Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/CXk2PtExMvkwFzrqDXHHCqVDX48.roa
File:                     CXk2PtExMvkwFzrqDXHHCqVDX48.roa (raw, json)
Hash identifier:          ZWbV6lgQ159b9sPLHrzv7ZnoRVB1KSh6RpiJuaYA0/w=
Subject key identifier:   09:79:36:3E:D1:31:32:F9:30:17:3A:EA:0D:71:C7:0A:A5:43:5F:8F
Certificate issuer:       /CN=65a665b90069bd71850602e7400c529793269e39
Certificate serial:       01933637DA150E66FBC5B183713A05094941
Authority key identifier: 65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/CXk2PtExMvkwFzrqDXHHCqVDX48.roa
Signing time:             Sat 16 Nov 2024 18:24:10 +0000
ROA not before:           Sat 16 Nov 2024 18:24:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57027
IP address blocks:        2a09:2b80:2::/48 maxlen: 48
                          2a09:2b80:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:36:37:da:15:0e:66:fb:c5:b1:83:71:3a:05:09:49:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65a665b90069bd71850602e7400c529793269e39
        Validity
            Not Before: Nov 16 18:24:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0979363ed13132f930173aea0d71c70aa5435f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d2:f3:61:f4:5f:74:02:39:ca:00:81:46:0b:
                    af:0e:52:87:17:36:d6:6a:c5:c6:84:c2:4d:fe:f5:
                    15:26:31:28:79:21:b7:30:24:c6:c4:87:e6:7e:27:
                    85:f4:76:a1:3c:e7:35:aa:45:f5:86:3f:ee:c1:47:
                    2d:52:0a:36:6d:e4:24:82:60:a2:41:02:17:16:a5:
                    c6:71:a0:4f:2a:a3:3b:26:59:1e:7a:df:94:74:c2:
                    53:c2:0e:75:8f:55:be:6b:13:73:4e:90:d0:1f:22:
                    21:bd:71:f4:bc:91:32:e4:5d:90:22:e8:e3:a2:85:
                    ae:04:45:6f:8b:db:c5:8b:2c:85:d6:f2:9c:b9:84:
                    d8:23:7b:d0:6b:86:cd:0d:c4:54:59:cc:4e:65:f1:
                    14:87:f6:be:07:5d:bf:64:ce:b8:42:22:9c:ac:61:
                    80:6a:57:0e:76:bf:91:01:ca:8e:da:29:b6:31:8d:
                    b5:73:de:05:4c:97:48:ea:08:d5:90:d8:ee:5f:c6:
                    8d:e1:4c:8c:79:0a:c2:02:f8:bc:f1:10:9b:c4:03:
                    19:2e:b8:43:b2:a7:d7:e7:df:ae:88:47:d7:04:91:
                    13:39:11:80:5b:77:4f:80:0b:37:22:41:a2:0a:44:
                    57:fd:0c:9a:fb:81:1b:ae:74:96:92:52:17:4a:74:
                    22:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:79:36:3E:D1:31:32:F9:30:17:3A:EA:0D:71:C7:0A:A5:43:5F:8F
            X509v3 Authority Key Identifier:
                keyid:65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/CXk2PtExMvkwFzrqDXHHCqVDX48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:2b80:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         a4:b6:45:99:b8:25:40:99:22:ee:ee:19:3f:b3:28:f7:7d:8a:
         8d:c4:b2:f4:00:b6:60:8f:19:01:19:08:62:78:19:17:dc:2c:
         c1:fe:e9:d6:83:1b:16:05:ee:ca:b9:47:62:d8:7d:44:48:ea:
         fd:21:28:7f:f4:4b:b3:55:61:39:72:75:15:2d:58:9a:25:98:
         28:e3:87:bd:7c:cd:85:05:bd:92:2d:e2:61:72:57:b2:81:45:
         c4:69:ca:2f:5f:74:b5:c2:0a:32:e9:4c:c6:80:77:cf:ae:8e:
         af:8b:31:ac:42:4d:7e:63:65:4d:f5:e5:f4:16:e0:5a:93:aa:
         f8:40:01:7f:45:22:81:bd:40:f7:ef:4a:12:de:b4:bd:8c:f5:
         e4:11:89:b2:cb:52:5e:f5:66:e1:f1:a8:7d:78:99:a0:0c:cb:
         a7:54:5e:71:14:97:49:49:41:18:cd:1b:4c:e3:34:b1:54:ad:
         62:53:bf:d9:1a:75:4f:fd:ac:d7:bb:a9:1d:f4:f4:45:3d:92:
         11:f6:2b:4c:4a:aa:e6:a9:8c:a9:18:82:91:aa:0e:0f:21:3d:
         96:1a:a4:d8:0a:7a:7d:a1:70:09:f9:ee:e5:4b:8c:f9:b0:d1:
         ae:2d:4f:58:af:b5:2f:af:a5:02:c2:a7:3b:98:17:9e:7c:88:
         9f:1d:78:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZM2N9oVDmb7xbGDcToFCUlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTY2NWI5MDA2OWJkNzE4NTA2MDJlNzQwMGM1Mjk3OTMy
NjllMzkwHhcNMjQxMTE2MTgyNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTc5MzYzZWQxMzEzMmY5MzAxNzNhZWEwZDcxYzcwYWE1NDM1ZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNLzYfRfdAI5ygCBRguvDlKHFzbW
asXGhMJN/vUVJjEoeSG3MCTGxIfmfieF9HahPOc1qkX1hj/uwUctUgo2beQkgmCi
QQIXFqXGcaBPKqM7Jlkeet+UdMJTwg51j1W+axNzTpDQHyIhvXH0vJEy5F2QIujj
ooWuBEVvi9vFiyyF1vKcuYTYI3vQa4bNDcRUWcxOZfEUh/a+B12/ZM64QiKcrGGA
alcOdr+RAcqO2im2MY21c94FTJdI6gjVkNjuX8aN4UyMeQrCAvi88RCbxAMZLrhD
sqfX59+uiEfXBJETORGAW3dPgAs3IkGiCkRX/Qya+4EbrnSWklIXSnQi8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAl5Nj7RMTL5MBc66g1xxwqlQ1+PMB8GA1UdIwQY
MBaAFGWmZbkAab1xhQYC50AMUpeTJp45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjct
Yzk0NTdlYzgxMTUxLzEvQ1hrMlB0RXhNdmt3RnpycURYSEhDcVZEWDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjctYzk0NTdlYzgxMTUx
LzEvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgkrgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCktkWZuCVAmSLu7hk/syj3fYqNxLL0ALZgjxkB
GQhieBkX3CzB/unWgxsWBe7KuUdi2H1ESOr9ISh/9EuzVWE5cnUVLViaJZgo44e9
fM2FBb2SLeJhcleygUXEacovX3S1wgoy6UzGgHfPro6vizGsQk1+Y2VN9eX0FuBa
k6r4QAF/RSKBvUD370oS3rS9jPXkEYmyy1Je9Wbh8ah9eJmgDMunVF5xFJdJSUEY
zRtM4zSxVK1iU7/ZGnVP/azXu6kd9PRFPZIR9itMSqrmqYypGIKRqg4PIT2WGqTY
Cnp9oXAJ+e7lS4z5sNGuLU9Yr7Uvr6UCwqc7mBeefIifHXgY
-----END CERTIFICATE-----