Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/C1ZkOnxKTMXG5hR_O_MyaBw-8Z0.roa
File:                     C1ZkOnxKTMXG5hR_O_MyaBw-8Z0.roa (raw, json)
Hash identifier:          lTzqApx+7CHVizwAJLbkbIMsc27sm5I6Y/2ckyVKF58=
Subject key identifier:   0B:56:64:3A:7C:4A:4C:C5:C6:E6:14:7F:3B:F3:32:68:1C:3E:F1:9D
Certificate issuer:       /CN=d515f2e9149ce1b428c8f1edfc009215e2847f55
Certificate serial:       0191617635F293CBE08CAC04B0A349CAFCF5
Authority key identifier: D5:15:F2:E9:14:9C:E1:B4:28:C8:F1:ED:FC:00:92:15:E2:84:7F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/C1ZkOnxKTMXG5hR_O_MyaBw-8Z0.roa
Signing time:             Sat 17 Aug 2024 17:50:22 +0000
ROA not before:           Sat 17 Aug 2024 17:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a01:ea00:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:61:76:35:f2:93:cb:e0:8c:ac:04:b0:a3:49:ca:fc:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d515f2e9149ce1b428c8f1edfc009215e2847f55
        Validity
            Not Before: Aug 17 17:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b56643a7c4a4cc5c6e6147f3bf332681c3ef19d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:45:f5:39:b5:1f:95:fe:0d:ab:c3:d4:52:85:
                    38:19:a8:d7:1a:6f:de:c9:e0:bd:65:f0:76:ae:9e:
                    5a:c2:06:ab:49:8c:43:b0:8b:7a:7b:e0:a1:7d:60:
                    a9:2c:63:4e:61:bb:4c:aa:66:29:4a:6d:5e:87:b1:
                    a6:ad:bd:7b:ac:e8:f4:59:b8:18:5a:b2:c6:11:bb:
                    9d:d6:cd:b2:c7:00:e2:bd:39:e3:01:54:be:1d:58:
                    bc:47:01:dd:5b:44:56:73:a5:23:b1:8b:26:8e:c9:
                    38:a3:6a:aa:d6:ef:dd:e3:66:72:a1:ac:de:e3:ba:
                    da:2e:73:48:40:93:7f:13:28:6b:6e:8c:92:fb:d3:
                    cd:96:b6:25:f4:76:d1:65:2e:90:45:7d:d1:6b:36:
                    e2:ec:c1:89:7b:5f:7e:6d:6a:74:c1:80:3e:7d:3d:
                    98:28:37:0a:30:a4:aa:32:7a:4c:b5:95:8d:73:e1:
                    bc:54:95:0f:ab:44:cb:b1:bf:f5:b2:81:2c:ca:0d:
                    37:a0:e4:41:b1:f0:b2:99:11:af:29:b4:4f:b5:b0:
                    7a:e7:4a:b2:a8:61:b9:9d:ac:b8:a5:ce:69:3f:ed:
                    da:66:69:1f:af:d8:33:02:8e:05:68:c1:9c:fc:9d:
                    ec:ab:8a:e2:b3:0e:28:00:1e:8a:bf:6c:fe:5f:a5:
                    fc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:56:64:3A:7C:4A:4C:C5:C6:E6:14:7F:3B:F3:32:68:1C:3E:F1:9D
            X509v3 Authority Key Identifier:
                keyid:D5:15:F2:E9:14:9C:E1:B4:28:C8:F1:ED:FC:00:92:15:E2:84:7F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/C1ZkOnxKTMXG5hR_O_MyaBw-8Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ea00:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:82:c0:bb:eb:5c:fc:16:67:32:42:b3:f8:40:ad:a1:6d:a9:
         9c:d9:68:0d:b7:cb:db:1a:a5:05:50:08:7d:63:1e:35:bf:56:
         80:c7:ec:e7:6c:f3:1e:a7:8f:96:be:2d:8f:47:11:98:d7:fb:
         2a:39:87:d0:7a:96:62:d3:b0:13:a7:f7:03:2a:cb:56:47:8c:
         a9:e3:17:02:1a:80:1d:22:53:5b:fd:a1:08:72:ce:aa:3e:f6:
         38:92:34:32:e0:8d:b9:2e:18:70:7e:ec:89:cc:83:29:4b:8d:
         83:c6:a4:ec:b4:83:60:7f:d4:31:17:e3:39:95:5d:b1:ca:7b:
         2c:ff:81:24:62:90:3f:da:23:e9:4a:2f:e1:01:ed:d6:7c:3c:
         f7:08:6b:c1:c4:c7:42:6c:6c:46:bd:d4:66:49:5e:3d:63:0a:
         41:33:f2:37:2c:2d:da:da:f3:39:f3:e4:aa:b2:25:29:e7:61:
         ee:64:57:8c:07:96:81:dd:42:ca:a3:a7:6d:41:23:fb:94:57:
         41:a9:5c:b1:84:62:29:16:79:bc:2d:e8:5f:63:37:c6:c8:0d:
         b7:ed:fd:f0:06:d7:ab:94:0f:61:4f:51:50:0e:86:8a:a2:9f:
         a6:78:e4:8e:5a:c8:3a:e8:21:75:d2:67:86:c0:bf:12:2d:de:
         43:43:42:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFhdjXyk8vgjKwEsKNJyvz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MTVmMmU5MTQ5Y2UxYjQyOGM4ZjFlZGZjMDA5MjE1ZTI4
NDdmNTUwHhcNMjQwODE3MTc1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjU2NjQzYTdjNGE0Y2M1YzZlNjE0N2YzYmYzMzI2ODFjM2VmMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskX1ObUflf4Nq8PUUoU4GajXGm/e
yeC9ZfB2rp5awgarSYxDsIt6e+ChfWCpLGNOYbtMqmYpSm1eh7Gmrb17rOj0WbgY
WrLGEbud1s2yxwDivTnjAVS+HVi8RwHdW0RWc6UjsYsmjsk4o2qq1u/d42Zyoaze
47raLnNIQJN/EyhrboyS+9PNlrYl9HbRZS6QRX3Razbi7MGJe19+bWp0wYA+fT2Y
KDcKMKSqMnpMtZWNc+G8VJUPq0TLsb/1soEsyg03oORBsfCymRGvKbRPtbB650qy
qGG5nay4pc5pP+3aZmkfr9gzAo4FaMGc/J3sq4risw4oAB6Kv2z+X6X8JQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAtWZDp8SkzFxuYUfzvzMmgcPvGdMB8GA1UdIwQY
MBaAFNUV8ukUnOG0KMjx7fwAkhXihH9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVJYeTZSU2M0YlFveVBIdF9BQ1NGZUtFZjFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84MzY2YWUtNTc1ZC00ZmRlLThlOTIt
MDA4OTk0NDk4MGNhLzEvQzFaa09ueEtUTVhHNWhSX09fTXlhQnctOFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84MzY2YWUtNTc1ZC00ZmRlLThlOTItMDA4OTk0NDk4MGNh
LzEvMVJYeTZSU2M0YlFveVBIdF9BQ1NGZUtFZjFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHqAAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBkgsC761z8FmcyQrP4QK2hbamc2WgNt8vbGqUF
UAh9Yx41v1aAx+znbPMep4+Wvi2PRxGY1/sqOYfQepZi07ATp/cDKstWR4yp4xcC
GoAdIlNb/aEIcs6qPvY4kjQy4I25LhhwfuyJzIMpS42DxqTstINgf9QxF+M5lV2x
ynss/4EkYpA/2iPpSi/hAe3WfDz3CGvBxMdCbGxGvdRmSV49YwpBM/I3LC3a2vM5
8+SqsiUp52HuZFeMB5aB3ULKo6dtQSP7lFdBqVyxhGIpFnm8LehfYzfGyA237f3w
BterlA9hT1FQDoaKop+meOSOWsg66CF10meGwL8SLd5DQ0LK
-----END CERTIFICATE-----