Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/tjzM8cJrnKLxdT64yqmr5Lezjdg.roa
File:                     tjzM8cJrnKLxdT64yqmr5Lezjdg.roa (raw, json)
Hash identifier:          DEfXPzAGfkUKgJuQfYmOd1kK2ogpNpxIwkG+c2zKXP8=
Subject key identifier:   B6:3C:CC:F1:C2:6B:9C:A2:F1:75:3E:B8:CA:A9:AB:E4:B7:B3:8D:D8
Certificate issuer:       /CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
Certificate serial:       0193555A6D757A645E6B75C68C9D4CEE6A7F
Authority key identifier: F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/tjzM8cJrnKLxdT64yqmr5Lezjdg.roa
Signing time:             Fri 22 Nov 2024 19:30:09 +0000
ROA not before:           Fri 22 Nov 2024 19:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215568
IP address blocks:        2a01:f140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:5a:6d:75:7a:64:5e:6b:75:c6:8c:9d:4c:ee:6a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
        Validity
            Not Before: Nov 22 19:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b63cccf1c26b9ca2f1753eb8caa9abe4b7b38dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:01:38:9a:0d:c1:06:04:b1:1f:ac:60:1f:3e:
                    30:f1:4c:44:a6:bb:81:91:0f:cf:80:68:7d:02:e8:
                    c5:e2:d4:0f:be:0e:01:32:6a:c2:28:03:fa:15:00:
                    3e:5a:8d:d7:f4:51:ff:b2:b0:ea:ae:ab:bb:e4:ae:
                    1c:5a:62:c3:56:57:47:82:57:7f:d9:09:de:d0:a3:
                    b7:89:fa:db:67:56:84:8f:e1:63:b5:e7:62:23:a1:
                    fc:e1:b6:6e:63:54:f6:c3:ca:c0:ea:6a:01:66:de:
                    3b:b3:21:47:fd:9d:a5:54:c7:fb:87:b7:70:d6:f0:
                    33:f9:60:cd:d2:2d:78:45:db:27:4e:f7:3f:26:b7:
                    d4:e7:76:02:cb:0a:13:4a:00:dd:e0:ef:b5:35:66:
                    0a:f1:32:99:54:d8:16:d3:b0:48:5f:e5:42:da:10:
                    02:58:cd:53:c7:a2:e6:5a:6b:f9:70:f2:ee:24:05:
                    f0:fc:aa:59:85:86:34:d1:d9:ef:9a:2f:bb:71:d0:
                    ee:1a:e6:a7:de:9b:dd:72:65:78:55:91:f4:a4:ab:
                    13:2b:ae:40:42:ba:1c:03:c8:43:9f:39:ac:68:36:
                    3c:7f:27:95:29:18:21:8e:c4:64:e0:ca:2e:f0:49:
                    4d:8b:27:06:f0:df:7d:d3:29:a7:d6:ec:19:36:5e:
                    eb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:3C:CC:F1:C2:6B:9C:A2:F1:75:3E:B8:CA:A9:AB:E4:B7:B3:8D:D8
            X509v3 Authority Key Identifier:
                keyid:F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/tjzM8cJrnKLxdT64yqmr5Lezjdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f140::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:af:9e:24:5b:a5:01:d1:a2:68:ff:e5:fd:9e:b6:c6:a6:3d:
         51:44:c6:18:fb:50:b9:e8:2a:91:dc:33:e4:54:eb:5e:66:c1:
         16:3d:4a:96:da:4a:bb:d9:e2:ed:2d:91:51:51:e0:3c:d2:c1:
         6f:f1:a0:ba:a9:55:9f:54:5e:76:2c:b5:c4:da:69:7c:b7:cc:
         b8:69:8c:44:44:df:27:c0:9b:4b:60:2a:d4:74:4a:09:0b:30:
         46:0e:a4:c0:3c:72:d6:4d:24:a8:e5:67:eb:93:d0:ab:80:cb:
         01:dc:d1:75:90:6a:62:fd:fd:65:36:32:17:a0:08:2f:d5:e1:
         9f:17:7e:ef:34:50:69:27:0a:d4:31:b1:22:21:7d:ff:c2:7e:
         49:37:22:db:43:4b:98:14:ac:d4:d3:9a:ac:9a:2f:de:03:34:
         7c:56:6a:55:e9:25:7f:37:2e:2d:c9:dc:72:6e:a1:8d:3c:4f:
         70:fa:4f:bf:dd:ec:ab:ef:16:30:0d:17:99:0a:ea:50:81:66:
         08:13:35:4f:f7:04:dd:c4:0a:7a:46:8b:b3:f2:5f:1e:d7:02:
         8e:bb:63:6b:c9:62:cf:36:8e:30:61:1e:1f:c9:b6:38:d0:4d:
         4e:da:14:34:82:4a:8a:15:2f:84:5e:01:55:ed:96:30:a7:31:
         0a:17:16:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNVWm11emRea3XGjJ1M7mp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MmU5YzkxNDZlZDdiYzU4Yzg1Y2RhYjZlYjg1OGU0MjI4
NmVlZjQwHhcNMjQxMTIyMTkzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjNjY2NmMWMyNmI5Y2EyZjE3NTNlYjhjYWE5YWJlNGI3YjM4ZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogE4mg3BBgSxH6xgHz4w8UxEpruB
kQ/PgGh9AujF4tQPvg4BMmrCKAP6FQA+Wo3X9FH/srDqrqu75K4cWmLDVldHgld/
2Qne0KO3ifrbZ1aEj+FjtediI6H84bZuY1T2w8rA6moBZt47syFH/Z2lVMf7h7dw
1vAz+WDN0i14RdsnTvc/JrfU53YCywoTSgDd4O+1NWYK8TKZVNgW07BIX+VC2hAC
WM1Tx6LmWmv5cPLuJAXw/KpZhYY00dnvmi+7cdDuGuan3pvdcmV4VZH0pKsTK65A
QrocA8hDnzmsaDY8fyeVKRghjsRk4Mou8ElNiycG8N990ymn1uwZNl7r9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLY8zPHCa5yi8XU+uMqpq+S3s43YMB8GA1UdIwQY
MBaAFPcunJFG7XvFjIXNq264WOQihu70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2Et
ZDUxNmYwZTE0ODdiLzEvdGp6TThjSnJuS0x4ZFQ2NHlxbXI1TGV6amRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2EtZDUxNmYwZTE0ODdi
LzEvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHxQDAN
BgkqhkiG9w0BAQsFAAOCAQEAeq+eJFulAdGiaP/l/Z62xqY9UUTGGPtQuegqkdwz
5FTrXmbBFj1KltpKu9ni7S2RUVHgPNLBb/GguqlVn1Rediy1xNppfLfMuGmMRETf
J8CbS2Aq1HRKCQswRg6kwDxy1k0kqOVn65PQq4DLAdzRdZBqYv39ZTYyF6AIL9Xh
nxd+7zRQaScK1DGxIiF9/8J+STci20NLmBSs1NOarJov3gM0fFZqVeklfzcuLcnc
cm6hjTxPcPpPv93sq+8WMA0XmQrqUIFmCBM1T/cE3cQKekaLs/JfHtcCjrtja8li
zzaOMGEeH8m2ONBNTtoUNIJKihUvhF4BVe2WMKcxChcWfw==
-----END CERTIFICATE-----