Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/H3oVaqQs5_HVrRSYblIwZjepqpQ.roa
File:                     H3oVaqQs5_HVrRSYblIwZjepqpQ.roa (raw, json)
Hash identifier:          9r/wciq7XtsIl56rI1CdtpEUukQUuuUvB5/5NaNncYk=
Subject key identifier:   1F:7A:15:6A:A4:2C:E7:F1:D5:AD:14:98:6E:52:30:66:37:A9:AA:94
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       0192E4F51B881F0DCAE318E5B412056258F1
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/H3oVaqQs5_HVrRSYblIwZjepqpQ.roa
Signing time:             Thu 31 Oct 2024 23:42:01 +0000
ROA not before:           Thu 31 Oct 2024 23:42:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59449
IP address blocks:        2a07:2486:ef1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e4:f5:1b:88:1f:0d:ca:e3:18:e5:b4:12:05:62:58:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Oct 31 23:42:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f7a156aa42ce7f1d5ad14986e52306637a9aa94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:54:39:7c:32:f5:99:a1:59:0e:da:2b:bd:2e:
                    14:03:3a:68:67:e8:e8:ae:5a:1a:87:b5:de:e2:3b:
                    07:08:e5:b8:bc:8c:84:16:33:18:94:18:2e:95:73:
                    b1:85:d3:d8:c4:62:46:38:f1:f7:b2:be:41:eb:68:
                    61:f2:4a:56:95:28:25:8d:4e:60:25:cc:66:b2:c9:
                    74:3d:0f:10:2e:b3:ca:bd:3c:24:d0:14:4e:f9:ad:
                    4a:05:26:03:5f:a7:d4:bd:d5:5b:6d:d2:03:0e:88:
                    f7:61:a9:21:76:a7:e5:cf:06:a6:82:9a:63:95:be:
                    64:e4:4a:8d:ce:23:2e:a1:1c:4e:ff:75:e7:fc:dc:
                    95:a8:10:15:41:50:53:68:92:e7:7d:3d:bb:4b:cc:
                    7e:e0:39:ca:6f:cd:24:56:86:e3:03:30:32:48:c6:
                    5d:6d:96:35:2a:27:49:18:fc:b8:23:35:c6:df:f3:
                    f0:67:34:2e:af:27:3a:4e:44:7e:8b:d8:1f:f4:20:
                    e2:8b:f6:1d:10:78:3c:c1:e5:52:f5:0c:84:c8:66:
                    cd:ca:c0:5d:25:93:bb:5a:f8:74:1e:65:00:f1:35:
                    02:57:ed:33:30:f3:22:03:dd:c3:e2:17:02:a2:a5:
                    e3:78:aa:71:55:30:da:6a:37:b8:a4:83:56:e6:89:
                    02:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7A:15:6A:A4:2C:E7:F1:D5:AD:14:98:6E:52:30:66:37:A9:AA:94
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/H3oVaqQs5_HVrRSYblIwZjepqpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:ef1::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:76:e1:68:6d:da:e1:9e:d2:77:a1:b3:54:95:3b:fa:b2:c7:
         9b:ba:b6:79:50:bd:c5:15:05:93:b0:69:80:79:fd:e0:2b:c5:
         a7:30:90:84:08:d9:45:0a:db:f4:54:59:bc:c9:c4:d5:7a:2c:
         cf:19:e5:bc:23:9a:17:ba:ec:0c:92:67:0c:c9:97:b3:5c:04:
         fd:b5:3a:8f:0f:ac:1e:fc:f4:07:76:b1:6b:13:67:36:48:b3:
         c3:01:f3:7d:e8:af:b5:05:91:e4:9c:76:f5:d6:5c:5a:eb:5e:
         56:64:d9:a3:ba:fc:46:fe:9b:8a:2b:02:2c:3b:91:37:72:49:
         84:2b:a4:d4:bc:93:fc:dc:2c:1e:63:c0:2f:3a:b2:bb:57:0f:
         e6:c7:70:40:3e:24:79:39:ed:3e:e1:4b:79:b8:65:38:f9:3b:
         23:8a:1d:41:85:51:e6:29:9c:07:ec:1b:85:6a:2f:76:0d:65:
         fb:a2:fc:ce:36:39:66:b1:a0:3d:60:c6:42:94:e1:fe:0d:2e:
         18:d4:30:47:69:06:88:25:59:b8:d5:66:66:03:7e:0c:2e:8e:
         f7:34:69:2b:d5:98:df:60:21:28:ee:63:06:b5:d7:5f:8b:d4:
         d5:23:14:de:54:51:9b:2e:73:3c:d4:62:b2:7f:a5:a0:93:88:
         bc:d0:18:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZLk9RuIHw3K4xjltBIFYljxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQxMDMxMjM0MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdhMTU2YWE0MmNlN2YxZDVhZDE0OTg2ZTUyMzA2NjM3YTlhYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVQ5fDL1maFZDtorvS4UAzpoZ+jo
rloah7Xe4jsHCOW4vIyEFjMYlBgulXOxhdPYxGJGOPH3sr5B62hh8kpWlSgljU5g
Jcxmssl0PQ8QLrPKvTwk0BRO+a1KBSYDX6fUvdVbbdIDDoj3Yakhdqflzwamgppj
lb5k5EqNziMuoRxO/3Xn/NyVqBAVQVBTaJLnfT27S8x+4DnKb80kVobjAzAySMZd
bZY1KidJGPy4IzXG3/PwZzQuryc6TkR+i9gf9CDii/YdEHg8weVS9QyEyGbNysBd
JZO7Wvh0HmUA8TUCV+0zMPMiA93D4hcCoqXjeKpxVTDaaje4pINW5okCGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB96FWqkLOfx1a0UmG5SMGY3qaqUMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvSDNvVmFxUXM1X0hWclJTWWJsSXdaamVwcXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgckhg7x
MA0GCSqGSIb3DQEBCwUAA4IBAQAoduFobdrhntJ3obNUlTv6sseburZ5UL3FFQWT
sGmAef3gK8WnMJCECNlFCtv0VFm8ycTVeizPGeW8I5oXuuwMkmcMyZezXAT9tTqP
D6we/PQHdrFrE2c2SLPDAfN96K+1BZHknHb11lxa615WZNmjuvxG/puKKwIsO5E3
ckmEK6TUvJP83CweY8AvOrK7Vw/mx3BAPiR5Oe0+4Ut5uGU4+Tsjih1BhVHmKZwH
7BuFai92DWX7ovzONjlmsaA9YMZClOH+DS4Y1DBHaQaIJVm41WZmA34MLo73NGkr
1ZjfYCEo7mMGtddfi9TVIxTeVFGbLnM81GKyf6Wgk4i80Bii
-----END CERTIFICATE-----