Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Apd4Z5osBONUblvC46FP9euDvNU.roa
File:                     Apd4Z5osBONUblvC46FP9euDvNU.roa (raw, json)
Hash identifier:          PxaeVr3HqFchzRrdNp6XIS1XW8Agxk6O6oCsqgay0UY=
Subject key identifier:   02:97:78:67:9A:2C:04:E3:54:6E:5B:C2:E3:A1:4F:F5:EB:83:BC:D5
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0192BBB4E68622D48F7E484F717E407BD181
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Apd4Z5osBONUblvC46FP9euDvNU.roa
Signing time:             Wed 23 Oct 2024 23:27:27 +0000
ROA not before:           Wed 23 Oct 2024 23:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44331
IP address blocks:        2a07:2486:fe0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bb:b4:e6:86:22:d4:8f:7e:48:4f:71:7e:40:7b:d1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Oct 23 23:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=029778679a2c04e3546e5bc2e3a14ff5eb83bcd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3f:2c:ae:8a:7c:c7:99:0f:0b:87:e3:cc:f1:
                    1d:93:cf:91:01:15:46:68:4b:a0:2f:80:c6:0b:f0:
                    3b:ff:56:14:4c:02:70:0c:05:57:6c:0b:1d:2b:40:
                    6b:ae:69:e0:3c:c2:92:ec:bc:22:5c:25:81:31:fe:
                    4a:38:d6:d1:d6:31:74:74:29:2e:49:5c:81:fd:a2:
                    16:98:10:df:ae:18:cd:17:dd:2f:82:b1:66:33:34:
                    c5:49:e4:50:d9:ef:22:17:7e:96:54:96:37:69:ca:
                    87:01:c7:52:a4:03:b8:ac:bb:15:b7:02:e1:4e:5c:
                    ef:61:77:6d:f8:92:bd:d7:6b:d1:3e:38:e2:6e:e6:
                    b8:98:af:29:de:be:72:f9:32:46:7b:8a:74:ce:d3:
                    4d:37:a4:2b:6d:ac:0c:fb:da:91:55:bf:15:b8:6f:
                    8d:de:19:c0:ee:f9:c8:0c:46:8c:a8:95:f6:2a:e5:
                    a5:94:79:87:13:20:47:8d:19:10:28:8c:43:d9:7d:
                    19:eb:bf:23:a7:fd:43:9a:dd:a4:b6:b6:cf:5f:39:
                    62:83:2d:e8:7d:c0:cf:40:11:a1:ce:2b:7b:d4:92:
                    41:9d:c1:d4:2f:0e:70:9f:cb:95:4b:f4:3b:ec:36:
                    75:f0:80:e9:ba:0d:40:b1:22:8d:a8:a0:27:4a:47:
                    ef:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:97:78:67:9A:2C:04:E3:54:6E:5B:C2:E3:A1:4F:F5:EB:83:BC:D5
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Apd4Z5osBONUblvC46FP9euDvNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:fe0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a5:df:fe:05:1d:5d:b9:a3:78:9f:e9:c7:31:e8:01:ad:14:cd:
         d9:44:e0:ac:a3:06:dc:ee:c9:36:6b:60:6f:79:cb:91:06:6e:
         2d:e0:5b:59:fc:5a:de:96:05:89:45:f5:2b:3d:43:9b:e6:be:
         20:73:7d:a0:b5:c0:e4:a9:5c:51:72:21:fe:e4:27:57:2a:6d:
         94:4b:2a:11:e7:2e:ce:77:69:e2:b7:c5:72:ef:42:0e:c0:50:
         dd:5a:5c:85:f6:5c:11:66:35:dc:b4:83:80:2f:c2:6e:d9:38:
         79:0e:21:7b:a0:4d:1a:49:4c:07:66:46:eb:cb:95:b1:c3:2b:
         81:7e:d7:25:80:01:f3:05:b3:e5:74:fb:3e:e2:f3:fb:5f:4a:
         e5:e0:0c:bb:a7:14:e0:82:60:f4:db:3c:2c:69:92:f3:80:0a:
         54:5c:42:6d:b2:51:85:f3:5b:8d:53:bd:d9:e6:f0:fa:3f:3a:
         4e:60:fe:79:e2:76:c0:ac:aa:05:dd:40:3f:39:ea:bc:d0:f1:
         3e:af:1d:15:23:f8:13:05:95:18:fb:9c:2b:c5:3d:c3:f1:02:
         e9:7a:41:2b:bf:63:94:70:e8:23:7d:7a:81:43:df:21:4d:5d:
         71:77:3e:7e:92:23:db:9d:33:e0:fd:7d:8c:f4:03:01:18:e2:
         4e:ed:ed:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZK7tOaGItSPfkhPcX5Ae9GBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQxMDIzMjMyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjk3Nzg2NzlhMmMwNGUzNTQ2ZTViYzJlM2ExNGZmNWViODNiY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D8srop8x5kPC4fjzPEdk8+RARVG
aEugL4DGC/A7/1YUTAJwDAVXbAsdK0BrrmngPMKS7LwiXCWBMf5KONbR1jF0dCku
SVyB/aIWmBDfrhjNF90vgrFmMzTFSeRQ2e8iF36WVJY3acqHAcdSpAO4rLsVtwLh
TlzvYXdt+JK912vRPjjibua4mK8p3r5y+TJGe4p0ztNNN6QrbawM+9qRVb8VuG+N
3hnA7vnIDEaMqJX2KuWllHmHEyBHjRkQKIxD2X0Z678jp/1Dmt2ktrbPXzligy3o
fcDPQBGhzit71JJBncHULw5wn8uVS/Q77DZ18IDpug1AsSKNqKAnSkfvHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAKXeGeaLATjVG5bwuOhT/Xrg7zVMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvQXBkNFo1b3NCT05VYmx2QzQ2RlA5ZXVEdk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgckhg/g
MA0GCSqGSIb3DQEBCwUAA4IBAQCl3/4FHV25o3if6ccx6AGtFM3ZROCsowbc7sk2
a2BvecuRBm4t4FtZ/FrelgWJRfUrPUOb5r4gc32gtcDkqVxRciH+5CdXKm2USyoR
5y7Od2nit8Vy70IOwFDdWlyF9lwRZjXctIOAL8Ju2Th5DiF7oE0aSUwHZkbry5Wx
wyuBftclgAHzBbPldPs+4vP7X0rl4Ay7pxTggmD02zwsaZLzgApUXEJtslGF81uN
U73Z5vD6PzpOYP554nbArKoF3UA/Oeq80PE+rx0VI/gTBZUY+5wrxT3D8QLpekEr
v2OUcOgjfXqBQ98hTV1xdz5+kiPbnTPg/X2M9AMBGOJO7e1/
-----END CERTIFICATE-----