Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/PYN6P17szd0mSRyOJmP8qyg6tVE.roa
File:                     PYN6P17szd0mSRyOJmP8qyg6tVE.roa (raw, json)
Hash identifier:          N8ROZ4/F3M0e0MNWQ/P5XciviWKxi3iBui5kari0Tow=
Subject key identifier:   3D:83:7A:3F:5E:EC:CD:DD:26:49:1C:8E:26:63:FC:AB:28:3A:B5:51
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0191920C9087373C331D1E4B5A89AB4EF6ED
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/PYN6P17szd0mSRyOJmP8qyg6tVE.roa
Signing time:             Tue 27 Aug 2024 04:16:22 +0000
ROA not before:           Tue 27 Aug 2024 04:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50104
IP address blocks:        2a01:e281:a764::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 20:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:92:0c:90:87:37:3c:33:1d:1e:4b:5a:89:ab:4e:f6:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Aug 27 04:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d837a3f5eeccddd26491c8e2663fcab283ab551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f4:22:42:f9:17:06:76:70:b8:3b:e9:50:5f:
                    6b:12:c0:56:5a:35:e6:3f:96:be:33:4c:42:24:cd:
                    8c:c3:e8:de:43:d6:6d:c7:50:3a:b6:77:23:12:46:
                    34:46:67:e2:98:60:84:13:87:3e:b5:92:19:e9:ed:
                    07:10:c0:32:75:da:8e:2e:1b:ba:de:4c:98:18:5b:
                    cd:9d:ee:c4:9b:51:cb:d5:51:b7:f5:10:4f:7e:0b:
                    72:f5:b8:f7:35:04:03:f1:d9:95:d0:ca:f1:80:f5:
                    16:b0:05:4e:90:a7:07:96:c0:8b:fd:f7:5d:be:ad:
                    07:fd:25:9a:8d:e8:9e:1f:6a:1d:64:eb:35:cc:94:
                    26:1a:f2:3f:70:6f:1e:25:52:02:b8:c0:01:73:e3:
                    34:6f:77:51:0e:4c:55:e0:30:e9:e8:2a:72:1f:63:
                    cf:90:63:b8:a4:83:89:e6:6f:4c:19:21:64:7b:33:
                    22:b7:a8:87:99:8a:a9:2a:58:9f:4e:68:6f:65:24:
                    40:fb:2a:41:56:18:99:f8:9a:c7:f3:7c:5e:6d:01:
                    4b:77:b9:74:74:37:a1:3c:80:b7:0b:c5:18:cc:83:
                    81:35:3b:75:31:5f:30:ef:20:4c:d2:30:b7:32:8b:
                    42:a0:0f:9b:d7:3a:bd:bf:42:65:4e:36:24:b8:e4:
                    b8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:83:7A:3F:5E:EC:CD:DD:26:49:1C:8E:26:63:FC:AB:28:3A:B5:51
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/PYN6P17szd0mSRyOJmP8qyg6tVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:a764::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:9c:4a:ac:f7:c3:67:1b:20:ae:7a:d5:84:b2:1c:cb:27:d4:
         52:28:1d:e2:a7:d9:d8:db:8d:fa:a8:34:e8:d3:5a:9a:f1:ac:
         c6:3c:64:b0:70:51:b6:18:78:57:c7:e0:9e:bf:2a:60:1d:95:
         58:dd:e3:43:56:51:b4:0f:c9:c0:fb:fa:bb:a3:d2:68:08:5b:
         3f:a2:d6:64:37:cf:7a:82:ad:18:bd:c7:eb:bb:eb:81:b3:3f:
         ab:e7:b2:35:81:8e:36:b2:c6:8d:0d:9e:67:87:a9:aa:00:e2:
         e7:c6:7a:65:32:25:63:1c:49:41:0d:dc:9e:09:08:90:8b:7f:
         ab:32:06:59:9a:16:e3:fc:e1:60:48:71:3e:04:fa:3f:23:b5:
         16:dc:bd:a0:d0:90:f0:d1:09:40:02:7f:f9:2a:56:60:b7:45:
         27:e0:37:11:cb:35:06:7f:51:22:6f:84:7a:47:6a:35:e4:91:
         ed:30:0b:ac:19:0f:53:38:76:5f:fd:b5:8a:c9:11:fd:4b:c7:
         98:17:0b:22:41:99:69:8b:1e:0b:6c:77:96:07:81:57:6c:fb:
         52:29:7e:cc:32:5d:7e:bb:7b:4d:d2:18:b8:61:e1:87:67:58:
         87:a5:d1:84:41:25:f2:8e:bf:fa:7e:fe:d3:bf:3a:94:64:68:
         9c:b8:6b:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGSDJCHNzwzHR5LWomrTvbtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwODI3MDQxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDgzN2EzZjVlZWNjZGRkMjY0OTFjOGUyNjYzZmNhYjI4M2FiNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/QiQvkXBnZwuDvpUF9rEsBWWjXm
P5a+M0xCJM2Mw+jeQ9Ztx1A6tncjEkY0RmfimGCEE4c+tZIZ6e0HEMAyddqOLhu6
3kyYGFvNne7Em1HL1VG39RBPfgty9bj3NQQD8dmV0MrxgPUWsAVOkKcHlsCL/fdd
vq0H/SWajeieH2odZOs1zJQmGvI/cG8eJVICuMABc+M0b3dRDkxV4DDp6CpyH2PP
kGO4pIOJ5m9MGSFkezMit6iHmYqpKlifTmhvZSRA+ypBVhiZ+JrH83xebQFLd7l0
dDehPIC3C8UYzIOBNTt1MV8w7yBM0jC3MotCoA+b1zq9v0JlTjYkuOS4mwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD2Dej9e7M3dJkkcjiZj/KsoOrVRMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvUFlONlAxN3N6ZDBtU1J5T0ptUDhxeWc2dFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHigadk
MA0GCSqGSIb3DQEBCwUAA4IBAQCFnEqs98NnGyCuetWEshzLJ9RSKB3ip9nY2436
qDTo01qa8azGPGSwcFG2GHhXx+CevypgHZVY3eNDVlG0D8nA+/q7o9JoCFs/otZk
N896gq0Yvcfru+uBsz+r57I1gY42ssaNDZ5nh6mqAOLnxnplMiVjHElBDdyeCQiQ
i3+rMgZZmhbj/OFgSHE+BPo/I7UW3L2g0JDw0QlAAn/5KlZgt0Un4DcRyzUGf1Ei
b4R6R2o15JHtMAusGQ9TOHZf/bWKyRH9S8eYFwsiQZlpix4LbHeWB4FXbPtSKX7M
Ml1+u3tN0hi4YeGHZ1iHpdGEQSXyjr/6fv7TvzqUZGicuGsI
-----END CERTIFICATE-----