Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/r0440OOgYbDm2291NL44unXifqE.roa
File:                     r0440OOgYbDm2291NL44unXifqE.roa (raw, json)
Hash identifier:          CpdZ32NYcnRnw9BJwLHqRPYZOpy8pzmtgE0eR77xU2k=
Subject key identifier:   AF:4E:38:D0:E3:A0:61:B0:E6:DB:6F:75:34:BE:38:BA:75:E2:7E:A1
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       019355A66BE72435AFAF5D9F0AE87769FE34
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/r0440OOgYbDm2291NL44unXifqE.roa
Signing time:             Fri 22 Nov 2024 20:53:10 +0000
ROA not before:           Fri 22 Nov 2024 20:53:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213880
IP address blocks:        2a01:e281:b200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:a6:6b:e7:24:35:af:af:5d:9f:0a:e8:77:69:fe:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Nov 22 20:53:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af4e38d0e3a061b0e6db6f7534be38ba75e27ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:71:ac:f0:90:59:06:11:82:30:e3:28:ca:b6:
                    df:da:a4:f0:68:05:d9:51:7f:5d:57:40:ef:43:c3:
                    5c:3d:b1:98:2d:68:8e:a8:8f:18:ee:42:f4:71:1b:
                    2f:53:e9:9d:89:55:c9:c3:59:e1:fc:1b:87:a4:ea:
                    2c:75:88:06:fe:6a:aa:e1:e6:d1:fb:e0:78:d1:ae:
                    4b:8c:b8:41:a6:4b:32:87:8d:64:98:c8:a3:00:8d:
                    3c:cb:01:c4:b5:57:c8:47:8d:46:84:91:7c:87:7c:
                    14:c7:25:86:9a:4c:2d:1c:b2:ee:18:39:32:98:32:
                    d4:cc:15:63:9d:f9:7a:f9:a1:1b:2d:33:78:64:e5:
                    ca:a1:ec:5b:33:7a:6f:6b:ac:39:3e:25:f3:c2:52:
                    59:7d:23:c9:83:30:17:01:b5:d8:a7:31:ec:d7:b0:
                    97:e6:d8:96:53:4e:6e:29:8b:c2:0b:b7:9e:c1:34:
                    ce:10:26:2c:45:78:ab:02:3b:5b:c4:8b:34:66:5e:
                    e7:21:22:0e:97:7f:db:84:05:8a:ac:41:fb:bd:22:
                    48:d5:1d:63:e3:c0:22:2e:44:bf:72:68:dd:ef:a7:
                    8f:21:7f:b7:da:fa:d4:af:22:a9:3e:86:1e:f0:2e:
                    09:ab:81:6e:10:a7:f3:4a:6f:32:f1:e6:bc:11:c7:
                    1b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4E:38:D0:E3:A0:61:B0:E6:DB:6F:75:34:BE:38:BA:75:E2:7E:A1
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/r0440OOgYbDm2291NL44unXifqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:b200::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:02:fb:5e:64:82:dc:88:2f:c3:09:51:83:7c:5e:98:1c:6a:
         34:59:c6:30:cb:a0:52:01:b1:ab:34:4a:c6:40:f7:7b:87:41:
         ea:8d:50:a9:a4:8f:ba:e5:ed:e0:44:93:2b:93:95:52:63:fb:
         32:c3:bb:dc:14:66:ab:30:29:5f:4a:ff:75:e2:a7:41:fb:a6:
         2b:ef:01:cd:93:13:97:64:bc:14:1f:e2:91:38:43:3b:78:1d:
         17:8f:3c:ca:34:23:a0:c9:35:00:d2:31:00:54:5e:99:76:0e:
         a5:81:e2:59:10:b2:ed:e4:a5:d6:78:35:64:a6:31:4f:84:26:
         00:db:8a:a3:91:64:79:b9:63:10:d1:4b:0d:99:58:95:de:51:
         32:97:76:af:72:96:c6:1a:09:10:e3:c3:e1:19:4e:a9:e9:bb:
         6c:32:b9:a8:4b:7d:92:00:eb:80:ac:6a:e4:c7:75:d0:d5:55:
         86:8e:a1:c8:84:00:e0:95:48:73:a7:b6:ca:3e:4d:11:8b:a5:
         11:e3:fb:6e:b0:58:28:00:61:1a:b5:a0:86:e4:a9:8d:ec:62:
         b3:45:c1:a8:17:05:28:d3:63:c3:8a:29:39:67:79:f8:02:29:
         cc:4b:d0:1a:9d:37:80:60:9e:28:fa:71:0d:41:3a:71:de:9c:
         f6:dd:4d:f6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZNVpmvnJDWvr12fCuh3af40MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQxMTIyMjA1MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjRlMzhkMGUzYTA2MWIwZTZkYjZmNzUzNGJlMzhiYTc1ZTI3ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXGs8JBZBhGCMOMoyrbf2qTwaAXZ
UX9dV0DvQ8NcPbGYLWiOqI8Y7kL0cRsvU+mdiVXJw1nh/BuHpOosdYgG/mqq4ebR
++B40a5LjLhBpksyh41kmMijAI08ywHEtVfIR41GhJF8h3wUxyWGmkwtHLLuGDky
mDLUzBVjnfl6+aEbLTN4ZOXKoexbM3pva6w5PiXzwlJZfSPJgzAXAbXYpzHs17CX
5tiWU05uKYvCC7eewTTOECYsRXirAjtbxIs0Zl7nISIOl3/bhAWKrEH7vSJI1R1j
48AiLkS/cmjd76ePIX+32vrUryKpPoYe8C4Jq4FuEKfzSm8y8ea8EccbmwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK9OONDjoGGw5ttvdTS+OLp14n6hMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvcjA0NDBPT2dZYkRtMjI5MU5MNDR1blhpZnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigbIw
DQYJKoZIhvcNAQELBQADggEBAKgC+15kgtyIL8MJUYN8XpgcajRZxjDLoFIBsas0
SsZA93uHQeqNUKmkj7rl7eBEkyuTlVJj+zLDu9wUZqswKV9K/3Xip0H7pivvAc2T
E5dkvBQf4pE4Qzt4HRePPMo0I6DJNQDSMQBUXpl2DqWB4lkQsu3kpdZ4NWSmMU+E
JgDbiqORZHm5YxDRSw2ZWJXeUTKXdq9ylsYaCRDjw+EZTqnpu2wyuahLfZIA64Cs
auTHddDVVYaOociEAOCVSHOntso+TRGLpRHj+26wWCgAYRq1oIbkqY3sYrNFwagX
BSjTY8OKKTlnefgCKcxL0BqdN4Bgnij6cQ1BOnHenPbdTfY=
-----END CERTIFICATE-----