Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/BR5gUHYse1PV3zFunX0dUfVGp5Q.roa
File:                     BR5gUHYse1PV3zFunX0dUfVGp5Q.roa (raw, json)
Hash identifier:          4ziilHYeM9qcuuQsoA85F0+Dxl59SnP6+8UPYr7bPEU=
Subject key identifier:   05:1E:60:50:76:2C:7B:53:D5:DF:31:6E:9D:7D:1D:51:F5:46:A7:94
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       019306EF87DDC6F1D08918376CDEC3F2A58A
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/BR5gUHYse1PV3zFunX0dUfVGp5Q.roa
Signing time:             Thu 07 Nov 2024 14:03:01 +0000
ROA not before:           Thu 07 Nov 2024 14:03:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213915
IP address blocks:        2a07:2486:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:06:ef:87:dd:c6:f1:d0:89:18:37:6c:de:c3:f2:a5:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Nov  7 14:03:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=051e6050762c7b53d5df316e9d7d1d51f546a794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3c:da:3d:c2:d8:f0:ee:aa:4c:11:e3:c7:96:
                    55:60:05:ed:5f:a2:c8:05:c2:c6:dd:2a:ed:64:d1:
                    6a:e2:89:6e:29:3f:93:61:02:7b:dd:f8:5d:de:1b:
                    59:8c:b2:6b:77:ed:77:cf:b6:88:9b:9f:8b:14:ae:
                    70:1c:12:7b:13:ea:5b:8b:f1:52:93:0a:40:3c:12:
                    e3:3c:2f:fc:c9:e9:c1:21:08:e8:ea:3f:83:f6:2a:
                    49:83:39:99:3b:19:17:be:0e:b0:c6:da:af:a3:d1:
                    df:d5:e0:fa:80:b0:8b:e2:a5:7c:07:2a:62:7b:1f:
                    26:c4:73:05:14:e4:ca:ed:f3:9f:82:bc:f4:28:fc:
                    c1:ce:f3:38:46:1f:ae:8c:96:97:1a:30:2c:68:d5:
                    7d:3b:48:04:52:83:6a:ca:91:11:63:41:92:f4:a5:
                    a0:39:9b:47:ca:07:e6:5a:0d:2d:56:04:e8:88:3a:
                    5e:a6:8b:91:c9:9a:ff:d9:34:76:57:5f:71:c6:62:
                    db:01:f6:5a:34:3b:97:e0:60:29:5c:4a:a6:20:10:
                    3b:ce:9c:61:eb:d2:61:26:6a:0d:ab:c4:f9:03:b6:
                    51:04:79:8c:b2:64:0f:09:4a:30:fa:5b:87:31:f9:
                    36:b3:90:ef:51:44:20:53:e9:5c:37:8a:fa:9c:0b:
                    68:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1E:60:50:76:2C:7B:53:D5:DF:31:6E:9D:7D:1D:51:F5:46:A7:94
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/BR5gUHYse1PV3zFunX0dUfVGp5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:33:c7:29:00:38:18:84:cb:0c:54:37:65:00:23:db:83:a4:
         a7:25:58:86:fe:5a:3c:e0:7b:14:5e:e5:30:08:0e:e6:0a:7e:
         39:8a:0a:6a:6c:c5:1c:34:46:c3:e2:3c:ed:b0:a1:13:b8:c0:
         72:fc:32:de:71:fb:06:28:26:89:bc:d7:d9:87:0c:b3:ea:d6:
         72:93:ce:d9:4e:37:8c:48:0a:e4:2c:1d:17:c2:b9:97:10:eb:
         cd:81:8f:32:0e:07:4e:a8:d6:9f:ec:b9:ad:38:02:9b:eb:e4:
         ee:af:dc:7e:97:15:c7:87:d8:74:55:00:8d:1f:8c:db:8b:a0:
         c5:fa:b4:62:eb:fc:b7:de:02:bc:a6:9b:24:a9:1d:2b:8b:04:
         b2:06:6d:e1:cd:54:c9:ac:07:0f:c4:c1:15:fd:62:e2:fa:2b:
         c1:de:9e:37:48:18:81:7d:44:46:57:a6:d7:f2:32:fb:d8:6a:
         d7:b9:f9:bb:8c:90:82:28:68:08:11:19:0e:c3:16:16:7a:51:
         0b:6c:12:0a:d2:36:cc:51:8f:12:15:1e:93:54:04:ea:d1:e2:
         8e:e2:ba:e8:f0:39:2d:70:30:4d:63:f4:92:bc:f5:dd:03:9f:
         a2:05:bd:01:ba:d5:3f:6a:68:9e:14:b4:b2:f4:50:01:ba:ee:
         bf:e8:5d:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMG74fdxvHQiRg3bN7D8qWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQxMTA3MTQwMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFlNjA1MDc2MmM3YjUzZDVkZjMxNmU5ZDdkMWQ1MWY1NDZhNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojzaPcLY8O6qTBHjx5ZVYAXtX6LI
BcLG3SrtZNFq4oluKT+TYQJ73fhd3htZjLJrd+13z7aIm5+LFK5wHBJ7E+pbi/FS
kwpAPBLjPC/8yenBIQjo6j+D9ipJgzmZOxkXvg6wxtqvo9Hf1eD6gLCL4qV8Bypi
ex8mxHMFFOTK7fOfgrz0KPzBzvM4Rh+ujJaXGjAsaNV9O0gEUoNqypERY0GS9KWg
OZtHygfmWg0tVgToiDpepouRyZr/2TR2V19xxmLbAfZaNDuX4GApXEqmIBA7zpxh
69JhJmoNq8T5A7ZRBHmMsmQPCUow+luHMfk2s5DvUUQgU+lcN4r6nAtoIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAUeYFB2LHtT1d8xbp19HVH1RqeUMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvQlI1Z1VIWXNlMVBWM3pGdW5YMGRVZlZHcDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgckhgAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCzM8cpADgYhMsMVDdlACPbg6SnJViG/lo84HsU
XuUwCA7mCn45igpqbMUcNEbD4jztsKETuMBy/DLecfsGKCaJvNfZhwyz6tZyk87Z
TjeMSArkLB0XwrmXEOvNgY8yDgdOqNaf7LmtOAKb6+Tur9x+lxXHh9h0VQCNH4zb
i6DF+rRi6/y33gK8ppskqR0riwSyBm3hzVTJrAcPxMEV/WLi+ivB3p43SBiBfURG
V6bX8jL72GrXufm7jJCCKGgIERkOwxYWelELbBIK0jbMUY8SFR6TVATq0eKO4rro
8DktcDBNY/SSvPXdA5+iBb0ButU/amieFLSy9FABuu6/6F0f
-----END CERTIFICATE-----