Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/06dd83-07dc-40fb-923f-d91dce5db93a/1/1z_CwZLMViwg2oIofdESxRMWG8o.roa
File:                     1z_CwZLMViwg2oIofdESxRMWG8o.roa (raw, json)
Hash identifier:          k8TWgxsHOJ6DB5gkZjnpYSie9ktu14ntzSwrQbjuheU=
Subject key identifier:   D7:3F:C2:C1:92:CC:56:2C:20:DA:82:28:7D:D1:12:C5:13:16:1B:CA
Certificate issuer:       /CN=053360c6e3e892db66b1df6ad47f7818e9deeb8c
Certificate serial:       0192901CFD17430DB460102E3A915E17B818
Authority key identifier: 05:33:60:C6:E3:E8:92:DB:66:B1:DF:6A:D4:7F:78:18:E9:DE:EB:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTNgxuPokttmsd9q1H94GOne64w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/06dd83-07dc-40fb-923f-d91dce5db93a/1/1z_CwZLMViwg2oIofdESxRMWG8o.roa
Signing time:             Tue 15 Oct 2024 12:17:51 +0000
ROA not before:           Tue 15 Oct 2024 12:17:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8922
IP address blocks:        2a03:e700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/06dd83-07dc-40fb-923f-d91dce5db93a/1/BTNgxuPokttmsd9q1H94GOne64w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/06dd83-07dc-40fb-923f-d91dce5db93a/1/BTNgxuPokttmsd9q1H94GOne64w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTNgxuPokttmsd9q1H94GOne64w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:90:1c:fd:17:43:0d:b4:60:10:2e:3a:91:5e:17:b8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=053360c6e3e892db66b1df6ad47f7818e9deeb8c
        Validity
            Not Before: Oct 15 12:17:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d73fc2c192cc562c20da82287dd112c513161bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f2:c5:24:71:73:c8:83:d3:be:25:3d:eb:70:
                    c3:22:d2:45:ee:f8:1b:9b:7e:c4:0a:88:b8:f9:2e:
                    e0:47:4e:72:f2:84:58:fc:97:f3:cc:c9:24:7a:07:
                    17:33:fe:40:ec:bb:e7:b7:1a:8b:d4:6b:4b:59:5f:
                    e7:0d:9c:12:98:90:88:2a:12:94:cd:f1:45:18:0a:
                    65:2b:58:c1:ba:4a:ea:89:5b:95:b8:af:92:30:71:
                    3e:09:61:b9:74:53:00:02:af:2b:e7:b6:a5:43:e1:
                    d5:9a:25:3e:81:48:bb:95:03:08:d0:0a:68:e9:c2:
                    a2:37:37:ea:c8:19:07:b7:9d:9c:17:21:cb:b4:eb:
                    24:49:16:cf:31:ee:43:04:df:43:16:4a:11:66:fd:
                    69:86:ff:2d:de:bc:2e:a4:58:6d:68:17:bf:ba:9c:
                    bd:9a:a3:dc:ab:a9:f4:dd:59:6c:37:80:b9:1a:0d:
                    4d:93:12:71:23:06:0f:35:b7:ea:1b:78:bd:81:97:
                    e3:1c:92:1e:25:02:64:88:f1:0b:ef:55:4a:a9:b3:
                    17:6c:e9:f8:6b:0f:6c:cd:b2:f5:5d:1f:17:2c:5f:
                    ef:70:c4:5f:29:ee:e5:50:82:71:69:5e:96:ce:e7:
                    96:b9:83:3a:ab:6d:51:d3:4c:6e:6c:48:20:a6:fb:
                    ea:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:3F:C2:C1:92:CC:56:2C:20:DA:82:28:7D:D1:12:C5:13:16:1B:CA
            X509v3 Authority Key Identifier:
                keyid:05:33:60:C6:E3:E8:92:DB:66:B1:DF:6A:D4:7F:78:18:E9:DE:EB:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTNgxuPokttmsd9q1H94GOne64w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/06dd83-07dc-40fb-923f-d91dce5db93a/1/1z_CwZLMViwg2oIofdESxRMWG8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/06dd83-07dc-40fb-923f-d91dce5db93a/1/BTNgxuPokttmsd9q1H94GOne64w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e700::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:c8:a9:20:81:d4:21:96:7b:cd:13:30:6c:53:c6:fc:80:da:
         b9:27:e5:bf:ef:18:b8:0b:57:bf:dd:33:18:1f:58:6d:a5:38:
         f9:bd:54:f3:4c:45:53:1f:2d:da:fa:42:fa:49:7b:ee:5c:e5:
         fa:c7:24:f6:5f:e5:b1:8f:d8:65:ff:e7:e8:71:d9:b1:b9:d7:
         38:e6:e7:80:b0:8f:78:31:80:18:61:21:c2:9c:04:94:2e:ea:
         f9:64:70:4c:47:82:c9:f3:dd:ed:b6:51:98:83:95:3a:35:0c:
         31:71:91:14:92:72:f5:64:4f:d5:40:c5:88:cd:69:57:6d:4d:
         ec:b1:20:24:d8:b7:45:3f:2b:01:f0:6d:7d:f6:d8:13:48:f5:
         b2:7a:d0:43:39:8f:59:0f:15:49:72:95:a4:4f:aa:ab:e5:5a:
         8a:20:5d:d4:31:05:97:98:15:bd:00:ec:c8:b4:82:a9:d5:5a:
         a7:77:51:60:6e:9e:64:c5:fa:91:0f:0c:e9:e4:80:b2:68:34:
         1e:fa:cb:c0:62:9b:88:f2:05:a0:b2:89:8b:a1:08:d9:3f:01:
         db:b3:6b:a7:00:17:56:88:b8:5d:66:a5:5b:31:91:73:45:9a:
         2d:50:6e:e4:08:96:5b:c1:33:00:11:61:04:f1:63:9d:1f:f0:
         36:55:c5:c5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKQHP0XQw20YBAuOpFeF7gYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzM2MGM2ZTNlODkyZGI2NmIxZGY2YWQ0N2Y3ODE4ZTlk
ZWViOGMwHhcNMjQxMDE1MTIxNzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzNmYzJjMTkyY2M1NjJjMjBkYTgyMjg3ZGQxMTJjNTEzMTYxYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPLFJHFzyIPTviU963DDItJF7vgb
m37ECoi4+S7gR05y8oRY/JfzzMkkegcXM/5A7LvntxqL1GtLWV/nDZwSmJCIKhKU
zfFFGAplK1jBukrqiVuVuK+SMHE+CWG5dFMAAq8r57alQ+HVmiU+gUi7lQMI0Apo
6cKiNzfqyBkHt52cFyHLtOskSRbPMe5DBN9DFkoRZv1phv8t3rwupFhtaBe/upy9
mqPcq6n03VlsN4C5Gg1NkxJxIwYPNbfqG3i9gZfjHJIeJQJkiPEL71VKqbMXbOn4
aw9szbL1XR8XLF/vcMRfKe7lUIJxaV6WzueWuYM6q21R00xubEggpvvqHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNc/wsGSzFYsINqCKH3REsUTFhvKMB8GA1UdIwQY
MBaAFAUzYMbj6JLbZrHfatR/eBjp3uuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlROZ3h1UG9rdHRtc2Q5cTFIOTRHT25lNjR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wNmRkODMtMDdkYy00MGZiLTkyM2Yt
ZDkxZGNlNWRiOTNhLzEvMXpfQ3daTE1WaXdnMm9Jb2ZkRVN4Uk1XRzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wNmRkODMtMDdkYy00MGZiLTkyM2YtZDkxZGNlNWRiOTNh
LzEvQlROZ3h1UG9rdHRtc2Q5cTFIOTRHT25lNjR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgPnADAN
BgkqhkiG9w0BAQsFAAOCAQEAHsipIIHUIZZ7zRMwbFPG/IDauSflv+8YuAtXv90z
GB9YbaU4+b1U80xFUx8t2vpC+kl77lzl+sck9l/lsY/YZf/n6HHZsbnXOObngLCP
eDGAGGEhwpwElC7q+WRwTEeCyfPd7bZRmIOVOjUMMXGRFJJy9WRP1UDFiM1pV21N
7LEgJNi3RT8rAfBtffbYE0j1snrQQzmPWQ8VSXKVpE+qq+VaiiBd1DEFl5gVvQDs
yLSCqdVap3dRYG6eZMX6kQ8M6eSAsmg0HvrLwGKbiPIFoLKJi6EI2T8B27NrpwAX
Voi4XWalWzGRc0WaLVBu5AiWW8EzABFhBPFjnR/wNlXFxQ==
-----END CERTIFICATE-----