Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hnAThlB-51QxLkjHSET-wny3GDU.roa
File:                     hnAThlB-51QxLkjHSET-wny3GDU.roa (raw, json)
Hash identifier:          PVRPYvViZeB4ez5gUHzD3zbh1wsGeE+k9S9scwWE85s=
Subject key identifier:   86:70:13:86:50:7E:E7:54:31:2E:48:C7:48:44:FE:C2:7C:B7:18:35
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       01927ACBD70F0152B5821083D8A11D47F95A
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hnAThlB-51QxLkjHSET-wny3GDU.roa
Signing time:             Fri 11 Oct 2024 08:57:12 +0000
ROA not before:           Fri 11 Oct 2024 08:57:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214076
IP address blocks:        2a0e:8f02:f071::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:cb:d7:0f:01:52:b5:82:10:83:d8:a1:1d:47:f9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Oct 11 08:57:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86701386507ee754312e48c74844fec27cb71835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e3:af:82:4a:30:80:77:3d:1a:3c:69:29:69:
                    4e:20:af:25:b4:66:d9:d3:a0:8c:a1:18:38:2c:df:
                    43:a9:c7:34:81:bf:e9:36:8f:ba:8a:a1:b4:d3:54:
                    95:9d:90:d6:f3:de:7d:20:46:44:28:75:44:34:cb:
                    52:45:1a:e1:e2:d3:a7:0c:9f:89:ec:db:9b:e9:52:
                    5e:42:b5:8d:18:d1:87:3b:c6:e8:01:93:ee:9c:98:
                    e4:43:3b:5e:97:54:ff:7c:d8:d7:45:f4:fb:06:79:
                    71:62:cc:ed:a4:42:60:2b:82:59:41:9d:a5:b1:95:
                    fd:5b:35:5a:08:93:6f:85:da:a1:e7:de:81:bb:b1:
                    cd:63:79:bb:bc:c0:25:28:b7:82:31:fb:7a:2f:b5:
                    5b:c4:94:7b:39:d5:4b:4a:fd:84:13:5b:0b:0c:2f:
                    e3:1c:96:9b:03:30:4e:ab:bd:9c:e2:1a:46:1a:eb:
                    e9:01:6f:ec:9e:8c:ae:cc:56:e3:2b:e6:71:a3:c8:
                    6f:d5:e5:ea:e5:71:3c:9e:65:0a:54:c9:e5:d3:4e:
                    53:a1:c5:55:da:8c:6b:02:c7:6c:17:48:b6:ad:59:
                    3a:b4:38:45:85:70:4e:c6:f5:24:92:02:18:7c:80:
                    c7:d8:b6:db:24:1a:a5:30:a0:23:6a:b9:85:30:7f:
                    8d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:70:13:86:50:7E:E7:54:31:2E:48:C7:48:44:FE:C2:7C:B7:18:35
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/hnAThlB-51QxLkjHSET-wny3GDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f071::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:76:2c:51:0a:7a:a2:7d:1c:c0:89:40:86:7a:84:bd:dd:04:
         07:a8:7f:14:34:b8:e9:6f:3e:16:96:01:10:03:a5:2a:4c:d0:
         2a:fd:38:02:f4:e4:e5:8e:a5:0a:76:f7:d2:93:91:17:6d:0d:
         de:be:20:82:28:26:d1:e5:e1:f8:8a:a7:f1:ea:03:5e:8e:7d:
         48:be:06:69:15:e8:bd:ef:3e:01:15:60:a8:ca:92:d7:10:51:
         8a:5f:7a:2e:dc:60:a6:cc:1f:c4:b4:a7:21:64:1e:5c:e6:2d:
         cc:11:37:77:f1:a1:5d:c9:3e:93:43:39:28:e7:a7:22:1e:c7:
         61:d3:ad:75:73:7c:3a:19:55:76:94:aa:ae:ed:f4:de:53:fc:
         72:a0:64:eb:40:47:ae:14:f0:1e:8e:b2:67:37:4f:01:b6:d1:
         6a:38:58:1f:d7:79:c4:99:46:3f:df:9b:36:aa:e2:4f:43:1d:
         a3:80:b8:f5:d7:6b:7f:5f:36:00:35:5d:35:71:6e:9a:ff:bf:
         25:02:eb:3a:03:20:da:eb:cc:1f:8a:27:34:fa:d6:62:57:00:
         b6:80:37:3c:e5:ed:71:65:bf:dd:25:58:b1:93:5a:1a:ae:ac:
         74:97:9f:7e:32:28:46:a9:c9:8e:3d:a3:f1:44:66:0d:d7:91:
         d7:ac:4d:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ6y9cPAVK1ghCD2KEdR/laMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQxMDExMDg1NzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjcwMTM4NjUwN2VlNzU0MzEyZTQ4Yzc0ODQ0ZmVjMjdjYjcxODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+OvgkowgHc9GjxpKWlOIK8ltGbZ
06CMoRg4LN9Dqcc0gb/pNo+6iqG001SVnZDW8959IEZEKHVENMtSRRrh4tOnDJ+J
7Nub6VJeQrWNGNGHO8boAZPunJjkQztel1T/fNjXRfT7BnlxYsztpEJgK4JZQZ2l
sZX9WzVaCJNvhdqh596Bu7HNY3m7vMAlKLeCMft6L7VbxJR7OdVLSv2EE1sLDC/j
HJabAzBOq72c4hpGGuvpAW/snoyuzFbjK+Zxo8hv1eXq5XE8nmUKVMnl005TocVV
2oxrAsdsF0i2rVk6tDhFhXBOxvUkkgIYfIDH2LbbJBqlMKAjarmFMH+N6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIZwE4ZQfudUMS5Ix0hE/sJ8txg1MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaG5BVGhsQi01MVF4TGtqSFNFVC13bnkzR0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBx
MA0GCSqGSIb3DQEBCwUAA4IBAQApdixRCnqifRzAiUCGeoS93QQHqH8UNLjpbz4W
lgEQA6UqTNAq/TgC9OTljqUKdvfSk5EXbQ3eviCCKCbR5eH4iqfx6gNejn1IvgZp
Fei97z4BFWCoypLXEFGKX3ou3GCmzB/EtKchZB5c5i3METd38aFdyT6TQzko56ci
Hsdh0611c3w6GVV2lKqu7fTeU/xyoGTrQEeuFPAejrJnN08BttFqOFgf13nEmUY/
35s2quJPQx2jgLj112t/XzYANV01cW6a/78lAus6AyDa68wfiic0+tZiVwC2gDc8
5e1xZb/dJVixk1oarqx0l59+MihGqcmOPaPxRGYN15HXrE37
-----END CERTIFICATE-----