Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ZVVvUV6DICCnrxJTuwTMJr-62qw.roa
File:                     ZVVvUV6DICCnrxJTuwTMJr-62qw.roa (raw, json)
Hash identifier:          XtqbI+7l1FLAp6wmS4Eb0at2O+122yfrRrYn5XtTDbg=
Subject key identifier:   65:55:6F:51:5E:83:20:20:A7:AF:12:53:BB:04:CC:26:BF:BA:DA:AC
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       01934AF154869C08761A57EE22C9C6A9A11C
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ZVVvUV6DICCnrxJTuwTMJr-62qw.roa
Signing time:             Wed 20 Nov 2024 18:59:09 +0000
ROA not before:           Wed 20 Nov 2024 18:59:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a01:e285::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:f1:54:86:9c:08:76:1a:57:ee:22:c9:c6:a9:a1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Nov 20 18:59:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65556f515e832020a7af1253bb04cc26bfbadaac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:00:c5:43:82:f8:d1:22:95:7d:90:ea:f5:cc:
                    e0:fd:b9:b6:33:f5:f8:ae:2e:b0:45:be:90:06:a8:
                    a1:ba:fb:d0:8f:e2:a4:c4:a6:bd:63:7b:40:1f:e9:
                    84:6c:45:2c:14:ed:71:0d:98:d9:c9:31:56:13:a4:
                    13:d8:35:f3:6c:bb:ce:df:ff:bc:86:58:ce:54:44:
                    5b:f7:64:ca:45:d1:a4:7a:a9:25:8c:7d:50:8d:7a:
                    87:36:3c:c2:97:9d:63:af:df:2a:b9:e9:44:16:f8:
                    49:21:55:87:b6:a5:48:7b:17:8f:12:a6:56:54:b4:
                    65:76:68:f0:5b:55:a4:02:eb:9e:49:64:2b:75:a6:
                    2f:98:99:0c:42:60:9d:f8:78:14:47:36:79:af:c0:
                    cb:50:60:7e:2f:3f:66:b9:63:85:dc:db:7f:ff:d0:
                    86:d3:82:ea:6d:e4:bc:e8:d8:58:ad:44:3c:53:3f:
                    3c:a5:34:e4:b0:90:88:5b:dd:67:2a:d2:34:88:53:
                    46:af:b7:83:35:00:de:4e:48:e8:82:7e:9d:42:ba:
                    80:d4:bf:ec:ad:99:04:65:f2:eb:fe:5c:a5:a5:b0:
                    14:81:08:bd:95:1a:e5:32:1e:12:84:bc:d2:d5:23:
                    26:1c:89:0c:24:b7:14:78:73:49:12:75:e8:a0:0f:
                    71:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:55:6F:51:5E:83:20:20:A7:AF:12:53:BB:04:CC:26:BF:BA:DA:AC
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ZVVvUV6DICCnrxJTuwTMJr-62qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e285::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:e1:96:5f:2c:74:ab:33:f4:96:b7:6d:62:36:57:77:62:65:
         c8:d6:41:b9:27:64:e0:8d:dc:26:e8:05:0f:06:7f:e1:33:3e:
         78:c3:79:3c:3f:f7:5c:30:3b:fe:84:33:5b:11:7d:79:4a:6b:
         70:73:f6:3e:37:ec:d5:b2:47:b2:3b:81:71:1c:ae:01:98:a5:
         fd:f5:20:39:78:ff:4e:1d:a2:fc:a1:66:76:24:67:28:7b:2c:
         c7:e4:73:ed:d3:88:8f:a9:5f:ab:a4:f9:59:5e:53:6b:6d:27:
         da:98:46:ba:1d:83:45:a4:d7:29:25:2e:7f:76:f8:2a:c1:f6:
         58:83:cc:a2:1c:e2:07:8d:e6:87:2a:9c:8e:e1:da:23:ae:fe:
         6c:7b:5f:b9:93:bb:c6:18:65:9f:2b:74:d3:2d:04:eb:99:fe:
         aa:64:07:fd:d6:a1:4e:be:65:7b:35:fb:9e:59:5d:27:b6:95:
         ea:f9:dc:d4:c1:1d:a1:c6:de:8f:d0:9e:f8:00:ee:8c:7a:d7:
         35:46:37:a3:ce:3c:35:f2:54:03:79:c9:00:a4:02:8f:37:b5:
         22:7a:91:ca:67:05:bc:a1:41:d8:a0:27:bd:65:6b:09:91:51:
         8a:1d:07:60:b0:cd:e9:38:6a:e5:8c:55:58:21:14:11:fe:27:
         f0:e4:2a:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNK8VSGnAh2GlfuIsnGqaEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQxMTIwMTg1OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTU1NmY1MTVlODMyMDIwYTdhZjEyNTNiYjA0Y2MyNmJmYmFkYWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wDFQ4L40SKVfZDq9czg/bm2M/X4
ri6wRb6QBqihuvvQj+KkxKa9Y3tAH+mEbEUsFO1xDZjZyTFWE6QT2DXzbLvO3/+8
hljOVERb92TKRdGkeqkljH1QjXqHNjzCl51jr98quelEFvhJIVWHtqVIexePEqZW
VLRldmjwW1WkAuueSWQrdaYvmJkMQmCd+HgURzZ5r8DLUGB+Lz9muWOF3Nt//9CG
04LqbeS86NhYrUQ8Uz88pTTksJCIW91nKtI0iFNGr7eDNQDeTkjogn6dQrqA1L/s
rZkEZfLr/lylpbAUgQi9lRrlMh4ShLzS1SMmHIkMJLcUeHNJEnXooA9x8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGVVb1FegyAgp68SU7sEzCa/utqsMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvWlZWdlVWNkRJQ0NucnhKVHV3VE1Kci02MnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHihTAN
BgkqhkiG9w0BAQsFAAOCAQEADeGWXyx0qzP0lrdtYjZXd2JlyNZBuSdk4I3cJugF
DwZ/4TM+eMN5PD/3XDA7/oQzWxF9eUprcHP2Pjfs1bJHsjuBcRyuAZil/fUgOXj/
Th2i/KFmdiRnKHssx+Rz7dOIj6lfq6T5WV5Ta20n2phGuh2DRaTXKSUuf3b4KsH2
WIPMohziB43mhyqcjuHaI67+bHtfuZO7xhhlnyt00y0E65n+qmQH/dahTr5lezX7
nlldJ7aV6vnc1MEdocbej9Ce+ADujHrXNUY3o848NfJUA3nJAKQCjze1InqRymcF
vKFB2KAnvWVrCZFRih0HYLDN6Thq5YxVWCEUEf4n8OQqiw==
-----END CERTIFICATE-----