Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/RZtSFm-nOPPpm_1PDpKNdsrOnSk.roa
File:                     RZtSFm-nOPPpm_1PDpKNdsrOnSk.roa (raw, json)
Hash identifier:          5lxOYMSQDWpUzoRZKZynMtIw02xR/RZbTm98qg2bbYQ=
Subject key identifier:   45:9B:52:16:6F:A7:38:F3:E9:9B:FD:4F:0E:92:8D:76:CA:CE:9D:29
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019129ACA050C50F07F191D9992C28DD1A1E
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/RZtSFm-nOPPpm_1PDpKNdsrOnSk.roa
Signing time:             Tue 06 Aug 2024 21:51:04 +0000
ROA not before:           Tue 06 Aug 2024 21:51:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214576
IP address blocks:        2a0e:4005:1002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:29:ac:a0:50:c5:0f:07:f1:91:d9:99:2c:28:dd:1a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Aug  6 21:51:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=459b52166fa738f3e99bfd4f0e928d76cace9d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3f:26:41:ea:93:00:b6:c3:bb:38:b7:8e:52:
                    12:98:ad:b5:34:cd:93:f3:b9:0a:31:07:c4:a0:f8:
                    28:67:82:b3:b8:98:c3:53:98:8d:99:93:b9:97:29:
                    9b:16:4f:45:03:32:31:6e:8c:0d:7d:54:d9:d1:75:
                    2f:a5:bc:ab:d3:ad:34:bd:9c:47:5d:86:ae:9d:24:
                    d2:40:5a:05:fd:09:10:a8:8d:fd:43:6e:38:9f:17:
                    a6:fe:2b:25:29:7e:9e:18:e2:5f:cb:44:a5:8e:c4:
                    5c:dc:db:8a:0e:31:50:23:4f:94:a8:c1:16:f6:ab:
                    17:67:26:36:91:df:67:c8:d6:29:f9:ff:fb:c1:90:
                    ba:c9:cb:22:42:d1:5f:18:84:2d:8c:9a:42:12:3d:
                    e6:b0:97:c8:30:cf:6e:51:29:64:d3:49:9a:a1:23:
                    70:06:60:73:d1:e8:c0:e5:dc:05:e0:af:c6:65:a7:
                    87:43:74:94:bf:31:25:35:8d:8e:14:fc:75:d4:f7:
                    97:ad:40:5b:8d:2a:bc:54:b8:4a:fc:2e:14:f5:c2:
                    76:2d:13:18:da:2d:97:36:f0:d9:3d:f8:d0:5c:e8:
                    34:66:45:02:9f:33:e3:49:cd:25:cb:03:c8:38:4d:
                    0b:a6:a0:35:01:0c:65:b1:d9:fc:32:bd:2c:66:ad:
                    b6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:9B:52:16:6F:A7:38:F3:E9:9B:FD:4F:0E:92:8D:76:CA:CE:9D:29
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/RZtSFm-nOPPpm_1PDpKNdsrOnSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4005:1002::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:13:51:54:d2:ee:31:c0:62:58:34:88:0e:95:55:62:dc:35:
         c6:26:00:e6:e9:9a:cf:8b:c8:c5:03:b1:fd:a1:16:67:f0:5f:
         43:39:7c:ec:3a:10:0e:4f:6f:e2:ca:a7:fc:da:63:a8:5a:ed:
         0e:7a:76:1f:6d:b3:2b:42:de:2e:f9:44:15:cb:fe:70:4c:67:
         49:14:87:48:ea:4b:06:ea:84:9f:42:49:93:1a:0e:ec:4a:5e:
         15:3d:3d:42:44:cf:d1:01:ab:e1:0b:be:1f:cd:66:77:ad:43:
         0b:45:25:1d:81:63:c8:f0:8d:4d:63:11:31:bd:b5:ec:53:5c:
         ad:ce:c7:51:57:d9:77:c2:3a:a6:97:9c:b1:35:e8:de:2f:b2:
         06:7c:78:d0:40:cc:4b:fc:61:34:8e:24:39:5f:de:3a:6d:b6:
         07:7c:4b:39:aa:7a:0d:e8:a4:96:6a:a3:5b:96:7d:86:e0:58:
         7a:73:a8:da:3f:2b:ac:cd:79:eb:e8:16:65:0d:e4:f4:ea:f0:
         4d:e3:38:7a:d0:57:09:bc:e3:83:8b:1d:02:f9:ae:55:3d:e3:
         75:c9:46:59:90:34:94:e0:67:a1:9d:c7:6b:b2:e3:81:7b:b3:
         2f:c1:51:61:a1:d3:af:73:77:43:17:d7:7a:80:9c:e3:15:1b:
         3a:7d:2b:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZEprKBQxQ8H8ZHZmSwo3RoeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwODA2MjE1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTliNTIxNjZmYTczOGYzZTk5YmZkNGYwZTkyOGQ3NmNhY2U5ZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j8mQeqTALbDuzi3jlISmK21NM2T
87kKMQfEoPgoZ4KzuJjDU5iNmZO5lymbFk9FAzIxbowNfVTZ0XUvpbyr0600vZxH
XYaunSTSQFoF/QkQqI39Q244nxem/islKX6eGOJfy0SljsRc3NuKDjFQI0+UqMEW
9qsXZyY2kd9nyNYp+f/7wZC6ycsiQtFfGIQtjJpCEj3msJfIMM9uUSlk00maoSNw
BmBz0ejA5dwF4K/GZaeHQ3SUvzElNY2OFPx11PeXrUBbjSq8VLhK/C4U9cJ2LRMY
2i2XNvDZPfjQXOg0ZkUCnzPjSc0lywPIOE0LpqA1AQxlsdn8Mr0sZq22qQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEWbUhZvpzjz6Zv9Tw6SjXbKzp0pMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvUlp0U0ZtLW5PUFBwbV8xUERwS05kc3JPblNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5ABRAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBVE1FU0u4xwGJYNIgOlVVi3DXGJgDm6ZrPi8jF
A7H9oRZn8F9DOXzsOhAOT2/iyqf82mOoWu0OenYfbbMrQt4u+UQVy/5wTGdJFIdI
6ksG6oSfQkmTGg7sSl4VPT1CRM/RAavhC74fzWZ3rUMLRSUdgWPI8I1NYxExvbXs
U1ytzsdRV9l3wjqml5yxNejeL7IGfHjQQMxL/GE0jiQ5X946bbYHfEs5qnoN6KSW
aqNbln2G4Fh6c6jaPyuszXnr6BZlDeT06vBN4zh60FcJvOODix0C+a5VPeN1yUZZ
kDSU4GehncdrsuOBe7MvwVFhodOvc3dDF9d6gJzjFRs6fSsd
-----END CERTIFICATE-----