Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/8muMVQU9zyV2xrWetFLm6DLCYZE.roa
File:                     8muMVQU9zyV2xrWetFLm6DLCYZE.roa (raw, json)
Hash identifier:          wGwgheC0nBOFs4YUkIfv3C8Z/Two6isvyurAY+G/xtU=
Subject key identifier:   F2:6B:8C:55:05:3D:CF:25:76:C6:B5:9E:B4:52:E6:E8:32:C2:61:91
Certificate issuer:       /CN=d515f2e9149ce1b428c8f1edfc009215e2847f55
Certificate serial:       0192140D2A9524A5E1A3AFF3A5E86A5F059A
Authority key identifier: D5:15:F2:E9:14:9C:E1:B4:28:C8:F1:ED:FC:00:92:15:E2:84:7F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/8muMVQU9zyV2xrWetFLm6DLCYZE.roa
Signing time:             Sat 21 Sep 2024 10:07:39 +0000
ROA not before:           Sat 21 Sep 2024 10:07:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214368
IP address blocks:        2a01:ea05::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:14:0d:2a:95:24:a5:e1:a3:af:f3:a5:e8:6a:5f:05:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d515f2e9149ce1b428c8f1edfc009215e2847f55
        Validity
            Not Before: Sep 21 10:07:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f26b8c55053dcf2576c6b59eb452e6e832c26191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:42:08:31:51:5f:f3:5c:ed:66:77:3b:41:6d:
                    fb:78:4d:48:71:bd:e7:20:a9:45:ff:f1:82:43:0a:
                    2d:a7:e0:4a:59:41:18:44:88:30:6d:bf:87:4b:64:
                    2c:d5:6b:9b:44:fe:5a:01:a2:e3:77:76:cd:d7:38:
                    94:c2:79:22:cf:9a:db:b9:97:e3:22:22:fd:e6:25:
                    a0:e5:c5:67:d3:36:fe:98:3e:d8:aa:a2:1a:13:ae:
                    4b:8c:f1:f0:3a:16:0d:3d:9e:ff:3b:b9:89:0f:f0:
                    bf:88:e5:57:98:0d:ad:43:dd:27:ec:20:ad:cf:57:
                    d4:81:d1:90:e4:a5:36:72:91:6d:80:4f:a2:e8:fc:
                    a2:ae:d2:45:ca:dd:38:ce:67:0e:bd:c4:04:1a:c3:
                    fb:d2:af:d0:35:1d:90:4c:10:a2:79:5a:d9:f8:5b:
                    aa:60:b6:0c:23:0a:70:07:98:1c:53:a5:5d:ea:92:
                    ee:cd:bf:3a:54:25:d2:ec:98:08:23:4d:8c:00:a5:
                    ab:e7:8d:f8:22:a6:7a:92:48:f6:f8:15:90:66:06:
                    88:e9:f5:e6:aa:86:03:84:f8:25:10:28:30:da:b6:
                    0f:02:48:7c:c4:17:98:4a:a4:01:6d:87:02:58:13:
                    29:4b:78:15:75:58:0e:04:13:53:78:79:47:f5:6b:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:6B:8C:55:05:3D:CF:25:76:C6:B5:9E:B4:52:E6:E8:32:C2:61:91
            X509v3 Authority Key Identifier:
                keyid:D5:15:F2:E9:14:9C:E1:B4:28:C8:F1:ED:FC:00:92:15:E2:84:7F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/8muMVQU9zyV2xrWetFLm6DLCYZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ea05::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:d0:c9:5a:68:c1:2f:49:85:94:75:35:10:2b:ee:87:ff:69:
         e1:48:02:9e:a4:46:81:a0:03:af:0b:9d:cc:7e:24:04:84:73:
         9d:ae:6e:f2:f6:d0:48:6a:ea:3b:7e:5a:7e:4d:ef:0c:0d:02:
         88:08:99:47:0d:61:d4:39:c1:ec:c9:3d:6a:11:ba:c0:70:31:
         ba:19:fe:c4:3f:c9:09:6d:94:8a:b1:6e:bc:72:73:3d:f2:08:
         05:81:32:50:4b:8a:0b:d0:af:5f:19:b6:a3:58:d2:7a:9c:8b:
         1e:a4:84:d7:a5:75:bf:5d:ee:79:af:88:94:f1:e2:8d:61:e0:
         6a:c6:06:a2:d1:03:3f:13:9d:fe:cf:05:35:d4:a9:3c:1b:4a:
         f1:fb:7f:8a:8d:8a:70:74:8b:b2:6c:de:56:71:db:33:57:da:
         ff:fa:62:b3:9f:56:5a:38:03:9a:19:ba:81:e1:b8:a0:8f:d5:
         9c:f2:a5:c0:aa:3c:15:e7:ea:7b:79:d3:1e:db:99:74:81:a1:
         d4:49:48:33:98:f8:91:25:e2:8b:be:8c:12:e9:25:ce:1c:05:
         2d:0c:e5:1e:26:46:e8:da:d2:c9:6b:1d:a5:e2:1a:d9:d2:60:
         01:1f:73:68:12:54:fc:3d:5d:a0:92:09:a1:3a:7a:58:ba:2c:
         23:f4:96:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZIUDSqVJKXho6/zpehqXwWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MTVmMmU5MTQ5Y2UxYjQyOGM4ZjFlZGZjMDA5MjE1ZTI4
NDdmNTUwHhcNMjQwOTIxMTAwNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZiOGM1NTA1M2RjZjI1NzZjNmI1OWViNDUyZTZlODMyYzI2MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUIIMVFf81ztZnc7QW37eE1Icb3n
IKlF//GCQwotp+BKWUEYRIgwbb+HS2Qs1WubRP5aAaLjd3bN1ziUwnkiz5rbuZfj
IiL95iWg5cVn0zb+mD7YqqIaE65LjPHwOhYNPZ7/O7mJD/C/iOVXmA2tQ90n7CCt
z1fUgdGQ5KU2cpFtgE+i6PyirtJFyt04zmcOvcQEGsP70q/QNR2QTBCieVrZ+Fuq
YLYMIwpwB5gcU6Vd6pLuzb86VCXS7JgII02MAKWr5434IqZ6kkj2+BWQZgaI6fXm
qoYDhPglECgw2rYPAkh8xBeYSqQBbYcCWBMpS3gVdVgOBBNTeHlH9WvoLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPJrjFUFPc8ldsa1nrRS5ugywmGRMB8GA1UdIwQY
MBaAFNUV8ukUnOG0KMjx7fwAkhXihH9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVJYeTZSU2M0YlFveVBIdF9BQ1NGZUtFZjFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84MzY2YWUtNTc1ZC00ZmRlLThlOTIt
MDA4OTk0NDk4MGNhLzEvOG11TVZRVTl6eVYyeHJXZXRGTG02RExDWVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84MzY2YWUtNTc1ZC00ZmRlLThlOTItMDA4OTk0NDk4MGNh
LzEvMVJYeTZSU2M0YlFveVBIdF9BQ1NGZUtFZjFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHqBTAN
BgkqhkiG9w0BAQsFAAOCAQEAS9DJWmjBL0mFlHU1ECvuh/9p4UgCnqRGgaADrwud
zH4kBIRzna5u8vbQSGrqO35afk3vDA0CiAiZRw1h1DnB7Mk9ahG6wHAxuhn+xD/J
CW2UirFuvHJzPfIIBYEyUEuKC9CvXxm2o1jSepyLHqSE16V1v13uea+IlPHijWHg
asYGotEDPxOd/s8FNdSpPBtK8ft/io2KcHSLsmzeVnHbM1fa//pis59WWjgDmhm6
geG4oI/VnPKlwKo8Fefqe3nTHtuZdIGh1ElIM5j4kSXii76MEuklzhwFLQzlHiZG
6NrSyWsdpeIa2dJgAR9zaBJU/D1doJIJoTp6WLosI/SWwA==
-----END CERTIFICATE-----