Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/TBpBK5F7CdIX4NAU5malqN2yZHA.roa
File:                     TBpBK5F7CdIX4NAU5malqN2yZHA.roa (raw, json)
Hash identifier:          DTOis8P06OROqD70enBRgEvu+oKT5EJKXl7kbmDOobU=
Subject key identifier:   4C:1A:41:2B:91:7B:09:D2:17:E0:D0:14:E6:66:A5:A8:DD:B2:64:70
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0192213A1AC5AA2BD50A5308C8D05FC572EF
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/TBpBK5F7CdIX4NAU5malqN2yZHA.roa
Signing time:             Mon 23 Sep 2024 23:31:48 +0000
ROA not before:           Mon 23 Sep 2024 23:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207852
IP address blocks:        2a01:e281:aa00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:21:3a:1a:c5:aa:2b:d5:0a:53:08:c8:d0:5f:c5:72:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Sep 23 23:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c1a412b917b09d217e0d014e666a5a8ddb26470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a6:23:9e:5a:6e:70:08:cd:1f:5c:1b:e5:c1:
                    fe:62:a7:66:7e:f1:2c:88:3f:da:b8:32:24:bf:85:
                    1c:34:77:d9:10:6d:18:93:2e:b4:da:bd:5c:f9:f6:
                    2e:65:a7:27:3e:ff:79:1f:a6:37:a4:74:d0:c8:7d:
                    a2:84:d3:ac:6a:38:27:16:6d:76:de:ca:b7:ce:7b:
                    23:8b:b9:cc:ac:87:96:ea:3c:7d:91:36:14:16:59:
                    b9:4b:51:d2:89:f9:6f:e5:78:33:da:9f:5c:bb:c6:
                    72:8f:29:cc:7d:43:60:c5:08:d5:42:39:f3:24:64:
                    17:02:79:4a:f7:ca:7e:6b:74:72:51:fb:ef:e7:51:
                    c7:9e:31:c5:57:8d:34:d7:5f:c0:75:01:6b:b0:cd:
                    0a:9d:bc:54:65:7d:a1:44:83:58:c7:a2:24:8c:7b:
                    17:cd:0d:d6:0b:d2:1e:4a:a8:02:92:00:54:4c:ca:
                    25:5f:86:06:0e:4d:69:9a:11:79:04:3f:14:67:90:
                    4e:2d:bc:cd:71:8b:44:d1:5f:51:00:76:d0:2e:e7:
                    fc:3f:40:40:89:02:5e:4e:d6:80:2d:ca:ec:b3:69:
                    27:9a:b8:5d:af:49:d2:0f:a4:74:21:ec:a7:44:55:
                    63:cd:59:38:d8:9d:c8:b9:15:68:18:bd:54:74:83:
                    59:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1A:41:2B:91:7B:09:D2:17:E0:D0:14:E6:66:A5:A8:DD:B2:64:70
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/TBpBK5F7CdIX4NAU5malqN2yZHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:aa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         17:d6:81:8a:c0:79:c7:2c:cf:0b:4e:5e:17:9f:8a:30:1d:5d:
         ba:1f:b6:ff:c6:a9:b0:1c:15:f7:86:b9:00:b9:a6:4b:e9:69:
         8b:b7:f0:8e:21:b8:8d:20:bc:38:b5:ec:b5:87:82:d9:65:2e:
         62:c3:ce:18:62:cc:0e:d8:bf:c6:89:0c:b2:6c:32:21:0d:09:
         04:9f:15:22:e3:ea:b3:9f:b8:f9:f0:9b:bb:49:89:61:27:b8:
         4a:f4:e0:51:8e:e7:a5:e7:69:70:4a:11:65:e6:d8:9a:c2:6b:
         3f:46:02:fa:eb:a5:6d:19:25:12:b8:4c:9b:fa:d5:16:2b:ab:
         ae:ea:2d:b5:ca:15:b4:e6:f6:2d:1b:3f:cb:27:51:b2:3d:c2:
         d4:0b:a8:98:e9:fa:65:10:26:75:58:26:9b:75:74:22:c3:00:
         7f:70:e3:cf:11:0f:d7:c4:8e:f4:db:84:12:0b:98:2d:7f:f0:
         05:dd:a9:00:ff:42:31:61:97:af:3f:a5:30:d3:ec:f8:af:2a:
         fc:27:3d:7a:03:c9:2b:50:cf:2d:20:c1:5b:05:31:66:c5:56:
         28:23:85:a1:6a:c2:a0:0c:c7:49:59:ce:01:3d:34:66:13:f1:
         ea:2b:19:c6:d0:21:1a:f5:a8:a8:f1:52:b3:8e:35:3b:8b:21:
         e2:95:8d:c4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZIhOhrFqivVClMIyNBfxXLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwOTIzMjMzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFhNDEyYjkxN2IwOWQyMTdlMGQwMTRlNjY2YTVhOGRkYjI2NDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6YjnlpucAjNH1wb5cH+YqdmfvEs
iD/auDIkv4UcNHfZEG0Yky602r1c+fYuZacnPv95H6Y3pHTQyH2ihNOsajgnFm12
3sq3znsji7nMrIeW6jx9kTYUFlm5S1HSiflv5Xgz2p9cu8ZyjynMfUNgxQjVQjnz
JGQXAnlK98p+a3RyUfvv51HHnjHFV40011/AdQFrsM0KnbxUZX2hRINYx6IkjHsX
zQ3WC9IeSqgCkgBUTMolX4YGDk1pmhF5BD8UZ5BOLbzNcYtE0V9RAHbQLuf8P0BA
iQJeTtaALcrss2knmrhdr0nSD6R0IeynRFVjzVk42J3IuRVoGL1UdINZIwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEwaQSuRewnSF+DQFOZmpajdsmRwMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvVEJwQks1RjdDZElYNE5BVTVtYWxxTjJ5WkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigaow
DQYJKoZIhvcNAQELBQADggEBABfWgYrAeccszwtOXhefijAdXboftv/GqbAcFfeG
uQC5pkvpaYu38I4huI0gvDi17LWHgtllLmLDzhhizA7Yv8aJDLJsMiENCQSfFSLj
6rOfuPnwm7tJiWEnuEr04FGO56XnaXBKEWXm2JrCaz9GAvrrpW0ZJRK4TJv61RYr
q67qLbXKFbTm9i0bP8snUbI9wtQLqJjp+mUQJnVYJpt1dCLDAH9w488RD9fEjvTb
hBILmC1/8AXdqQD/QjFhl68/pTDT7PivKvwnPXoDyStQzy0gwVsFMWbFVigjhaFq
wqAMx0lZzgE9NGYT8eorGcbQIRr1qKjxUrOONTuLIeKVjcQ=
-----END CERTIFICATE-----