Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ciz_VJshb0KDiOTpuzHACoOUhBk.roa
File:                     ciz_VJshb0KDiOTpuzHACoOUhBk.roa (raw, json)
Hash identifier:          G6ByIiM8WTiM2DrQereUB0S/Y7R94GcwLLsCJf59Gug=
Subject key identifier:   72:2C:FF:54:9B:21:6F:42:83:88:E4:E9:BB:31:C0:0A:83:94:84:19
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0191A16F29B1CD4DA1286E7D84C417D9E7E5
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ciz_VJshb0KDiOTpuzHACoOUhBk.roa
Signing time:             Fri 30 Aug 2024 03:58:22 +0000
ROA not before:           Fri 30 Aug 2024 03:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21738
IP address blocks:        2a01:e286::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a1:6f:29:b1:cd:4d:a1:28:6e:7d:84:c4:17:d9:e7:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Aug 30 03:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=722cff549b216f428388e4e9bb31c00a83948419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7f:06:c9:fa:2c:a4:03:a5:96:21:d1:f3:57:
                    9e:ec:ac:44:c5:d1:65:ab:b4:ba:4a:02:ac:78:72:
                    3c:76:0a:b5:3d:68:ae:48:d5:4b:6d:7e:d9:a6:56:
                    6d:c2:1d:ae:ee:6d:38:ba:e2:23:f3:51:d6:02:4c:
                    48:f0:85:56:1d:80:38:b0:56:c2:3b:be:17:19:21:
                    e0:54:bf:fa:ae:52:86:85:7b:55:56:b1:28:5c:8a:
                    4d:cf:98:da:c1:43:28:9b:98:99:04:4a:47:74:ce:
                    7d:cb:cf:0f:75:28:ef:8f:d1:d3:e6:1b:5d:85:82:
                    d6:83:b7:8b:0b:aa:91:3c:87:28:81:e4:35:3e:6f:
                    7e:b7:e1:4c:7a:a8:58:c5:9e:d3:15:6e:93:c7:52:
                    7b:e7:aa:e8:99:44:78:11:ff:7a:7c:24:7e:66:40:
                    8c:eb:e4:a2:ac:a1:27:b5:bc:09:45:55:64:12:c3:
                    cd:a2:f8:d2:bb:31:79:c8:0c:cc:a0:94:d6:db:b3:
                    08:82:45:60:9f:53:50:ed:be:2e:34:4b:8a:5b:92:
                    ae:4c:0a:91:11:38:1e:fa:31:1c:33:7a:b3:7b:b2:
                    43:1f:ad:7d:5c:4a:23:79:87:a7:85:70:da:65:c1:
                    88:e6:59:36:9b:3f:9c:15:c8:ee:7c:db:36:dc:70:
                    61:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:2C:FF:54:9B:21:6F:42:83:88:E4:E9:BB:31:C0:0A:83:94:84:19
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/ciz_VJshb0KDiOTpuzHACoOUhBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e286::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:45:44:0a:ee:c0:71:03:7e:22:6d:a6:c4:a7:94:96:34:27:
         ff:6c:3a:be:c0:3c:bc:8e:28:74:f5:88:2c:8b:1f:b2:97:89:
         fa:6c:64:94:e6:4f:a2:e5:8f:83:5a:31:b1:19:40:b0:77:c2:
         f2:0a:00:17:8e:c4:4a:5a:f7:b9:5b:6f:48:e3:f1:40:51:eb:
         bf:e4:83:1c:f3:d8:ca:e2:1d:97:01:4e:cd:2c:ba:1f:de:82:
         68:93:5c:cd:f4:2f:30:3f:bc:af:e7:38:54:f5:eb:51:a6:11:
         61:2b:3c:6d:7f:0b:8a:fd:c9:3d:6a:a2:3e:a6:72:5d:58:5c:
         81:98:5e:2f:12:59:95:0a:38:39:29:4d:4f:5a:25:14:5b:e8:
         3a:60:c2:48:94:f7:ef:9a:17:37:28:4e:96:f9:ae:0e:33:ba:
         fd:2f:87:0e:d8:a3:8a:d8:68:d4:7e:dc:4e:f7:a4:d8:54:f7:
         7c:0d:d3:89:10:f7:75:05:d8:45:d9:01:7e:6e:af:ae:cf:01:
         a7:c9:0f:c5:42:a8:48:c2:d2:4b:67:e5:65:9a:bb:bf:80:a0:
         71:39:38:9d:ca:24:b4:8f:4b:a7:78:55:6d:a8:92:1a:6c:54:
         1a:e6:9f:8b:70:1e:5f:ec:bb:62:19:8f:87:a0:c8:20:67:01:
         84:f6:59:0f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZGhbymxzU2hKG59hMQX2eflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwODMwMDM1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjJjZmY1NDliMjE2ZjQyODM4OGU0ZTliYjMxYzAwYTgzOTQ4NDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu38GyfospAOlliHR81ee7KxExdFl
q7S6SgKseHI8dgq1PWiuSNVLbX7ZplZtwh2u7m04uuIj81HWAkxI8IVWHYA4sFbC
O74XGSHgVL/6rlKGhXtVVrEoXIpNz5jawUMom5iZBEpHdM59y88PdSjvj9HT5htd
hYLWg7eLC6qRPIcogeQ1Pm9+t+FMeqhYxZ7TFW6Tx1J756romUR4Ef96fCR+ZkCM
6+SirKEntbwJRVVkEsPNovjSuzF5yAzMoJTW27MIgkVgn1NQ7b4uNEuKW5KuTAqR
ETge+jEcM3qze7JDH619XEojeYenhXDaZcGI5lk2mz+cFcjufNs23HBhBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHIs/1SbIW9Cg4jk6bsxwAqDlIQZMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvY2l6X1ZKc2hiMEtEaU9UcHV6SEFDb09VaEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgHihjAN
BgkqhkiG9w0BAQsFAAOCAQEABEVECu7AcQN+Im2mxKeUljQn/2w6vsA8vI4odPWI
LIsfspeJ+mxklOZPouWPg1oxsRlAsHfC8goAF47ESlr3uVtvSOPxQFHrv+SDHPPY
yuIdlwFOzSy6H96CaJNczfQvMD+8r+c4VPXrUaYRYSs8bX8Liv3JPWqiPqZyXVhc
gZheLxJZlQo4OSlNT1olFFvoOmDCSJT375oXNyhOlvmuDjO6/S+HDtijitho1H7c
Tvek2FT3fA3TiRD3dQXYRdkBfm6vrs8Bp8kPxUKoSMLSS2flZZq7v4CgcTk4ncok
tI9Lp3hVbaiSGmxUGuafi3AeX+y7YhmPh6DIIGcBhPZZDw==
-----END CERTIFICATE-----