Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/4zP__4uQSZ8j6yK5CBbWB2Vz0bY.roa
File:                     4zP__4uQSZ8j6yK5CBbWB2Vz0bY.roa (raw, json)
Hash identifier:          NlYjy+dzxgyFp+jPFaxlLNArsEnlS/0Aqg7GNy+Otxs=
Subject key identifier:   E3:33:FF:FF:8B:90:49:9F:23:EB:22:B9:08:16:D6:07:65:73:D1:B6
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0193070002A5CB5EF994D34314E4DC5CDC51
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/4zP__4uQSZ8j6yK5CBbWB2Vz0bY.roa
Signing time:             Thu 07 Nov 2024 14:21:01 +0000
ROA not before:           Thu 07 Nov 2024 14:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215569
IP address blocks:        2a07:2486:4010::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:00:02:a5:cb:5e:f9:94:d3:43:14:e4:dc:5c:dc:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Nov  7 14:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e333ffff8b90499f23eb22b90816d6076573d1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:84:a1:c2:af:31:8c:4b:a4:c7:38:08:a7:b8:
                    35:e5:77:3a:1f:3d:f2:cd:a8:2e:8f:51:1a:70:33:
                    03:c7:fe:b1:40:58:c9:1b:10:43:ec:59:7a:61:9e:
                    40:a2:40:3b:de:8e:12:a9:dc:dd:16:5d:11:25:12:
                    ed:ff:7c:bc:a6:49:f6:61:3f:64:0f:f8:f6:4b:cb:
                    f2:2d:16:0d:7f:5b:8d:48:60:66:cc:cc:31:a0:fa:
                    a0:ce:f6:0f:e2:c4:73:ec:de:4e:79:bb:9a:05:da:
                    54:2a:ed:9e:d0:09:b8:f9:09:73:45:94:b6:7a:de:
                    a3:38:85:c7:63:44:ac:1d:ef:69:2b:84:e9:36:fc:
                    45:ef:be:14:dc:d4:7e:54:8e:93:58:91:c9:fd:30:
                    fa:ac:32:86:2c:31:78:50:f9:4d:dd:69:55:58:ed:
                    56:26:f4:ba:60:da:6c:77:37:24:ca:55:bc:24:04:
                    57:62:e0:22:8f:54:ab:ae:05:52:d3:0c:f3:6f:30:
                    df:20:2e:c3:49:46:59:3b:37:2c:23:b1:b8:54:e0:
                    80:96:dc:03:e5:d9:76:54:45:de:e9:60:8b:0f:05:
                    a5:54:f6:94:da:84:3c:7d:51:3e:5d:91:d3:e2:76:
                    a3:e6:f6:22:7a:63:5c:64:d7:f7:6b:7a:33:5f:d7:
                    41:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:33:FF:FF:8B:90:49:9F:23:EB:22:B9:08:16:D6:07:65:73:D1:B6
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/4zP__4uQSZ8j6yK5CBbWB2Vz0bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:4010::/44

    Signature Algorithm: sha256WithRSAEncryption
         44:33:2e:7d:31:96:c5:c3:cf:82:16:ec:6c:eb:28:55:1f:a9:
         46:cf:dc:ac:6f:ad:ad:69:dc:e7:c2:d6:9a:7e:5d:0f:2b:42:
         39:23:37:4b:4b:5c:84:80:cb:98:e5:bd:48:f2:82:b6:ef:f3:
         b6:81:47:e4:22:5c:17:7a:f4:b3:22:58:52:64:58:05:b1:7e:
         a3:d8:07:06:3a:e1:23:e8:40:43:99:6c:7b:37:3f:3e:8c:01:
         9c:84:06:bd:73:7e:3d:e1:39:db:db:5a:5c:26:83:06:e1:15:
         21:9b:ee:7d:81:4d:24:a7:92:75:0f:bf:9d:15:c4:dc:c1:57:
         2a:33:d8:84:12:88:28:d5:ec:79:35:b6:e2:b7:30:bd:77:8c:
         c9:7c:8b:a9:14:d1:f7:64:ab:6a:77:71:1e:20:94:8c:0d:e9:
         ec:0f:0a:0a:a2:8b:1d:71:50:1d:d7:1a:1e:b9:70:bc:e0:ac:
         0a:35:af:34:59:30:62:e4:81:67:7d:17:6d:7b:1e:46:c7:bb:
         72:8c:6c:ab:c1:86:cb:2e:95:c3:07:d1:a7:ab:a1:74:f7:f5:
         99:23:f2:94:3b:26:9a:46:34:59:e9:43:93:4d:ea:1f:f6:48:
         4c:ae:41:f3:33:ad:f0:93:1f:5f:71:6f:99:28:87:c4:4e:9b:
         11:39:54:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMHAAKly175lNNDFOTcXNxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQxMTA3MTQyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzMzZmZmZjhiOTA0OTlmMjNlYjIyYjkwODE2ZDYwNzY1NzNkMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoShwq8xjEukxzgIp7g15Xc6Hz3y
zaguj1EacDMDx/6xQFjJGxBD7Fl6YZ5AokA73o4SqdzdFl0RJRLt/3y8pkn2YT9k
D/j2S8vyLRYNf1uNSGBmzMwxoPqgzvYP4sRz7N5OebuaBdpUKu2e0Am4+QlzRZS2
et6jOIXHY0SsHe9pK4TpNvxF774U3NR+VI6TWJHJ/TD6rDKGLDF4UPlN3WlVWO1W
JvS6YNpsdzckylW8JARXYuAij1SrrgVS0wzzbzDfIC7DSUZZOzcsI7G4VOCAltwD
5dl2VEXe6WCLDwWlVPaU2oQ8fVE+XZHT4naj5vYiemNcZNf3a3ozX9dBZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOMz//+LkEmfI+siuQgW1gdlc9G2MB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvNHpQX180dVFTWjhqNnlLNUNCYldCMlZ6MGJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgckhkAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBEMy59MZbFw8+CFuxs6yhVH6lGz9ysb62tadzn
wtaafl0PK0I5IzdLS1yEgMuY5b1I8oK27/O2gUfkIlwXevSzIlhSZFgFsX6j2AcG
OuEj6EBDmWx7Nz8+jAGchAa9c3494Tnb21pcJoMG4RUhm+59gU0kp5J1D7+dFcTc
wVcqM9iEEogo1ex5NbbitzC9d4zJfIupFNH3ZKtqd3EeIJSMDensDwoKoosdcVAd
1xoeuXC84KwKNa80WTBi5IFnfRdtex5Gx7tyjGyrwYbLLpXDB9Gnq6F09/WZI/KU
OyaaRjRZ6UOTTeof9khMrkHzM63wkx9fcW+ZKIfETpsROVTQ
-----END CERTIFICATE-----