Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ZjrKwzavEHbZIRE-Xi8zbJgyWj8.roa
File:                     ZjrKwzavEHbZIRE-Xi8zbJgyWj8.roa (raw, json)
Hash identifier:          +9Ruu3hELkURZhFU/Wujm87/GgxO0NcAh+leko4cc3s=
Subject key identifier:   66:3A:CA:C3:36:AF:10:76:D9:21:11:3E:5E:2F:33:6C:98:32:5A:3F
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01927AD32AC03906CBDFA197D7C52012EA0B
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ZjrKwzavEHbZIRE-Xi8zbJgyWj8.roa
Signing time:             Fri 11 Oct 2024 09:05:12 +0000
ROA not before:           Fri 11 Oct 2024 09:05:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214564
IP address blocks:        2a0e:8f02:20a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:d3:2a:c0:39:06:cb:df:a1:97:d7:c5:20:12:ea:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Oct 11 09:05:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663acac336af1076d921113e5e2f336c98325a3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:89:8d:a4:df:c5:22:43:4d:ed:d7:e8:1e:07:
                    90:c3:d5:c4:f7:49:e2:36:e9:08:c6:11:92:3b:8d:
                    e1:62:54:28:05:fa:92:45:c3:b1:c6:33:58:06:91:
                    46:b2:d7:e2:4c:f2:86:b4:b0:5a:d0:e2:a8:98:cf:
                    0c:40:d0:37:73:5d:ab:c4:40:0e:7e:62:5b:12:29:
                    a5:ff:1d:ef:33:2c:79:f7:43:ab:3e:b0:a6:f9:c0:
                    63:71:c0:6a:3b:bd:6a:d2:69:b3:bd:3b:79:49:5c:
                    1d:84:a1:d1:2f:d2:b0:7d:c0:52:a3:b8:26:ae:0e:
                    ee:9e:70:2a:ca:a1:08:bc:e6:ba:b5:5a:95:ae:77:
                    e6:61:8f:74:04:88:df:81:85:88:c9:91:98:1d:cc:
                    75:4b:6e:74:f9:e5:8c:50:65:fd:38:f1:4a:26:7a:
                    8a:f6:66:60:13:b5:5f:8f:26:82:7a:0e:b0:ca:69:
                    61:5d:f2:27:24:0a:c2:29:5e:fd:ac:a3:b2:b0:22:
                    d2:25:a1:71:b0:d2:97:33:8f:82:2d:d3:05:4f:8b:
                    75:4e:71:bc:26:58:02:8b:72:ec:80:81:30:eb:11:
                    58:87:0f:a3:5b:95:57:75:52:2a:9a:fa:4e:1d:ad:
                    16:4f:6d:8e:3e:fb:5b:f4:7a:4b:7a:e5:53:c9:a3:
                    59:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3A:CA:C3:36:AF:10:76:D9:21:11:3E:5E:2F:33:6C:98:32:5A:3F
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/ZjrKwzavEHbZIRE-Xi8zbJgyWj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:20a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9a:94:6c:c0:18:34:eb:54:82:59:7c:7f:17:89:7c:80:49:fd:
         d5:02:dc:b4:9d:8f:9e:95:1a:ab:15:45:22:3c:4c:b3:e4:7d:
         a7:fd:1d:ed:aa:45:84:0d:82:ee:3e:e4:6b:2f:40:51:eb:5c:
         42:9e:8b:05:7b:5a:f7:54:e7:52:b3:6e:50:16:69:1e:99:f6:
         08:8a:58:f1:06:0a:93:19:44:14:8a:b4:38:7f:63:0f:39:56:
         df:1e:9f:e7:02:ce:34:5c:c4:f7:58:1b:87:d7:ae:cb:f7:0c:
         c0:42:9a:7f:fd:35:8a:c0:21:ba:df:fb:4f:71:3b:65:27:49:
         88:6a:b3:c1:a4:55:ae:c1:57:9c:b8:ab:76:f1:00:8a:d2:e3:
         10:86:0a:da:0a:a5:da:05:55:a6:58:22:e9:e8:74:55:cb:ce:
         0c:c1:22:b9:d1:a9:19:d9:fc:61:90:7b:65:ad:39:a2:56:e5:
         99:70:bf:dc:60:f9:d7:26:a1:54:70:4a:50:f0:68:8e:be:d1:
         1e:10:b5:98:93:22:a5:8c:12:f2:36:1c:33:ba:9a:b0:b2:d7:
         41:60:0b:0c:45:95:f2:41:a2:f9:3b:c3:da:8b:ad:c9:b8:c2:
         58:3e:3f:89:c1:65:8e:cf:97:60:2d:4f:9c:c4:3d:55:04:7f:
         29:27:3a:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ60yrAOQbL36GX18UgEuoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQxMDExMDkwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNhY2FjMzM2YWYxMDc2ZDkyMTExM2U1ZTJmMzM2Yzk4MzI1YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxImNpN/FIkNN7dfoHgeQw9XE90ni
NukIxhGSO43hYlQoBfqSRcOxxjNYBpFGstfiTPKGtLBa0OKomM8MQNA3c12rxEAO
fmJbEiml/x3vMyx590OrPrCm+cBjccBqO71q0mmzvTt5SVwdhKHRL9KwfcBSo7gm
rg7unnAqyqEIvOa6tVqVrnfmYY90BIjfgYWIyZGYHcx1S250+eWMUGX9OPFKJnqK
9mZgE7VfjyaCeg6wymlhXfInJArCKV79rKOysCLSJaFxsNKXM4+CLdMFT4t1TnG8
JlgCi3LsgIEw6xFYhw+jW5VXdVIqmvpOHa0WT22OPvtb9HpLeuVTyaNZywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGY6ysM2rxB22SERPl4vM2yYMlo/MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvWmpyS3d6YXZFSGJaSVJFLVhpOHpiSmd5V2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiCg
MA0GCSqGSIb3DQEBCwUAA4IBAQCalGzAGDTrVIJZfH8XiXyASf3VAty0nY+elRqr
FUUiPEyz5H2n/R3tqkWEDYLuPuRrL0BR61xCnosFe1r3VOdSs25QFmkemfYIiljx
BgqTGUQUirQ4f2MPOVbfHp/nAs40XMT3WBuH167L9wzAQpp//TWKwCG63/tPcTtl
J0mIarPBpFWuwVecuKt28QCK0uMQhgraCqXaBVWmWCLp6HRVy84MwSK50akZ2fxh
kHtlrTmiVuWZcL/cYPnXJqFUcEpQ8GiOvtEeELWYkyKljBLyNhwzupqwstdBYAsM
RZXyQaL5O8Pai63JuMJYPj+JwWWOz5dgLU+cxD1VBH8pJzos
-----END CERTIFICATE-----