Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/7EiakR7IvzJmFBcHIpWN_qrbwOk.roa
File:                     7EiakR7IvzJmFBcHIpWN_qrbwOk.roa (raw, json)
Hash identifier:          FgVWGaJxeAZOC6gguPIGm7BoE0ELhFeHgQKBCUP3wCE=
Subject key identifier:   EC:48:9A:91:1E:C8:BF:32:66:14:17:07:22:95:8D:FE:AA:DB:C0:E9
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       01917B17CB3D812814CEFBB4407296AA8477
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/7EiakR7IvzJmFBcHIpWN_qrbwOk.roa
Signing time:             Thu 22 Aug 2024 17:17:22 +0000
ROA not before:           Thu 22 Aug 2024 17:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        2a01:e287::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 20:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7b:17:cb:3d:81:28:14:ce:fb:b4:40:72:96:aa:84:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Aug 22 17:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec489a911ec8bf326614170722958dfeaadbc0e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:2b:45:83:75:3c:27:cf:46:ed:2d:b8:b6:96:
                    8d:1f:b7:d9:f7:e4:9a:5a:6d:e2:9e:fa:b2:46:1f:
                    df:d8:b9:7a:c4:32:1f:3b:99:72:20:55:dc:14:8d:
                    31:2e:51:81:22:cf:59:58:61:f5:81:f5:15:d9:02:
                    3a:d6:02:97:f1:67:02:5b:86:8e:db:38:ab:ec:24:
                    0b:73:a8:d5:e5:4f:29:a2:fd:20:e8:e7:5a:75:e2:
                    91:cf:25:fd:0c:85:58:76:81:ff:37:3e:43:0e:0b:
                    a3:b9:58:f3:6c:5c:9a:20:5a:99:7d:9b:2c:4e:c4:
                    d8:d6:38:db:a3:0a:94:4b:50:dd:b3:2b:bf:8a:24:
                    2d:31:bf:d2:79:c1:e9:77:56:ac:f6:b3:ba:01:e3:
                    0e:2a:fc:51:00:71:d7:7d:1d:3f:f7:99:04:b5:cb:
                    87:a0:99:54:f9:2f:16:38:69:ff:47:cf:cf:b8:5e:
                    30:cd:00:ff:8d:07:54:5e:dd:7a:5b:49:a9:7f:48:
                    fb:99:4f:49:db:40:85:17:ce:bd:76:d1:e6:14:00:
                    a9:75:3b:24:c7:72:cc:19:c1:fd:9a:34:5a:1a:4f:
                    1a:a4:70:e6:5b:f9:40:49:a6:44:90:8b:cd:44:33:
                    9c:31:90:af:0b:39:eb:13:b0:d1:1f:a4:2f:d3:42:
                    1f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:48:9A:91:1E:C8:BF:32:66:14:17:07:22:95:8D:FE:AA:DB:C0:E9
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/7EiakR7IvzJmFBcHIpWN_qrbwOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e287::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:54:5d:9d:de:38:91:66:d4:19:e7:0a:a6:65:f1:bf:1b:bb:
         a5:4c:de:04:35:fe:3d:c9:d6:ac:fe:db:1f:e1:78:e3:09:1f:
         d7:b2:c8:f2:9b:30:62:0e:51:f3:d4:42:d6:16:f8:79:de:df:
         47:6f:6d:3b:4f:4b:81:4a:17:40:a2:f6:d3:45:cc:78:bf:d7:
         54:8b:76:78:b9:44:f2:ad:63:06:9b:62:bc:21:8d:3e:10:83:
         88:d6:bc:27:b7:78:78:67:40:75:5f:6c:75:62:e9:c6:30:6d:
         29:2d:13:50:1b:3b:1f:0f:eb:a8:c5:ce:67:30:2b:67:7a:6f:
         83:db:df:23:83:fb:c3:87:05:5e:d9:33:d7:68:f3:ef:1f:1e:
         1d:5c:46:49:08:1b:12:2c:71:fb:02:72:e4:ec:f3:5b:5b:8e:
         d4:b7:48:c1:73:83:6d:56:58:e4:b2:e0:70:b4:e6:5d:ca:e5:
         ab:cf:ce:60:6a:d3:85:67:d3:1a:91:9c:ac:bc:10:7f:e8:09:
         b2:a5:d5:cc:a8:58:44:18:a6:af:bb:0f:8a:90:ed:04:f2:6b:
         34:c9:9e:c1:a5:7c:9c:b4:a2:13:9b:ac:43:37:ba:08:62:eb:
         bd:c2:c6:f8:e4:dd:36:f2:ae:54:4d:53:e3:95:ab:4e:9b:55:
         85:fc:32:37
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZF7F8s9gSgUzvu0QHKWqoR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwODIyMTcxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQ4OWE5MTFlYzhiZjMyNjYxNDE3MDcyMjk1OGRmZWFhZGJjMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ytFg3U8J89G7S24tpaNH7fZ9+Sa
Wm3invqyRh/f2Ll6xDIfO5lyIFXcFI0xLlGBIs9ZWGH1gfUV2QI61gKX8WcCW4aO
2zir7CQLc6jV5U8pov0g6OdadeKRzyX9DIVYdoH/Nz5DDgujuVjzbFyaIFqZfZss
TsTY1jjbowqUS1Ddsyu/iiQtMb/SecHpd1as9rO6AeMOKvxRAHHXfR0/95kEtcuH
oJlU+S8WOGn/R8/PuF4wzQD/jQdUXt16W0mpf0j7mU9J20CFF869dtHmFACpdTsk
x3LMGcH9mjRaGk8apHDmW/lASaZEkIvNRDOcMZCvCznrE7DRH6Qv00IflQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOxImpEeyL8yZhQXByKVjf6q28DpMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvN0VpYWtSN0l2ekptRkJjSElwV05fcXJid09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHihzAN
BgkqhkiG9w0BAQsFAAOCAQEAmFRdnd44kWbUGecKpmXxvxu7pUzeBDX+PcnWrP7b
H+F44wkf17LI8pswYg5R89RC1hb4ed7fR29tO09LgUoXQKL200XMeL/XVIt2eLlE
8q1jBptivCGNPhCDiNa8J7d4eGdAdV9sdWLpxjBtKS0TUBs7Hw/rqMXOZzArZ3pv
g9vfI4P7w4cFXtkz12jz7x8eHVxGSQgbEixx+wJy5OzzW1uO1LdIwXODbVZY5LLg
cLTmXcrlq8/OYGrThWfTGpGcrLwQf+gJsqXVzKhYRBimr7sPipDtBPJrNMmewaV8
nLSiE5usQze6CGLrvcLG+OTdNvKuVE1T45WrTptVhfwyNw==
-----END CERTIFICATE-----