Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/vjV2XtztJWFoywtP2jeJJ328mOI.roa
File:                     vjV2XtztJWFoywtP2jeJJ328mOI.roa (raw, json)
Hash identifier:          PhpjCTVkKUPo2ieTKvHeKhdkwHWJFMYRoy8uStX+vro=
Subject key identifier:   BE:35:76:5E:DC:ED:25:61:68:CB:0B:4F:DA:37:89:27:7D:BC:98:E2
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       0193251FA0FB157320DF8FF9FE73415F04F1
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/vjV2XtztJWFoywtP2jeJJ328mOI.roa
Signing time:             Wed 13 Nov 2024 10:44:10 +0000
ROA not before:           Wed 13 Nov 2024 10:44:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        2a0e:eec6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:25:1f:a0:fb:15:73:20:df:8f:f9:fe:73:41:5f:04:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Nov 13 10:44:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be35765edced256168cb0b4fda3789277dbc98e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:72:74:99:d6:c2:be:4f:2e:3f:fd:c3:90:8d:
                    f8:9d:85:e8:24:76:81:de:5e:fa:bd:01:4b:58:29:
                    57:ab:e2:37:3f:99:de:00:97:fc:ff:b2:ea:77:3a:
                    22:a9:e6:06:be:26:2d:b2:8a:b6:f0:0b:0b:2a:23:
                    89:4f:7b:d1:e1:e2:2c:eb:e5:ab:a3:68:78:ad:51:
                    72:50:a8:39:38:cd:ac:14:4f:b0:41:6c:c7:d1:36:
                    9d:27:a0:0d:9b:6e:e9:60:50:56:44:bc:b4:ac:ab:
                    36:d5:63:f3:eb:b3:9b:39:aa:c0:bb:32:cc:1b:50:
                    43:64:93:1a:0b:04:7b:77:ac:8f:20:b3:6b:8c:98:
                    11:47:2c:9c:0e:14:6b:79:d7:2d:94:5e:ac:cb:af:
                    49:e4:82:c5:03:b2:fc:94:dc:a7:b7:27:d3:0d:81:
                    0f:7e:bb:98:91:57:d4:bc:ac:7a:a0:ca:5b:57:b4:
                    72:f7:ad:17:e7:02:bf:30:aa:c8:2a:25:73:6a:1b:
                    8b:2d:d3:44:c2:75:e4:a4:d4:32:32:d9:90:82:ae:
                    14:2d:65:48:d8:51:df:f1:20:05:9e:eb:c4:80:c9:
                    8b:6f:6f:8d:bc:ea:c6:4a:9f:42:90:a6:b5:af:23:
                    5c:fa:c5:08:c6:e9:72:a2:02:57:a5:27:0f:fa:35:
                    32:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:35:76:5E:DC:ED:25:61:68:CB:0B:4F:DA:37:89:27:7D:BC:98:E2
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/vjV2XtztJWFoywtP2jeJJ328mOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eec6::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:29:fa:7e:a0:23:51:88:78:9e:00:9d:f3:81:46:4f:bb:8b:
         b1:9e:ea:b8:61:5d:74:85:c8:84:c7:66:5e:c3:20:06:3b:d4:
         b1:b2:c7:dd:34:1c:ec:9e:eb:2d:91:4a:a4:0d:73:69:56:5e:
         b3:9b:4c:5c:a5:e9:ce:c3:c0:d9:87:ee:74:36:09:65:a6:1a:
         c3:4f:92:05:3e:0b:93:54:3f:22:81:eb:9a:35:84:76:bb:8c:
         9f:52:07:e5:61:0c:b9:72:4a:18:6b:08:b2:f0:83:b7:68:27:
         76:86:50:0b:d6:cb:5b:93:6c:f4:32:46:bf:12:83:b4:2d:e6:
         16:0c:92:d4:c5:ee:cf:d9:de:7f:4b:c5:0e:2e:e1:8a:6a:65:
         49:1a:55:e4:fd:09:8f:05:24:9e:a4:9c:0c:61:c9:2e:2b:7e:
         a0:88:8a:51:f9:2a:76:e1:4c:85:4f:5b:ea:b9:5f:6f:9d:ca:
         c8:50:cb:1d:b6:5d:e8:f7:35:79:5e:52:8c:34:c9:98:0a:e1:
         91:90:9d:d8:d7:86:bf:fa:76:6e:e9:29:cb:9b:24:23:63:5c:
         bc:ca:f0:53:1f:64:dd:19:0d:71:f1:c5:d0:90:91:89:33:08:
         b4:6a:52:17:68:a2:52:08:8a:aa:80:8d:54:10:59:32:a8:2e:
         4d:1b:a7:81
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMlH6D7FXMg34/5/nNBXwTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQxMTEzMTA0NDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTM1NzY1ZWRjZWQyNTYxNjhjYjBiNGZkYTM3ODkyNzdkYmM5OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHJ0mdbCvk8uP/3DkI34nYXoJHaB
3l76vQFLWClXq+I3P5neAJf8/7LqdzoiqeYGviYtsoq28AsLKiOJT3vR4eIs6+Wr
o2h4rVFyUKg5OM2sFE+wQWzH0TadJ6ANm27pYFBWRLy0rKs21WPz67ObOarAuzLM
G1BDZJMaCwR7d6yPILNrjJgRRyycDhRredctlF6sy69J5ILFA7L8lNyntyfTDYEP
fruYkVfUvKx6oMpbV7Ry960X5wK/MKrIKiVzahuLLdNEwnXkpNQyMtmQgq4ULWVI
2FHf8SAFnuvEgMmLb2+NvOrGSp9CkKa1ryNc+sUIxulyogJXpScP+jUygwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL41dl7c7SVhaMsLT9o3iSd9vJjiMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvdmpWMlh0enRKV0ZveXd0UDJqZUpKMzI4bU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7uxjAN
BgkqhkiG9w0BAQsFAAOCAQEAVSn6fqAjUYh4ngCd84FGT7uLsZ7quGFddIXIhMdm
XsMgBjvUsbLH3TQc7J7rLZFKpA1zaVZes5tMXKXpzsPA2YfudDYJZaYaw0+SBT4L
k1Q/IoHrmjWEdruMn1IH5WEMuXJKGGsIsvCDt2gndoZQC9bLW5Ns9DJGvxKDtC3m
FgyS1MXuz9nef0vFDi7himplSRpV5P0JjwUknqScDGHJLit+oIiKUfkqduFMhU9b
6rlfb53KyFDLHbZd6Pc1eV5SjDTJmArhkZCd2NeGv/p2bukpy5skI2NcvMrwUx9k
3RkNcfHF0JCRiTMItGpSF2iiUgiKqoCNVBBZMqguTRungQ==
-----END CERTIFICATE-----