Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/iMb5uQ20k4EGQUwn9NTULi4N6I0.roa
File:                     iMb5uQ20k4EGQUwn9NTULi4N6I0.roa (raw, json)
Hash identifier:          /vO6AR8oDauypN3+9OZGuD4g+LHst6eo9f+3uXPAY3E=
Subject key identifier:   88:C6:F9:B9:0D:B4:93:81:06:41:4C:27:F4:D4:D4:2E:2E:0D:E8:8D
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0192E3FED42092F148F630096A7CDEDC8F27
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/iMb5uQ20k4EGQUwn9NTULi4N6I0.roa
Signing time:             Thu 31 Oct 2024 19:13:01 +0000
ROA not before:           Thu 31 Oct 2024 19:13:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36832
IP address blocks:        2a01:e281:af00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:fe:d4:20:92:f1:48:f6:30:09:6a:7c:de:dc:8f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Oct 31 19:13:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88c6f9b90db4938106414c27f4d4d42e2e0de88d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:2b:89:b9:07:9a:d8:5c:9e:9e:b1:f3:d7:56:
                    80:25:b6:c5:8c:39:21:25:2e:39:37:91:21:7b:63:
                    36:be:c0:2b:82:9d:31:39:16:6d:00:ce:aa:0d:d6:
                    be:be:d8:56:4d:f8:d0:34:00:b2:c3:55:6d:8b:fc:
                    67:0f:14:63:a9:a6:cf:02:42:cf:ba:2f:b6:84:bc:
                    61:97:30:76:bb:31:d4:c4:4d:bc:9b:6e:d9:59:b6:
                    77:49:60:d4:09:c3:54:92:5d:77:c3:6e:cb:be:e1:
                    bc:43:5f:89:35:5b:84:7e:0c:17:58:cb:a0:dd:ee:
                    e2:ec:d7:5c:5e:75:94:d6:81:2c:8e:81:02:b4:fb:
                    29:30:ea:7d:c3:99:f9:07:dd:d9:9b:db:4d:93:eb:
                    93:47:96:52:f1:31:3a:06:d4:0d:29:c3:b7:96:57:
                    c5:c1:a4:ef:d8:3f:04:9f:71:4b:5a:82:7c:d2:fb:
                    4b:0a:72:4e:96:80:5c:82:0b:4a:cb:93:db:2a:3f:
                    2a:02:ec:9e:09:ed:3b:b9:c3:88:6e:86:70:15:6a:
                    17:10:9f:dd:ad:6f:f4:6a:25:38:6c:18:c2:1a:80:
                    af:68:b9:fe:63:66:4b:76:63:d2:71:ef:eb:e0:ac:
                    bc:c9:22:fb:41:fa:4c:d3:f2:cc:58:bb:31:ef:6f:
                    07:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C6:F9:B9:0D:B4:93:81:06:41:4C:27:F4:D4:D4:2E:2E:0D:E8:8D
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/iMb5uQ20k4EGQUwn9NTULi4N6I0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:af00::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:80:d1:70:3d:03:c1:07:81:97:1f:61:bf:76:3a:15:4d:6a:
         3f:2e:40:6d:92:7d:40:41:71:ca:23:eb:8b:10:38:fe:dd:ad:
         14:1b:5b:4c:e2:7c:d2:e3:02:f3:99:7d:f3:95:7c:94:c0:76:
         70:cb:e1:d9:d2:93:9e:9d:d1:52:08:95:05:68:1c:e9:3b:05:
         55:f7:ed:dc:0f:e4:7c:50:fc:cb:18:dd:bc:39:03:3a:c8:ab:
         f6:18:9d:d1:32:72:e0:a1:2d:40:27:d0:c3:c1:29:f7:b9:84:
         9e:b7:84:d0:3f:50:fe:9f:0b:ce:f8:12:a1:92:5f:0f:24:b7:
         02:ad:9c:78:11:1e:6d:25:1b:a7:ef:22:39:6f:3e:d5:29:27:
         5e:2b:92:10:36:89:1f:bc:c5:ec:ba:7e:ba:57:03:c8:61:95:
         12:51:de:3b:b9:2d:40:49:5a:0c:96:bd:5b:dd:ab:fa:87:90:
         24:b7:d4:4f:ba:31:51:ee:1d:63:a2:aa:0e:97:1d:f1:b4:7e:
         e5:3d:9d:6c:e0:70:84:42:ea:27:85:ce:8c:81:d1:4c:8c:36:
         0e:26:dc:dc:e8:2f:30:89:90:0e:6a:2a:15:5d:c2:ad:a2:48:
         39:43:03:3a:5a:c1:7a:68:a4:e9:e4:4e:d0:ab:99:74:13:8c:
         7c:a9:07:7f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLj/tQgkvFI9jAJanze3I8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQxMDMxMTkxMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGM2ZjliOTBkYjQ5MzgxMDY0MTRjMjdmNGQ0ZDQyZTJlMGRlODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iuJuQea2FyenrHz11aAJbbFjDkh
JS45N5Ehe2M2vsArgp0xORZtAM6qDda+vthWTfjQNACyw1Vti/xnDxRjqabPAkLP
ui+2hLxhlzB2uzHUxE28m27ZWbZ3SWDUCcNUkl13w27LvuG8Q1+JNVuEfgwXWMug
3e7i7NdcXnWU1oEsjoECtPspMOp9w5n5B93Zm9tNk+uTR5ZS8TE6BtQNKcO3llfF
waTv2D8En3FLWoJ80vtLCnJOloBcggtKy5PbKj8qAuyeCe07ucOIboZwFWoXEJ/d
rW/0aiU4bBjCGoCvaLn+Y2ZLdmPSce/r4Ky8ySL7QfpM0/LMWLsx728HSQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIjG+bkNtJOBBkFMJ/TU1C4uDeiNMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvaU1iNXVRMjBrNEVHUVV3bjlOVFVMaTRONkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHiga8w
DQYJKoZIhvcNAQELBQADggEBAK6A0XA9A8EHgZcfYb92OhVNaj8uQG2SfUBBccoj
64sQOP7drRQbW0zifNLjAvOZffOVfJTAdnDL4dnSk56d0VIIlQVoHOk7BVX37dwP
5HxQ/MsY3bw5AzrIq/YYndEycuChLUAn0MPBKfe5hJ63hNA/UP6fC874EqGSXw8k
twKtnHgRHm0lG6fvIjlvPtUpJ14rkhA2iR+8xey6frpXA8hhlRJR3ju5LUBJWgyW
vVvdq/qHkCS31E+6MVHuHWOiqg6XHfG0fuU9nWzgcIRC6ieFzoyB0UyMNg4m3Nzo
LzCJkA5qKhVdwq2iSDlDAzpawXpopOnkTtCrmXQTjHypB38=
-----END CERTIFICATE-----