Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/EeeAyG6ai_nD69BNw8PKltNiwa4.roa
File:                     EeeAyG6ai_nD69BNw8PKltNiwa4.roa (raw, json)
Hash identifier:          LJGag9l9838eGvNuVzMDPpZ/q9TJCBwuTQfnuDN6Qqg=
Subject key identifier:   11:E7:80:C8:6E:9A:8B:F9:C3:EB:D0:4D:C3:C3:CA:96:D3:62:C1:AE
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018DC6497953D3BFBFAB2F0FB291ACF74DB7
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/EeeAyG6ai_nD69BNw8PKltNiwa4.roa
Signing time:             Tue 20 Feb 2024 11:32:00 +0000
ROA not before:           Tue 20 Feb 2024 11:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215505
IP address blocks:        2a0e:8f02:f066::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:49:79:53:d3:bf:bf:ab:2f:0f:b2:91:ac:f7:4d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Feb 20 11:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11e780c86e9a8bf9c3ebd04dc3c3ca96d362c1ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:24:be:46:0a:11:58:b2:a9:bc:6c:b3:fb:da:
                    be:65:c0:d4:28:97:42:02:6b:e7:57:72:e6:f4:ab:
                    ed:7c:70:e2:a8:b1:ac:14:c5:ba:9d:60:ff:01:5e:
                    e2:fe:73:f7:2f:17:a2:7d:16:73:73:7d:6d:41:a2:
                    d4:4e:c1:1c:bf:39:89:48:6e:23:e7:ff:70:9b:6c:
                    19:af:64:77:5a:15:60:4c:48:75:98:ff:60:31:b3:
                    2e:9e:c7:35:7d:01:af:5f:ed:41:5d:65:21:8c:19:
                    88:42:5e:63:a7:4b:c0:3a:dd:c3:d7:cf:fb:be:e1:
                    c2:ee:1f:29:e3:bd:c0:3d:ad:fa:70:78:6a:a6:5e:
                    8c:49:c0:09:96:e8:a8:7d:6e:c7:f3:ab:a0:70:1f:
                    43:6d:67:66:67:a4:65:44:cb:89:30:5b:72:52:78:
                    29:1c:a5:b6:89:75:73:41:ec:67:28:19:ce:1f:51:
                    16:f9:d4:cf:ba:7b:1e:23:0e:33:f3:77:81:6b:92:
                    ea:71:75:1f:a2:0b:6d:af:ff:26:2b:fd:1c:2f:7f:
                    30:74:c4:e5:0f:7a:74:7d:5e:66:88:51:cc:1b:29:
                    a7:68:24:45:c8:d9:44:9b:d4:d4:13:83:e9:41:e9:
                    77:ec:de:1e:45:f1:26:bf:45:00:a0:26:22:ac:fa:
                    38:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E7:80:C8:6E:9A:8B:F9:C3:EB:D0:4D:C3:C3:CA:96:D3:62:C1:AE
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/EeeAyG6ai_nD69BNw8PKltNiwa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f066::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:01:9d:62:88:8b:3d:e1:81:de:54:e6:ca:78:68:83:27:30:
         b6:67:64:7c:86:8a:db:57:20:bf:7e:1e:5b:5e:68:2f:87:7d:
         d3:16:d5:c3:e6:99:f7:0b:3e:cc:85:90:5c:5f:e8:b1:27:64:
         d8:92:66:b3:e2:3c:0d:06:05:ca:5f:ab:ad:da:35:c5:83:82:
         18:b5:13:f9:a7:4c:45:79:3e:db:43:77:1b:b7:38:fd:23:41:
         ab:e4:4c:d2:68:39:00:ea:6b:8b:e6:66:a5:5e:fc:02:dc:47:
         6f:31:f6:34:2b:a2:d5:11:2e:71:c0:2a:83:6e:24:61:41:5a:
         ad:89:75:35:94:a3:83:52:d6:e9:d7:c6:ef:80:f5:98:23:41:
         4b:3b:e7:6b:06:96:a1:ce:dc:f7:d8:d2:3c:41:29:0c:3f:d3:
         51:37:ed:fe:ad:1f:78:0e:0e:6e:12:0b:64:40:0b:98:c8:3b:
         d8:4d:93:29:34:a9:4c:cf:ac:89:bc:7b:9d:b7:3d:99:3a:1f:
         49:b9:2e:42:b5:41:be:96:32:00:d7:70:67:02:fb:11:e4:5b:
         3a:ee:71:f5:9c:17:ae:02:31:cc:fa:95:42:22:4f:dd:60:35:
         43:3f:33:e7:46:74:0f:04:85:85:1d:ee:ba:ed:56:e1:6e:2e:
         29:1f:b6:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3GSXlT07+/qy8PspGs9023MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMjIwMTEzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWU3ODBjODZlOWE4YmY5YzNlYmQwNGRjM2MzY2E5NmQzNjJjMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCS+RgoRWLKpvGyz+9q+ZcDUKJdC
AmvnV3Lm9KvtfHDiqLGsFMW6nWD/AV7i/nP3LxeifRZzc31tQaLUTsEcvzmJSG4j
5/9wm2wZr2R3WhVgTEh1mP9gMbMunsc1fQGvX+1BXWUhjBmIQl5jp0vAOt3D18/7
vuHC7h8p473APa36cHhqpl6MScAJluiofW7H86ugcB9DbWdmZ6RlRMuJMFtyUngp
HKW2iXVzQexnKBnOH1EW+dTPunseIw4z83eBa5LqcXUfogttr/8mK/0cL38wdMTl
D3p0fV5miFHMGymnaCRFyNlEm9TUE4PpQel37N4eRfEmv0UAoCYirPo4owIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBHngMhumov5w+vQTcPDypbTYsGuMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvRWVlQXlHNmFpX25ENjlCTnc4UEtsdE5pd2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBm
MA0GCSqGSIb3DQEBCwUAA4IBAQBEAZ1iiIs94YHeVObKeGiDJzC2Z2R8horbVyC/
fh5bXmgvh33TFtXD5pn3Cz7MhZBcX+ixJ2TYkmaz4jwNBgXKX6ut2jXFg4IYtRP5
p0xFeT7bQ3cbtzj9I0Gr5EzSaDkA6muL5malXvwC3EdvMfY0K6LVES5xwCqDbiRh
QVqtiXU1lKODUtbp18bvgPWYI0FLO+drBpahztz32NI8QSkMP9NRN+3+rR94Dg5u
EgtkQAuYyDvYTZMpNKlMz6yJvHudtz2ZOh9JuS5CtUG+ljIA13BnAvsR5Fs67nH1
nBeuAjHM+pVCIk/dYDVDPzPnRnQPBIWFHe667Vbhbi4pH7bd
-----END CERTIFICATE-----