Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/jWrf4zGwfBEQusgl3VSIP2kaNyg.roa
File:                     jWrf4zGwfBEQusgl3VSIP2kaNyg.roa (raw, json)
Hash identifier:          gk2Uds3X/zGKtzzIiNwT8srBppMy9j0EIutOOuiWd68=
Subject key identifier:   8D:6A:DF:E3:31:B0:7C:11:10:BA:C8:25:DD:54:88:3F:69:1A:37:28
Certificate issuer:       /CN=d515f2e9149ce1b428c8f1edfc009215e2847f55
Certificate serial:       0191555F60B8BC5AECF3E843440E2FA90044
Authority key identifier: D5:15:F2:E9:14:9C:E1:B4:28:C8:F1:ED:FC:00:92:15:E2:84:7F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/jWrf4zGwfBEQusgl3VSIP2kaNyg.roa
Signing time:             Thu 15 Aug 2024 09:29:59 +0000
ROA not before:           Thu 15 Aug 2024 09:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200081
IP address blocks:        2a01:ea00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:5f:60:b8:bc:5a:ec:f3:e8:43:44:0e:2f:a9:00:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d515f2e9149ce1b428c8f1edfc009215e2847f55
        Validity
            Not Before: Aug 15 09:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d6adfe331b07c1110bac825dd54883f691a3728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b1:9c:8d:bc:9f:24:c9:6f:0f:1f:03:3c:b3:
                    b4:ba:b6:fd:cc:9b:65:02:06:e4:8d:5a:05:26:6e:
                    57:65:0c:a6:89:98:a7:8b:5c:76:0d:7f:b7:ef:67:
                    e7:06:0d:9e:28:cf:d8:89:cc:29:2c:60:0e:48:76:
                    d4:ad:35:45:f4:7c:ee:90:d8:d0:e1:c6:d6:c8:17:
                    28:d9:47:e4:f3:df:54:1a:6e:89:ef:a4:0a:13:c7:
                    a8:92:22:2e:2a:52:a4:b2:d8:c6:72:3e:78:bf:8b:
                    44:ce:61:24:57:db:f0:3a:4c:5e:03:65:27:99:3f:
                    30:eb:51:b8:34:37:8d:f2:7c:de:0b:92:ba:c5:fb:
                    2d:ff:ff:f6:fd:1c:86:2d:df:f5:73:69:4b:1e:82:
                    6d:16:79:d5:1a:84:0a:5b:81:d4:2a:8a:d5:7e:6f:
                    22:40:7e:64:13:ba:1b:f2:f8:b1:6a:7d:b7:df:ad:
                    28:0b:6b:3d:da:6a:71:c1:79:e6:3f:ce:1c:4a:2a:
                    9e:0e:74:c3:bc:a1:b3:7e:99:24:3d:3c:97:34:48:
                    45:de:3e:b3:13:83:ae:41:7e:e3:fb:1a:13:4a:9a:
                    b3:08:7c:0a:f9:cf:13:5a:28:7a:1c:6b:b0:b0:5f:
                    51:a5:d2:8a:5a:57:08:32:43:33:0d:e7:28:a6:ae:
                    15:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:6A:DF:E3:31:B0:7C:11:10:BA:C8:25:DD:54:88:3F:69:1A:37:28
            X509v3 Authority Key Identifier:
                keyid:D5:15:F2:E9:14:9C:E1:B4:28:C8:F1:ED:FC:00:92:15:E2:84:7F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1RXy6RSc4bQoyPHt_ACSFeKEf1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/jWrf4zGwfBEQusgl3VSIP2kaNyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8366ae-575d-4fde-8e92-0089944980ca/1/1RXy6RSc4bQoyPHt_ACSFeKEf1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ea00::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:3c:79:0e:b6:15:d0:d1:45:ca:7d:21:4e:bf:32:d2:d3:fe:
         cb:f8:62:e1:a3:3e:2e:3f:de:03:79:7b:0a:5e:d0:10:8f:60:
         f3:6b:8b:4f:a1:29:51:ad:41:c1:fd:03:13:b4:ea:ae:b5:b8:
         c4:eb:17:3c:ad:40:bf:f0:10:65:5f:09:85:85:de:32:25:c3:
         84:fb:81:83:b9:40:d9:cd:16:a4:3e:27:76:88:7f:81:87:a2:
         ed:8a:a8:c7:5c:72:f3:f9:ea:cc:1f:92:ba:13:9a:d3:ae:01:
         5a:c7:04:9c:a1:f9:1b:b1:7e:0d:63:60:64:c6:0a:d3:43:31:
         48:64:38:e5:e0:e7:bb:fb:29:01:2d:24:a9:d1:64:a3:99:ab:
         bf:57:a7:a0:3a:fb:a0:f7:77:39:1e:3f:27:30:7a:00:7b:21:
         a3:5e:46:1c:06:1f:aa:ed:6d:de:34:25:21:b1:21:a5:8b:21:
         6d:c8:16:30:5b:34:13:02:cb:ce:01:dd:a6:46:2f:58:30:e0:
         f4:ec:5a:55:b3:52:5d:c2:9f:af:19:6f:37:fc:83:31:4c:37:
         72:1f:a5:61:0d:d7:f1:9d:2b:a2:12:ac:9f:45:86:1c:4a:74:
         16:bd:dd:3a:10:dd:a4:da:a1:54:1d:31:4d:ef:41:d7:ea:c4:
         c7:aa:fb:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFVX2C4vFrs8+hDRA4vqQBEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MTVmMmU5MTQ5Y2UxYjQyOGM4ZjFlZGZjMDA5MjE1ZTI4
NDdmNTUwHhcNMjQwODE1MDkyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDZhZGZlMzMxYjA3YzExMTBiYWM4MjVkZDU0ODgzZjY5MWEzNzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLGcjbyfJMlvDx8DPLO0urb9zJtl
AgbkjVoFJm5XZQymiZini1x2DX+372fnBg2eKM/YicwpLGAOSHbUrTVF9HzukNjQ
4cbWyBco2Ufk899UGm6J76QKE8eokiIuKlKkstjGcj54v4tEzmEkV9vwOkxeA2Un
mT8w61G4NDeN8nzeC5K6xfst///2/RyGLd/1c2lLHoJtFnnVGoQKW4HUKorVfm8i
QH5kE7ob8vixan23360oC2s92mpxwXnmP84cSiqeDnTDvKGzfpkkPTyXNEhF3j6z
E4OuQX7j+xoTSpqzCHwK+c8TWih6HGuwsF9RpdKKWlcIMkMzDecopq4VjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI1q3+MxsHwRELrIJd1UiD9pGjcoMB8GA1UdIwQY
MBaAFNUV8ukUnOG0KMjx7fwAkhXihH9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVJYeTZSU2M0YlFveVBIdF9BQ1NGZUtFZjFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84MzY2YWUtNTc1ZC00ZmRlLThlOTIt
MDA4OTk0NDk4MGNhLzEvaldyZjR6R3dmQkVRdXNnbDNWU0lQMmthTnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84MzY2YWUtNTc1ZC00ZmRlLThlOTItMDA4OTk0NDk4MGNh
LzEvMVJYeTZSU2M0YlFveVBIdF9BQ1NGZUtFZjFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHqAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAyPHkOthXQ0UXKfSFOvzLS0/7L+GLhoz4uP94D
eXsKXtAQj2Dza4tPoSlRrUHB/QMTtOqutbjE6xc8rUC/8BBlXwmFhd4yJcOE+4GD
uUDZzRakPid2iH+Bh6LtiqjHXHLz+erMH5K6E5rTrgFaxwScofkbsX4NY2BkxgrT
QzFIZDjl4Oe7+ykBLSSp0WSjmau/V6egOvug93c5Hj8nMHoAeyGjXkYcBh+q7W3e
NCUhsSGliyFtyBYwWzQTAsvOAd2mRi9YMOD07FpVs1Jdwp+vGW83/IMxTDdyH6Vh
DdfxnSuiEqyfRYYcSnQWvd06EN2k2qFUHTFN70HX6sTHqvuu
-----END CERTIFICATE-----