Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/68qoT7nRhfgrTUKunveROfevrAM.roa
File:                     68qoT7nRhfgrTUKunveROfevrAM.roa (raw, json)
Hash identifier:          q3g3CU4E8stoVjz0BW00BUfO1oDvlz+v6a82CcvXwbM=
Subject key identifier:   EB:CA:A8:4F:B9:D1:85:F8:2B:4D:42:AE:9E:F7:91:39:F7:AF:AC:03
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0192E222C17AA8F8204571263DD200934CA7
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/68qoT7nRhfgrTUKunveROfevrAM.roa
Signing time:             Thu 31 Oct 2024 10:33:01 +0000
ROA not before:           Thu 31 Oct 2024 10:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210475
IP address blocks:        2a01:ffc6:4000::/34 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:22:c1:7a:a8:f8:20:45:71:26:3d:d2:00:93:4c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Oct 31 10:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebcaa84fb9d185f82b4d42ae9ef79139f7afac03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:59:2c:e6:d6:e7:38:85:f8:dd:15:b4:2a:bb:
                    d0:77:b1:cb:a1:d7:60:d0:85:cb:ae:cf:b6:1c:ba:
                    41:d2:2e:12:2d:e2:21:07:5e:c0:24:f4:ef:db:1d:
                    b7:a7:03:b8:9c:01:a4:1b:43:bf:3a:09:5f:75:5d:
                    01:4d:96:e3:77:e8:c2:b5:e5:db:6f:2f:6a:af:39:
                    26:ef:53:16:a9:b9:1e:0c:34:f8:6b:11:47:36:19:
                    50:4d:df:e8:35:00:e9:82:09:91:dc:eb:1b:61:36:
                    c8:7e:c6:41:a9:3c:29:51:10:93:5a:6d:69:b8:81:
                    7c:6d:d0:fd:d4:c2:92:d1:d9:cb:1e:f8:d5:1d:a7:
                    5b:93:2b:57:5e:ef:3e:aa:24:ed:5d:33:1b:5e:ca:
                    ae:8c:c0:14:77:37:ff:55:13:14:51:45:4b:0c:60:
                    b4:f2:d8:7a:01:ae:46:0b:d4:08:17:f9:b4:78:e3:
                    c7:1b:a0:c0:e1:c8:20:1b:b6:76:64:d4:92:93:4f:
                    2b:43:28:d4:76:45:41:3b:40:c7:57:bf:7b:92:be:
                    fd:84:77:76:51:f8:c3:a3:96:4b:95:a0:b3:c6:c5:
                    4c:be:89:2f:ca:4a:33:04:ef:ef:2e:7c:c7:f8:60:
                    52:ee:a1:1b:00:59:73:ee:1d:42:ef:11:fa:d9:bd:
                    b7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:CA:A8:4F:B9:D1:85:F8:2B:4D:42:AE:9E:F7:91:39:F7:AF:AC:03
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/68qoT7nRhfgrTUKunveROfevrAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc6:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         4e:45:15:fe:6d:1f:62:da:5e:98:ca:64:22:f6:e3:a7:e2:7d:
         03:33:f7:11:ad:c1:e2:6d:3b:0d:95:6e:54:14:e0:b7:41:a4:
         85:c6:88:e9:0d:85:fc:08:f3:ef:8b:5d:30:dd:42:75:43:34:
         9e:53:fe:86:98:ac:f4:fd:dc:fd:30:95:0e:c4:33:a7:f7:2c:
         a2:d9:e1:59:d0:ae:5d:23:6d:b5:86:60:45:15:18:ef:9e:34:
         e1:4f:20:c1:b4:05:8b:24:29:5d:49:7d:06:07:85:d5:36:02:
         67:8c:77:21:6a:c6:8f:77:d0:e3:ed:4b:5c:45:5a:d7:0a:77:
         74:85:e1:f3:ef:51:95:3f:7c:7b:eb:18:57:c0:9c:1f:99:01:
         69:eb:76:f8:46:94:a7:60:24:4a:65:e4:ee:25:41:2a:2e:a3:
         ff:51:ef:80:88:26:9a:0a:cf:72:51:37:db:22:79:47:4c:3b:
         8e:8a:85:8a:26:f2:15:29:a2:6e:c8:dd:d4:d3:45:4e:93:ee:
         36:b1:ef:69:d7:ec:4d:4b:8a:ca:7c:f2:5b:a7:2e:d9:d3:84:
         6f:2d:93:8e:d7:b5:70:47:77:de:54:41:f6:04:08:b1:78:4d:
         30:bf:0b:9d:c9:6d:09:d0:5c:7a:ad:d3:a1:3a:ed:87:b8:aa:
         a6:be:39:41
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLiIsF6qPggRXEmPdIAk0ynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjQxMDMxMTAzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmNhYTg0ZmI5ZDE4NWY4MmI0ZDQyYWU5ZWY3OTEzOWY3YWZhYzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Vks5tbnOIX43RW0KrvQd7HLoddg
0IXLrs+2HLpB0i4SLeIhB17AJPTv2x23pwO4nAGkG0O/OglfdV0BTZbjd+jCteXb
by9qrzkm71MWqbkeDDT4axFHNhlQTd/oNQDpggmR3OsbYTbIfsZBqTwpURCTWm1p
uIF8bdD91MKS0dnLHvjVHadbkytXXu8+qiTtXTMbXsqujMAUdzf/VRMUUUVLDGC0
8th6Aa5GC9QIF/m0eOPHG6DA4cggG7Z2ZNSSk08rQyjUdkVBO0DHV797kr79hHd2
UfjDo5ZLlaCzxsVMvokvykozBO/vLnzH+GBS7qEbAFlz7h1C7xH62b23XwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOvKqE+50YX4K01Crp73kTn3r6wDMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvNjhxb1Q3blJoZmdyVFVLdW52ZVJPZmV2ckFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgH/xkAw
DQYJKoZIhvcNAQELBQADggEBAE5FFf5tH2LaXpjKZCL246fifQMz9xGtweJtOw2V
blQU4LdBpIXGiOkNhfwI8++LXTDdQnVDNJ5T/oaYrPT93P0wlQ7EM6f3LKLZ4VnQ
rl0jbbWGYEUVGO+eNOFPIMG0BYskKV1JfQYHhdU2AmeMdyFqxo930OPtS1xFWtcK
d3SF4fPvUZU/fHvrGFfAnB+ZAWnrdvhGlKdgJEpl5O4lQSouo/9R74CIJpoKz3JR
N9sieUdMO46KhYom8hUpom7I3dTTRU6T7jax72nX7E1Lisp88lunLtnThG8tk47X
tXBHd95UQfYECLF4TTC/C53JbQnQXHqt06E67Ye4qqa+OUE=
-----END CERTIFICATE-----