Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/29a0dc-20af-437e-9870-3669d1b569d6/1/ewkeOmYYBWffoFxrP2v9jNguk9Y.roa
File:                     ewkeOmYYBWffoFxrP2v9jNguk9Y.roa (raw, json)
Hash identifier:          yVe7ZeA00qaTJzzbvV9N4om3DOwCbW5zqK1gJzo07Rs=
Subject key identifier:   7B:09:1E:3A:66:18:05:67:DF:A0:5C:6B:3F:6B:FD:8C:D8:2E:93:D6
Certificate issuer:       /CN=87210b34ce002e30a0a54fabfa2bcac46dfa7228
Certificate serial:       019083B3366623623D75172631B5B61E0452
Authority key identifier: 87:21:0B:34:CE:00:2E:30:A0:A5:4F:AB:FA:2B:CA:C4:6D:FA:72:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hyELNM4ALjCgpU-r-ivKxG36cig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/29a0dc-20af-437e-9870-3669d1b569d6/1/ewkeOmYYBWffoFxrP2v9jNguk9Y.roa
Signing time:             Fri 05 Jul 2024 16:21:18 +0000
ROA not before:           Fri 05 Jul 2024 16:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50304
IP address blocks:        2a05:a00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/29a0dc-20af-437e-9870-3669d1b569d6/1/hyELNM4ALjCgpU-r-ivKxG36cig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/29a0dc-20af-437e-9870-3669d1b569d6/1/hyELNM4ALjCgpU-r-ivKxG36cig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hyELNM4ALjCgpU-r-ivKxG36cig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:83:b3:36:66:23:62:3d:75:17:26:31:b5:b6:1e:04:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87210b34ce002e30a0a54fabfa2bcac46dfa7228
        Validity
            Not Before: Jul  5 16:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b091e3a66180567dfa05c6b3f6bfd8cd82e93d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1e:45:8b:30:9c:1f:01:01:69:a9:b3:b4:fe:
                    bc:1c:29:30:07:34:4e:1a:f5:ac:9c:b7:e3:6b:a3:
                    bd:30:5e:37:76:ed:17:9c:cc:81:c3:a4:f6:ba:12:
                    20:ac:7f:4c:3f:be:bc:41:8f:c8:df:c3:3a:b2:03:
                    a7:34:74:30:5f:4c:42:df:e8:47:93:bd:9c:14:28:
                    84:ac:58:26:16:1f:92:98:79:76:6f:c7:b7:09:7e:
                    cf:c2:db:10:5b:16:3a:1c:fc:3c:7e:63:1a:ef:fc:
                    0d:ff:26:26:f7:88:ef:46:84:fa:61:74:c2:fe:75:
                    a8:2a:c8:e8:c8:ad:be:8a:ac:6d:99:fc:a4:df:ba:
                    b5:c4:14:bc:fe:69:b7:0c:87:f3:43:f2:da:fc:85:
                    00:61:1b:67:be:75:9e:44:2f:89:2d:41:78:65:32:
                    09:88:e2:29:42:0b:2d:84:30:6e:bc:bf:b0:35:0f:
                    33:09:5a:0e:b6:a6:63:fb:bf:63:ed:f3:83:ff:cb:
                    6a:11:72:ec:dc:8d:e7:5b:a5:4d:05:b4:9b:d2:68:
                    86:b1:0c:64:b2:45:51:e5:0d:86:c4:25:67:4d:7d:
                    7c:fa:38:04:d5:ed:ab:2d:4f:39:ac:45:73:d7:1f:
                    b5:f0:ba:97:5c:4d:17:11:b6:52:53:d1:3f:e3:da:
                    61:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:09:1E:3A:66:18:05:67:DF:A0:5C:6B:3F:6B:FD:8C:D8:2E:93:D6
            X509v3 Authority Key Identifier:
                keyid:87:21:0B:34:CE:00:2E:30:A0:A5:4F:AB:FA:2B:CA:C4:6D:FA:72:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hyELNM4ALjCgpU-r-ivKxG36cig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/29a0dc-20af-437e-9870-3669d1b569d6/1/ewkeOmYYBWffoFxrP2v9jNguk9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/29a0dc-20af-437e-9870-3669d1b569d6/1/hyELNM4ALjCgpU-r-ivKxG36cig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:a8:84:6d:1e:a4:d9:59:8f:0d:39:d6:d9:81:1b:82:1a:7f:
         a3:0a:65:d9:fb:7b:3a:b9:a8:e3:b1:ff:3d:0f:19:35:4a:fe:
         a8:e3:8b:9c:18:63:17:11:54:38:84:39:5b:dc:39:0e:ca:ea:
         52:4e:48:d0:21:ab:68:46:a8:d7:d0:2f:6e:0b:2f:d9:e4:2b:
         9b:a5:55:50:38:ac:63:47:52:0c:e0:83:c7:5b:3f:cd:42:c6:
         87:96:79:79:6f:03:51:c1:5d:a9:2b:79:1f:0b:8f:48:74:28:
         3f:97:94:74:d4:dd:ce:b5:99:5d:a5:7f:d7:7a:c0:ce:0d:e8:
         c9:6c:75:a4:b7:b4:63:dc:7f:1c:a3:5a:6b:fe:f9:a1:7d:93:
         39:41:de:81:31:c1:6a:95:82:fa:97:14:23:26:e2:6e:14:98:
         59:0f:11:ed:87:5b:f4:90:76:1b:f9:f2:a4:58:12:3d:76:7d:
         09:86:c5:4b:16:90:ef:0a:aa:f9:2e:50:9c:7b:a7:9e:23:59:
         2f:45:ff:16:5b:ba:bd:67:68:b1:80:9e:3e:4d:a4:bc:74:29:
         56:c4:ac:16:35:52:93:2a:87:4e:1b:ae:eb:b8:1c:ad:b7:f0:
         6a:3c:ed:cd:7a:e5:e2:4b:16:6d:ee:d5:5b:71:27:18:87:48:
         66:30:8d:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCDszZmI2I9dRcmMbW2HgRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MjEwYjM0Y2UwMDJlMzBhMGE1NGZhYmZhMmJjYWM0NmRm
YTcyMjgwHhcNMjQwNzA1MTYyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjA5MWUzYTY2MTgwNTY3ZGZhMDVjNmIzZjZiZmQ4Y2Q4MmU5M2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB5FizCcHwEBaamztP68HCkwBzRO
GvWsnLfja6O9MF43du0XnMyBw6T2uhIgrH9MP768QY/I38M6sgOnNHQwX0xC3+hH
k72cFCiErFgmFh+SmHl2b8e3CX7PwtsQWxY6HPw8fmMa7/wN/yYm94jvRoT6YXTC
/nWoKsjoyK2+iqxtmfyk37q1xBS8/mm3DIfzQ/La/IUAYRtnvnWeRC+JLUF4ZTIJ
iOIpQgsthDBuvL+wNQ8zCVoOtqZj+79j7fOD/8tqEXLs3I3nW6VNBbSb0miGsQxk
skVR5Q2GxCVnTX18+jgE1e2rLU85rEVz1x+18LqXXE0XEbZSU9E/49phdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHsJHjpmGAVn36Bcaz9r/YzYLpPWMB8GA1UdIwQY
MBaAFIchCzTOAC4woKVPq/orysRt+nIoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHlFTE5NNEFMakNncFUtci1pdkt4RzM2Y2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yOWEwZGMtMjBhZi00MzdlLTk4NzAt
MzY2OWQxYjU2OWQ2LzEvZXdrZU9tWVlCV2Zmb0Z4clAydjlqTmd1azlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yOWEwZGMtMjBhZi00MzdlLTk4NzAtMzY2OWQxYjU2OWQ2
LzEvaHlFTE5NNEFMakNncFUtci1pdkt4RzM2Y2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUKADAN
BgkqhkiG9w0BAQsFAAOCAQEAdaiEbR6k2VmPDTnW2YEbghp/owpl2ft7Ormo47H/
PQ8ZNUr+qOOLnBhjFxFUOIQ5W9w5DsrqUk5I0CGraEao19Avbgsv2eQrm6VVUDis
Y0dSDOCDx1s/zULGh5Z5eW8DUcFdqSt5HwuPSHQoP5eUdNTdzrWZXaV/13rAzg3o
yWx1pLe0Y9x/HKNaa/75oX2TOUHegTHBapWC+pcUIybibhSYWQ8R7Ydb9JB2G/ny
pFgSPXZ9CYbFSxaQ7wqq+S5QnHunniNZL0X/Flu6vWdosYCePk2kvHQpVsSsFjVS
kyqHThuu67gcrbfwajztzXrl4ksWbe7VW3EnGIdIZjCNew==
-----END CERTIFICATE-----