKnwBRRTdtReer7OH2bNvLx//qIp7th7HbuPGhuQ=
Subject key identifier:   D8:B2:FE:00:A9:A6:6E:C4:11:74:2D:50:E5:07:46:5A:EB:7B:F1:DE
Certificate issuer:       /CN=2d5fe056f7677e43a6ef1aa1a0a05c07c4b4b65c
Certificate serial:       0190EF4351763F10C0BD12B76560818BBFAE
Authority key identifier: 2D:5F:E0:56:F7:67:7E:43:A6:EF:1A:A1:A0:A0:5C:07:C4:B4:B6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LV_gVvdnfkOm7xqhoKBcB8S0tlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/c7b495-0119-4cf9-b0b2-d2060d3a4332/1/2LL-AKmmbsQRdC1Q5QdGWut78d4.roa
Signing time:             Fri 26 Jul 2024 13:38:04 +0000
ROA not before:           Fri 26 Jul 2024 13:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5482
IP address blocks:        2a0b:5f00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/c7b495-0119-4cf9-b0b2-d2060d3a4332/1/LV_gVvdnfkOm7xqhoKBcB8S0tlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/c7b495-0119-4cf9-b0b2-d2060d3a4332/1/LV_gVvdnfkOm7xqhoKBcB8S0tlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LV_gVvdnfkOm7xqhoKBcB8S0tlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ef:43:51:76:3f:10:c0:bd:12:b7:65:60:81:8b:bf:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d5fe056f7677e43a6ef1aa1a0a05c07c4b4b65c
        Validity
            Not Before: Jul 26 13:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8b2fe00a9a66ec411742d50e507465aeb7bf1de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e3:75:ce:f3:bd:f8:ef:6c:c7:18:42:db:6f:
                    07:41:68:11:16:77:d6:e6:2d:d8:15:31:c4:52:34:
                    a2:c5:bc:e7:2c:67:e2:db:cf:18:d3:e7:8f:db:cc:
                    04:b9:8c:74:65:59:d0:5d:fc:ae:1a:e8:65:03:58:
                    bf:25:dc:90:cb:03:67:cf:1b:2b:0b:c5:ea:79:a6:
                    6d:73:a2:32:90:18:22:4b:e3:2d:fc:77:b1:60:03:
                    1b:e6:2d:5b:a0:69:74:59:b9:b9:b4:57:c0:3f:0e:
                    b9:0d:e5:bd:9e:03:e7:db:75:62:88:85:a4:d9:2b:
                    a7:2f:e6:2e:cb:6d:49:f5:ff:bf:af:03:e1:f7:5b:
                    b1:5a:56:e0:ad:5b:da:32:8b:08:e3:56:f9:4e:19:
                    38:72:bf:d0:63:db:c3:96:be:a2:a2:4b:cc:be:74:
                    b7:31:1e:0f:e1:e5:65:10:4c:1c:93:84:e5:5f:c3:
                    67:1f:3d:7a:4c:cf:90:56:21:9d:22:78:fe:03:f7:
                    ff:83:35:96:08:0e:be:ee:5d:49:ad:fd:9a:7f:d1:
                    a9:ff:a6:89:22:be:05:28:26:98:65:d6:f8:5a:d5:
                    a4:7d:72:ff:c7:ea:c2:2c:d2:2c:ae:28:46:3a:21:
                    40:77:7a:72:52:e3:78:9c:36:f1:3f:e7:1f:3f:95:
                    09:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B2:FE:00:A9:A6:6E:C4:11:74:2D:50:E5:07:46:5A:EB:7B:F1:DE
            X509v3 Authority Key Identifier:
                keyid:2D:5F:E0:56:F7:67:7E:43:A6:EF:1A:A1:A0:A0:5C:07:C4:B4:B6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LV_gVvdnfkOm7xqhoKBcB8S0tlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/c7b495-0119-4cf9-b0b2-d2060d3a4332/1/2LL-AKmmbsQRdC1Q5QdGWut78d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/c7b495-0119-4cf9-b0b2-d2060d3a4332/1/LV_gVvdnfkOm7xqhoKBcB8S0tlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:5f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:21:35:5f:7f:d2:9d:e2:c6:06:b6:48:14:dd:f8:3d:92:03:
         d0:f3:b5:85:14:84:07:60:b4:3b:56:ce:7f:fa:f7:46:bb:4d:
         a5:5d:4e:60:50:02:69:eb:53:1d:58:ce:8d:ce:99:df:79:25:
         9a:0f:9c:1d:02:e5:35:19:04:1b:b0:a0:ee:e9:3f:c3:14:58:
         4d:59:39:d0:c2:9e:d6:2f:72:6f:8e:56:f1:e2:7c:69:f6:06:
         48:dd:50:e0:04:ef:cf:0f:35:18:30:d3:38:30:1a:40:d6:8f:
         62:f6:1a:9b:d1:27:2c:16:72:f7:8b:0c:79:da:b4:14:36:9b:
         e0:84:27:5d:18:34:df:3c:ee:2d:c1:61:e5:ee:19:b2:ab:86:
         52:77:eb:52:ec:c1:5a:28:32:ec:f5:98:e7:04:9b:75:2b:a0:
         f7:04:71:25:8a:6c:8a:29:fc:02:93:6c:d9:f9:ed:6b:53:11:
         a6:e3:27:e0:9e:66:21:b8:02:4c:b1:34:9e:6f:fd:35:c7:21:
         6c:5c:10:af:fa:dc:60:65:be:7b:c4:07:ee:7f:3a:3f:89:86:
         11:e2:7c:59:d4:04:41:bf:3f:3a:cf:cd:02:fc:36:47:57:6c:
         7c:83:15:79:d9:39:b3:b3:22:6b:3d:06:f7:f5:de:b4:c8:85:
         46:97:94:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDvQ1F2PxDAvRK3ZWCBi7+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNWZlMDU2Zjc2NzdlNDNhNmVmMWFhMWEwYTA1YzA3YzRi
NGI2NWMwHhcNMjQwNzI2MTMzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGIyZmUwMGE5YTY2ZWM0MTE3NDJkNTBlNTA3NDY1YWViN2JmMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eN1zvO9+O9sxxhC228HQWgRFnfW
5i3YFTHEUjSixbznLGfi288Y0+eP28wEuYx0ZVnQXfyuGuhlA1i/JdyQywNnzxsr
C8XqeaZtc6IykBgiS+Mt/HexYAMb5i1boGl0Wbm5tFfAPw65DeW9ngPn23ViiIWk
2SunL+Yuy21J9f+/rwPh91uxWlbgrVvaMosI41b5Thk4cr/QY9vDlr6iokvMvnS3
MR4P4eVlEEwck4TlX8NnHz16TM+QViGdInj+A/f/gzWWCA6+7l1Jrf2af9Gp/6aJ
Ir4FKCaYZdb4WtWkfXL/x+rCLNIsrihGOiFAd3pyUuN4nDbxP+cfP5UJlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNiy/gCppm7EEXQtUOUHRlrre/HeMB8GA1UdIwQY
MBaAFC1f4Fb3Z35Dpu8aoaCgXAfEtLZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZfZ1Z2ZG5ma09tN3hxaG9LQmNCOFMwdGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9jN2I0OTUtMDExOS00Y2Y5LWIwYjIt
ZDIwNjBkM2E0MzMyLzEvMkxMLUFLbW1ic1FSZEMxUTVRZEdXdXQ3OGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9jN2I0OTUtMDExOS00Y2Y5LWIwYjItZDIwNjBkM2E0MzMy
LzEvTFZfZ1Z2ZG5ma09tN3hxaG9LQmNCOFMwdGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtfADAN
BgkqhkiG9w0BAQsFAAOCAQEAfiE1X3/SneLGBrZIFN34PZID0PO1hRSEB2C0O1bO
f/r3RrtNpV1OYFACaetTHVjOjc6Z33klmg+cHQLlNRkEG7Cg7uk/wxRYTVk50MKe
1i9yb45W8eJ8afYGSN1Q4ATvzw81GDDTODAaQNaPYvYam9EnLBZy94sMedq0FDab
4IQnXRg03zzuLcFh5e4ZsquGUnfrUuzBWigy7PWY5wSbdSug9wRxJYpsiin8ApNs
2fnta1MRpuMn4J5mIbgCTLE0nm/9NcchbFwQr/rcYGW+e8QH7n86P4mGEeJ8WdQE
Qb8/Os/NAvw2R1dsfIMVedk5s7Miaz0G9/XetMiFRpeUiQ==
-----END CERTIFICATE-----