Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Orj_NxXuKVJJKGB3782FP3hj-24.roa
File:                     Orj_NxXuKVJJKGB3782FP3hj-24.roa (raw, json)
Hash identifier:          ez1RPk9ObFkR9w3Ef+7JyTJ40N87w84dJ6FoTKwCGyE=
Subject key identifier:   3A:B8:FF:37:15:EE:29:52:49:28:60:77:EF:CD:85:3F:78:63:FB:6E
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0191D05AE1A320BA878EF43439E12ACC5B98
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Orj_NxXuKVJJKGB3782FP3hj-24.roa
Signing time:             Sun 08 Sep 2024 06:38:22 +0000
ROA not before:           Sun 08 Sep 2024 06:38:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216425
IP address blocks:        2a01:e281:a500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d0:5a:e1:a3:20:ba:87:8e:f4:34:39:e1:2a:cc:5b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Sep  8 06:38:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ab8ff3715ee295249286077efcd853f7863fb6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ee:76:19:07:40:e1:ec:a3:f0:5d:a1:62:55:
                    78:78:a7:a2:0b:7f:e2:94:92:17:e4:58:58:4b:be:
                    e8:7a:f1:a9:42:ed:67:f8:2d:23:ae:7b:5f:33:61:
                    28:ff:6d:85:cd:7d:97:90:64:46:b7:15:16:1e:54:
                    d3:1d:89:ae:7a:d0:2b:d6:fc:6f:45:34:68:ba:e6:
                    57:ca:4a:41:fc:20:6e:b4:0f:27:8e:8a:a3:39:c5:
                    5d:3f:11:51:40:17:a1:1b:d3:cd:be:b4:d8:f5:71:
                    8b:f6:0a:d7:1b:b1:01:c3:30:4a:8d:be:45:cd:c2:
                    8c:2a:2a:94:4d:1f:28:ca:7e:26:34:10:67:ae:df:
                    ea:f7:25:7f:32:25:43:bf:39:14:67:b3:89:37:73:
                    03:5f:06:91:17:e9:bf:03:39:5a:56:c6:ae:a5:79:
                    31:3f:8c:34:81:cb:7e:b9:67:00:12:a4:92:34:d1:
                    39:3a:72:36:a0:59:e7:0e:05:df:c5:5d:f2:ce:f1:
                    73:fa:eb:d6:dd:13:4c:4b:69:18:17:91:03:5f:6e:
                    6a:92:f6:b9:92:d4:31:6f:4a:36:32:67:fa:de:15:
                    20:5a:4b:07:4c:82:4f:ef:6e:de:0f:44:57:3b:69:
                    27:93:34:2f:fa:63:be:c9:49:ed:1e:02:5c:c6:07:
                    78:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:B8:FF:37:15:EE:29:52:49:28:60:77:EF:CD:85:3F:78:63:FB:6E
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Orj_NxXuKVJJKGB3782FP3hj-24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:a500::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:29:62:f5:90:88:40:fb:16:51:d6:c7:66:e2:04:c4:f2:35:
         bb:13:4e:68:0f:ba:07:9c:53:61:56:fa:c6:23:36:30:2d:78:
         03:f9:6a:38:06:73:37:8a:31:d7:bf:a4:d4:23:51:f8:09:8e:
         bd:45:8a:cb:26:9d:96:83:e1:f3:5a:fc:c2:f4:a0:ea:18:d9:
         38:52:df:49:6c:69:f8:5f:44:51:4d:26:f4:5e:c1:be:62:8b:
         1a:96:e1:69:12:b8:f3:8f:27:81:ee:07:b9:5f:c7:fb:ea:73:
         e6:52:07:58:2f:89:ec:10:3b:2e:bd:9d:79:96:0d:ea:66:f2:
         f3:1b:ca:9d:ff:80:09:48:c2:22:a5:10:bf:37:41:a2:7e:a3:
         80:65:21:0f:ac:40:65:e4:71:72:6c:3f:5c:f7:ce:a8:6c:19:
         05:68:bf:aa:76:96:d7:89:35:8a:88:d9:78:e7:6e:02:ac:0f:
         f5:81:d4:44:82:dc:5b:24:e5:98:ef:82:49:84:7e:36:08:08:
         3f:c1:7b:e1:c8:79:72:66:c1:7c:f6:4f:64:8d:07:ee:bc:25:
         29:64:b9:75:04:87:00:f1:9f:51:51:b9:87:19:47:b8:73:26:
         d9:df:0f:ef:eb:2e:fd:bb:6a:b9:e6:7f:29:9a:fa:5a:25:14:
         f3:05:c9:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZHQWuGjILqHjvQ0OeEqzFuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwOTA4MDYzODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWI4ZmYzNzE1ZWUyOTUyNDkyODYwNzdlZmNkODUzZjc4NjNmYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu52GQdA4eyj8F2hYlV4eKeiC3/i
lJIX5FhYS77oevGpQu1n+C0jrntfM2Eo/22FzX2XkGRGtxUWHlTTHYmuetAr1vxv
RTRouuZXykpB/CButA8njoqjOcVdPxFRQBehG9PNvrTY9XGL9grXG7EBwzBKjb5F
zcKMKiqUTR8oyn4mNBBnrt/q9yV/MiVDvzkUZ7OJN3MDXwaRF+m/AzlaVsaupXkx
P4w0gct+uWcAEqSSNNE5OnI2oFnnDgXfxV3yzvFz+uvW3RNMS2kYF5EDX25qkva5
ktQxb0o2Mmf63hUgWksHTIJP727eD0RXO2knkzQv+mO+yUntHgJcxgd4AQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDq4/zcV7ilSSShgd+/NhT94Y/tuMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvT3JqX054WHVLVkpKS0dCMzc4MkZQM2hqLTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigaUw
DQYJKoZIhvcNAQELBQADggEBAFEpYvWQiED7FlHWx2biBMTyNbsTTmgPugecU2FW
+sYjNjAteAP5ajgGczeKMde/pNQjUfgJjr1FissmnZaD4fNa/ML0oOoY2ThS30ls
afhfRFFNJvRewb5iixqW4WkSuPOPJ4HuB7lfx/vqc+ZSB1gviewQOy69nXmWDepm
8vMbyp3/gAlIwiKlEL83QaJ+o4BlIQ+sQGXkcXJsP1z3zqhsGQVov6p2lteJNYqI
2XjnbgKsD/WB1ESC3Fsk5ZjvgkmEfjYICD/Be+HIeXJmwXz2T2SNB+68JSlkuXUE
hwDxn1FRuYcZR7hzJtnfD+/rLv27arnmfyma+lolFPMFyf4=
-----END CERTIFICATE-----