Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/grJIxnFXuuslltrN8O0WEaeMdG8.roa
File:                     grJIxnFXuuslltrN8O0WEaeMdG8.roa (raw, json)
Hash identifier:          b+HZkNxuU57JV5xLfHxbKFibjBj+6Fq0htPVYCiKc80=
Subject key identifier:   82:B2:48:C6:71:57:BA:EB:25:96:DA:CD:F0:ED:16:11:A7:8C:74:6F
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0192E222C128D8B8DB1DCD2E54F259C90417
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/grJIxnFXuuslltrN8O0WEaeMdG8.roa
Signing time:             Thu 31 Oct 2024 10:33:01 +0000
ROA not before:           Thu 31 Oct 2024 10:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210152
IP address blocks:        2a01:ffc6:4000::/34 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:22:c1:28:d8:b8:db:1d:cd:2e:54:f2:59:c9:04:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Oct 31 10:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82b248c67157baeb2596dacdf0ed1611a78c746f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f5:79:ac:94:f4:bf:c9:69:87:4a:a9:3a:ab:
                    c8:09:4c:cb:b0:55:40:8c:ad:c6:04:4f:49:15:f5:
                    47:8e:19:2b:3a:dc:82:9e:d6:04:3e:90:3d:a4:d5:
                    c3:a6:bc:74:ba:db:fd:f2:7f:c1:c3:79:91:4d:8a:
                    9f:08:aa:ed:ca:62:d3:57:e3:2f:38:ef:69:9f:21:
                    44:3f:8c:e5:71:7a:0e:e6:70:ba:4f:99:a4:07:6e:
                    5f:8e:cf:be:fa:b5:eb:ae:9b:af:93:2b:6f:38:26:
                    8f:b7:5b:0c:9e:01:b5:f9:5e:ca:d8:d8:ee:e7:70:
                    d0:c6:f5:74:18:a7:7c:06:d3:26:b2:51:81:b6:5d:
                    e0:88:30:c8:dc:cc:89:5a:db:52:aa:d5:5f:e2:58:
                    f0:49:46:18:8c:68:b6:17:10:f3:95:1d:0f:92:fe:
                    09:63:a6:c4:56:35:34:13:f2:d8:26:6b:48:ad:86:
                    d2:e0:94:c2:82:3a:6b:75:49:56:63:8f:54:95:73:
                    6f:a6:75:bb:eb:11:1d:1e:93:6d:99:02:a5:d2:7b:
                    b6:23:3c:9d:6b:71:8e:d4:34:c0:83:37:2e:a0:b5:
                    53:72:3f:bd:d4:14:07:0e:c5:17:93:8c:7f:37:a1:
                    be:b9:62:b5:61:48:a7:c4:9d:dc:f5:82:62:28:d5:
                    f9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:B2:48:C6:71:57:BA:EB:25:96:DA:CD:F0:ED:16:11:A7:8C:74:6F
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/grJIxnFXuuslltrN8O0WEaeMdG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc6:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         c7:76:67:9d:9b:e6:81:3b:06:9f:73:99:1d:3e:bb:2c:77:11:
         08:b6:43:c2:29:95:dc:53:95:c1:4c:b4:74:cc:0c:37:95:0a:
         86:fe:e8:69:a3:dd:a2:4e:d8:dd:be:8d:ab:5f:5c:78:d8:86:
         c2:cb:29:a3:1a:90:b3:65:20:93:89:db:11:88:c6:ea:90:af:
         82:85:71:13:e5:82:7e:a3:f0:48:b4:ae:31:7b:3d:aa:44:bf:
         74:f0:4d:db:f3:15:b8:6e:08:ae:db:4a:3b:0e:d1:22:e1:8b:
         5c:f6:33:56:dc:3a:80:18:c3:41:f8:8c:ea:67:54:fc:f3:60:
         48:7a:c5:d5:5c:87:98:26:6a:80:8d:fb:7d:b9:88:c1:3c:65:
         e4:4f:80:08:32:23:bb:7c:7f:be:7c:2c:25:d0:1e:29:15:41:
         22:f6:0f:1f:64:7e:ff:92:15:b9:dc:3d:eb:6d:dd:54:22:3c:
         5f:25:5e:f4:c3:b1:43:9c:28:78:c8:9b:78:3c:e2:1c:29:7c:
         84:02:03:eb:42:04:f8:dc:8d:3f:4d:80:92:88:48:94:9d:6a:
         71:60:c9:31:4a:32:36:ff:db:b9:b2:71:a9:60:ae:35:4b:37:
         66:2f:02:de:b1:22:2b:14:06:64:fc:45:ad:27:ae:b1:a7:2b:
         d3:19:b0:1b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLiIsEo2LjbHc0uVPJZyQQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjQxMDMxMTAzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmIyNDhjNjcxNTdiYWViMjU5NmRhY2RmMGVkMTYxMWE3OGM3NDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/V5rJT0v8lph0qpOqvICUzLsFVA
jK3GBE9JFfVHjhkrOtyCntYEPpA9pNXDprx0utv98n/Bw3mRTYqfCKrtymLTV+Mv
OO9pnyFEP4zlcXoO5nC6T5mkB25fjs+++rXrrpuvkytvOCaPt1sMngG1+V7K2Nju
53DQxvV0GKd8BtMmslGBtl3giDDI3MyJWttSqtVf4ljwSUYYjGi2FxDzlR0Pkv4J
Y6bEVjU0E/LYJmtIrYbS4JTCgjprdUlWY49UlXNvpnW76xEdHpNtmQKl0nu2Izyd
a3GO1DTAgzcuoLVTcj+91BQHDsUXk4x/N6G+uWK1YUinxJ3c9YJiKNX5wwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIKySMZxV7rrJZbazfDtFhGnjHRvMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvZ3JKSXhuRlh1dXNsbHRyTjhPMFdFYWVNZEc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgH/xkAw
DQYJKoZIhvcNAQELBQADggEBAMd2Z52b5oE7Bp9zmR0+uyx3EQi2Q8IpldxTlcFM
tHTMDDeVCob+6Gmj3aJO2N2+jatfXHjYhsLLKaMakLNlIJOJ2xGIxuqQr4KFcRPl
gn6j8Ei0rjF7PapEv3TwTdvzFbhuCK7bSjsO0SLhi1z2M1bcOoAYw0H4jOpnVPzz
YEh6xdVch5gmaoCN+325iME8ZeRPgAgyI7t8f758LCXQHikVQSL2Dx9kfv+SFbnc
Pett3VQiPF8lXvTDsUOcKHjIm3g84hwpfIQCA+tCBPjcjT9NgJKISJSdanFgyTFK
Mjb/27mycalgrjVLN2YvAt6xIisUBmT8Ra0nrrGnK9MZsBs=
-----END CERTIFICATE-----