Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/ABYhrgYblAzzNP2i7d_edfvqDgQ.roa
File:                     ABYhrgYblAzzNP2i7d_edfvqDgQ.roa (raw, json)
Hash identifier:          2LW2uBOzh+3fiZu2lPsd3/sW+8Au6DyKrNMDcpvtXRU=
Subject key identifier:   00:16:21:AE:06:1B:94:0C:F3:34:FD:A2:ED:DF:DE:75:FB:EA:0E:04
Certificate issuer:       /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial:       019294B1C72787B54CCABA320FDF2973427D
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/ABYhrgYblAzzNP2i7d_edfvqDgQ.roa
Signing time:             Wed 16 Oct 2024 09:38:51 +0000
ROA not before:           Wed 16 Oct 2024 09:38:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214020
IP address blocks:        2a06:d1c1:70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:94:b1:c7:27:87:b5:4c:ca:ba:32:0f:df:29:73:42:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
        Validity
            Not Before: Oct 16 09:38:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=001621ae061b940cf334fda2eddfde75fbea0e04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:39:91:9c:92:ad:b7:43:76:5a:3e:07:77:79:
                    f2:aa:48:e8:0b:a8:2e:7a:d7:97:87:ab:fb:37:52:
                    fd:8f:20:49:0e:8f:96:91:46:31:56:9f:ff:e4:98:
                    e7:73:e2:54:e2:55:30:65:6b:ff:69:af:aa:eb:a1:
                    74:da:ce:a8:53:a7:24:5e:e4:83:95:77:fe:98:75:
                    90:ac:a0:f4:aa:81:50:d4:07:fb:50:db:9a:0e:85:
                    22:32:db:8f:60:cd:fc:5f:76:04:f8:79:a7:c6:74:
                    ed:5e:15:0f:03:72:01:42:7a:51:71:54:87:c9:6e:
                    09:f5:ec:9f:5a:7e:99:68:dc:2f:bb:ff:f5:3d:27:
                    b2:3f:6d:c5:e7:cf:ec:61:86:08:44:40:07:1c:e2:
                    74:b6:17:1a:3c:e2:bd:37:dc:45:f5:fa:14:6b:e5:
                    b1:ab:81:e5:e0:ee:a8:00:67:cd:f5:b7:7a:9b:ca:
                    16:20:b7:01:f1:40:73:dc:2d:01:09:6b:d9:84:d1:
                    e4:b8:a1:98:2b:73:df:db:dc:ba:e5:14:b0:0e:5f:
                    1c:3c:a4:c0:f2:a6:e7:f4:80:d6:ea:de:f2:b0:d7:
                    a7:15:58:94:64:4d:0a:a0:a6:0f:6f:a0:fc:5e:5c:
                    38:85:81:3e:35:95:a9:d9:45:48:0f:1f:7b:84:1c:
                    af:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:16:21:AE:06:1B:94:0C:F3:34:FD:A2:ED:DF:DE:75:FB:EA:0E:04
            X509v3 Authority Key Identifier:
                keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/ABYhrgYblAzzNP2i7d_edfvqDgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:d1c1:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         1a:8b:3f:8b:6f:63:14:24:7f:88:22:ea:d6:c7:67:56:2a:78:
         d6:3d:b7:56:62:be:19:8e:e8:d6:dc:62:f9:77:f7:d9:de:05:
         df:f3:8a:53:7f:87:94:eb:e8:7d:c5:56:29:c3:7b:ca:92:30:
         91:3e:68:fd:79:2d:93:82:3e:91:f3:4f:20:5d:51:ce:81:62:
         35:26:16:ea:d1:3c:ca:a8:36:81:96:cc:56:f8:4e:6a:14:72:
         ab:9c:f0:4a:06:83:87:7e:1d:6b:d2:28:7f:59:3c:31:45:57:
         48:40:65:1e:4d:84:28:3d:58:14:94:3a:b2:51:d0:af:9f:53:
         e3:98:51:22:7d:30:a0:e7:61:c9:eb:50:6f:66:4a:f0:3d:2d:
         16:0e:1c:c3:d0:86:99:d9:a5:90:ee:a7:d4:0d:b5:c6:10:f1:
         5f:97:02:ad:85:7d:3d:78:54:23:e9:06:5e:f4:20:19:9d:7a:
         5c:69:67:30:88:89:45:0e:0e:c6:81:13:7a:e4:9f:96:a5:d6:
         8b:37:eb:97:23:f8:f3:a3:af:89:a6:eb:a8:c4:1f:59:6c:5d:
         b5:56:ad:2a:da:43:e4:07:ef:a5:13:2d:25:a1:a5:d0:bc:81:
         01:f2:1b:f3:c5:c6:37:b4:6a:a7:27:b0:c0:04:28:f9:79:1a:
         4b:24:76:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZKUsccnh7VMyroyD98pc0J9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjQxMDE2MDkzODUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDE2MjFhZTA2MWI5NDBjZjMzNGZkYTJlZGRmZGU3NWZiZWEwZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TmRnJKtt0N2Wj4Hd3nyqkjoC6gu
eteXh6v7N1L9jyBJDo+WkUYxVp//5Jjnc+JU4lUwZWv/aa+q66F02s6oU6ckXuSD
lXf+mHWQrKD0qoFQ1Af7UNuaDoUiMtuPYM38X3YE+HmnxnTtXhUPA3IBQnpRcVSH
yW4J9eyfWn6ZaNwvu//1PSeyP23F58/sYYYIREAHHOJ0thcaPOK9N9xF9foUa+Wx
q4Hl4O6oAGfN9bd6m8oWILcB8UBz3C0BCWvZhNHkuKGYK3Pf29y65RSwDl8cPKTA
8qbn9IDW6t7ysNenFViUZE0KoKYPb6D8Xlw4hYE+NZWp2UVIDx97hByvfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAAWIa4GG5QM8zT9ou3f3nX76g4EMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvQUJZaHJnWWJsQXp6TlAyaTdkX2VkZnZxRGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbRwQBw
MA0GCSqGSIb3DQEBCwUAA4IBAQAaiz+Lb2MUJH+IIurWx2dWKnjWPbdWYr4ZjujW
3GL5d/fZ3gXf84pTf4eU6+h9xVYpw3vKkjCRPmj9eS2Tgj6R808gXVHOgWI1Jhbq
0TzKqDaBlsxW+E5qFHKrnPBKBoOHfh1r0ih/WTwxRVdIQGUeTYQoPVgUlDqyUdCv
n1PjmFEifTCg52HJ61BvZkrwPS0WDhzD0IaZ2aWQ7qfUDbXGEPFflwKthX09eFQj
6QZe9CAZnXpcaWcwiIlFDg7GgRN65J+WpdaLN+uXI/jzo6+JpuuoxB9ZbF21Vq0q
2kPkB++lEy0loaXQvIEB8hvzxcY3tGqnJ7DABCj5eRpLJHYp
-----END CERTIFICATE-----