Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/SPjMOcatIriwG8jzX9WAn1LH01w.roa
File:                     SPjMOcatIriwG8jzX9WAn1LH01w.roa (raw, json)
Hash identifier:          5cK8u/+FtfuPWImV9OoLr78JaKsuWpZPrdZmPyrE+1k=
Subject key identifier:   48:F8:CC:39:C6:AD:22:B8:B0:1B:C8:F3:5F:D5:80:9F:52:C7:D3:5C
Certificate issuer:       /CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
Certificate serial:       01935559832A24DD7AE69E96FA516FD8DE66
Authority key identifier: B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/SPjMOcatIriwG8jzX9WAn1LH01w.roa
Signing time:             Fri 22 Nov 2024 19:29:09 +0000
ROA not before:           Fri 22 Nov 2024 19:29:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215568
IP address blocks:        2a01:ef40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:59:83:2a:24:dd:7a:e6:9e:96:fa:51:6f:d8:de:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
        Validity
            Not Before: Nov 22 19:29:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48f8cc39c6ad22b8b01bc8f35fd5809f52c7d35c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f2:1a:25:e8:45:4d:18:26:a0:42:ce:ec:a3:
                    d1:35:2e:d0:a6:cd:f4:49:b8:76:53:10:80:d7:19:
                    66:f7:96:d5:0a:4b:a0:0e:52:49:58:37:87:79:a8:
                    00:bb:5e:90:63:c1:80:aa:f2:aa:42:98:26:fc:b9:
                    87:10:e1:2b:79:03:3c:a5:f6:a6:29:3d:82:7e:f2:
                    e4:c0:5a:3b:e2:b2:22:b9:71:c9:f1:aa:c4:9b:fb:
                    f7:04:91:04:f2:fe:11:81:ca:9d:c4:55:2e:f9:8c:
                    45:7d:83:7e:97:37:1f:b0:43:25:b1:a0:c3:2b:73:
                    46:f3:73:17:f3:b6:7f:4d:88:cd:43:2a:06:03:17:
                    71:63:5c:1c:2a:b7:8c:6d:8a:7d:53:17:de:7f:3e:
                    1a:cf:56:11:90:61:e0:7c:6e:a8:64:34:76:60:1e:
                    11:8a:8a:c8:ed:cb:7a:98:83:cb:71:af:65:82:af:
                    55:4e:8a:cd:bb:ec:fa:ba:08:bc:4b:07:5e:f7:66:
                    b3:cb:8d:ef:85:32:20:d1:9c:34:3a:8f:ff:1d:1d:
                    df:0c:37:7d:6d:76:92:58:76:95:54:0e:d8:3b:27:
                    10:29:58:53:10:0e:b6:29:a1:e7:79:20:0a:fc:da:
                    c0:29:d6:9c:d0:b9:28:ba:2e:e3:de:6e:0b:79:e4:
                    d5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:F8:CC:39:C6:AD:22:B8:B0:1B:C8:F3:5F:D5:80:9F:52:C7:D3:5C
            X509v3 Authority Key Identifier:
                keyid:B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/SPjMOcatIriwG8jzX9WAn1LH01w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ef40::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:8e:e2:fa:22:ae:c8:89:15:3e:47:c8:b6:19:38:59:9c:0e:
         f7:a9:74:c2:a0:8e:77:83:f2:b9:c9:dc:f5:48:23:5e:66:02:
         a6:d7:05:5c:c3:d3:08:a8:02:a5:d5:ff:f1:63:aa:e7:b8:77:
         8e:f7:9e:e7:ef:a9:a0:87:6d:3a:4c:82:27:88:2a:c1:d8:8a:
         9e:96:bb:2a:d0:f2:47:8c:a9:98:72:35:e3:a1:7d:21:bb:90:
         0a:3a:98:1f:53:51:9b:72:e0:43:1f:34:52:0a:49:34:35:af:
         51:76:41:06:3f:28:bf:e4:fb:3b:46:fe:bc:79:61:d5:1a:53:
         cf:3c:d5:2e:2d:9a:33:86:f8:e8:ee:6e:eb:5c:48:ce:d6:e5:
         eb:ac:e4:e3:b5:c4:bf:f4:cf:a5:c7:d5:9a:5c:82:48:c9:fe:
         55:2b:0d:fa:84:d7:a4:38:55:23:88:6c:67:66:86:bd:2c:4b:
         c0:79:df:95:fb:ce:73:f3:f4:d8:3d:1a:f1:c5:9a:d7:12:26:
         f7:8f:2b:19:2a:a4:13:32:c3:6e:60:85:52:68:bb:00:db:c1:
         f5:87:64:21:87:95:6d:3d:88:d1:2a:ed:47:ca:bc:9c:4d:6c:
         ff:b4:d7:22:74:97:21:c1:5c:06:ed:31:e8:77:9d:58:02:77:
         32:c1:3c:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNVWYMqJN165p6W+lFv2N5mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjc0ZTgyMmYzODc2ZDI3ZGVhZWQ1ZjY2ZGJlOWMxYTQy
MmViMTYwHhcNMjQxMTIyMTkyOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGY4Y2MzOWM2YWQyMmI4YjAxYmM4ZjM1ZmQ1ODA5ZjUyYzdkMzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfIaJehFTRgmoELO7KPRNS7Qps30
Sbh2UxCA1xlm95bVCkugDlJJWDeHeagAu16QY8GAqvKqQpgm/LmHEOEreQM8pfam
KT2CfvLkwFo74rIiuXHJ8arEm/v3BJEE8v4RgcqdxFUu+YxFfYN+lzcfsEMlsaDD
K3NG83MX87Z/TYjNQyoGAxdxY1wcKreMbYp9Uxfefz4az1YRkGHgfG6oZDR2YB4R
iorI7ct6mIPLca9lgq9VTorNu+z6ugi8Swde92azy43vhTIg0Zw0Oo//HR3fDDd9
bXaSWHaVVA7YOycQKVhTEA62KaHneSAK/NrAKdac0Lkoui7j3m4LeeTVgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEj4zDnGrSK4sBvI81/VgJ9Sx9NcMB8GA1UdIwQY
MBaAFLNnToIvOHbSfertX2bb6cGkIusWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzkt
ZjhmMDhmZTY0ODM4LzEvU1BqTU9jYXRJcml3Rzhqelg5V0FuMUxIMDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzktZjhmMDhmZTY0ODM4
LzEvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHvQDAN
BgkqhkiG9w0BAQsFAAOCAQEAkY7i+iKuyIkVPkfIthk4WZwO96l0wqCOd4Pyucnc
9UgjXmYCptcFXMPTCKgCpdX/8WOq57h3jvee5++poIdtOkyCJ4gqwdiKnpa7KtDy
R4ypmHI146F9IbuQCjqYH1NRm3LgQx80UgpJNDWvUXZBBj8ov+T7O0b+vHlh1RpT
zzzVLi2aM4b46O5u61xIztbl66zk47XEv/TPpcfVmlyCSMn+VSsN+oTXpDhVI4hs
Z2aGvSxLwHnflfvOc/P02D0a8cWa1xIm948rGSqkEzLDbmCFUmi7ANvB9YdkIYeV
bT2I0SrtR8q8nE1s/7TXInSXIcFcBu0x6HedWAJ3MsE8zg==
-----END CERTIFICATE-----