Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/E9WoaL1vVaHzhBviWkVstqo1n9I.roa
File:                     E9WoaL1vVaHzhBviWkVstqo1n9I.roa (raw, json)
Hash identifier:          G6f/87dvVoIoUaWlU+VirNxZUQI+ZMbjkYgu+7Oja8A=
Subject key identifier:   13:D5:A8:68:BD:6F:55:A1:F3:84:1B:E2:5A:45:6C:B6:AA:35:9F:D2
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0192D975035426B736FCF0455E67C29D327C
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/E9WoaL1vVaHzhBviWkVstqo1n9I.roa
Signing time:             Tue 29 Oct 2024 18:06:17 +0000
ROA not before:           Tue 29 Oct 2024 18:06:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15626
IP address blocks:        130.0.232.0/21 maxlen: 21
                          2a02:c6c1:c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:75:03:54:26:b7:36:fc:f0:45:5e:67:c2:9d:32:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Oct 29 18:06:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13d5a868bd6f55a1f3841be25a456cb6aa359fd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:08:11:13:7b:b5:41:25:53:1a:51:98:b6:a8:
                    96:df:df:5a:ea:b0:bc:ef:1e:f2:d6:63:f4:b4:2d:
                    49:db:de:b8:4f:b3:77:07:ec:25:cb:8b:cd:04:e9:
                    38:87:de:c1:84:9b:42:57:b5:28:db:d4:85:27:de:
                    03:f8:92:39:1b:ad:ef:16:26:e4:d1:ea:53:43:d2:
                    59:ec:7d:e4:4f:58:bf:12:fc:6d:9b:09:4f:81:4c:
                    21:45:99:43:74:f7:f3:73:3a:33:89:b5:db:5d:52:
                    b9:0d:4b:96:1a:e2:9d:54:32:33:10:09:91:b0:08:
                    3e:55:d0:91:e2:64:e6:64:7f:5d:37:10:18:ba:08:
                    06:48:63:3d:49:13:6b:78:b4:03:06:1d:ea:c1:f2:
                    84:2b:d5:92:14:87:c5:24:f1:1a:fb:b2:dd:b7:42:
                    e6:9f:42:d7:76:1c:49:6d:48:45:a5:47:c9:8e:ef:
                    0f:20:40:ca:f8:b9:60:d0:68:bc:d8:c0:0c:b7:75:
                    d8:d6:80:97:75:1c:94:ba:6b:5c:57:98:e7:fd:85:
                    e5:72:34:4b:d4:c1:44:9d:3b:d6:74:9c:72:7b:0b:
                    b6:65:aa:5d:28:c1:42:e9:6d:54:af:b4:3f:81:a7:
                    03:7b:41:7e:74:38:f9:65:e7:e8:04:92:96:7c:dc:
                    c2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D5:A8:68:BD:6F:55:A1:F3:84:1B:E2:5A:45:6C:B6:AA:35:9F:D2
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/E9WoaL1vVaHzhBviWkVstqo1n9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.0.232.0/21
                IPv6:
                  2a02:c6c1:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:97:29:4e:52:35:75:ae:1b:08:8c:01:34:fb:6d:97:c6:00:
         de:13:84:95:a6:2c:ec:f3:c6:5e:44:64:15:a0:f4:ca:1d:28:
         83:36:74:e9:10:28:98:fa:82:9a:81:ae:11:98:f1:7d:e2:4e:
         1c:8f:80:11:0e:f0:35:f8:40:8c:f9:15:bb:b3:e5:28:ab:5e:
         0b:85:88:22:07:40:d5:54:4e:ff:bc:e4:c2:c9:14:3a:3c:a2:
         04:ca:c5:f3:c1:0e:7d:de:4b:ef:14:25:3a:3f:1d:fa:2b:24:
         a1:29:b1:1f:65:9b:ea:15:1d:e4:e5:03:7d:fb:82:a2:9e:03:
         6f:04:63:65:99:c3:0f:e1:c7:d7:a7:27:b1:c0:14:f8:3b:44:
         f4:f5:6c:44:f7:87:ef:75:b1:4d:b4:a2:1f:98:7a:c0:2b:fb:
         bc:84:ec:36:c8:76:dc:fa:2b:12:35:5f:af:74:a4:6e:b8:3c:
         6b:56:09:cc:f7:7d:64:b8:bb:3b:24:73:39:1c:c4:54:69:45:
         20:7a:f1:61:34:78:7b:b6:a0:55:fd:cd:0c:66:e3:1b:b1:90:
         b6:89:88:62:8c:f1:55:9a:c7:9d:78:c8:e3:e1:e4:dc:bf:ae:
         67:59:fa:c3:92:a8:54:17:10:b2:f5:ee:37:14:32:8a:81:a2:
         72:3d:25:00
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZLZdQNUJrc2/PBFXmfCnTJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjQxMDI5MTgwNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2Q1YTg2OGJkNmY1NWExZjM4NDFiZTI1YTQ1NmNiNmFhMzU5ZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ggRE3u1QSVTGlGYtqiW399a6rC8
7x7y1mP0tC1J2964T7N3B+wly4vNBOk4h97BhJtCV7Uo29SFJ94D+JI5G63vFibk
0epTQ9JZ7H3kT1i/EvxtmwlPgUwhRZlDdPfzczozibXbXVK5DUuWGuKdVDIzEAmR
sAg+VdCR4mTmZH9dNxAYuggGSGM9SRNreLQDBh3qwfKEK9WSFIfFJPEa+7Ldt0Lm
n0LXdhxJbUhFpUfJju8PIEDK+Llg0Gi82MAMt3XY1oCXdRyUumtcV5jn/YXlcjRL
1MFEnTvWdJxyewu2ZapdKMFC6W1Ur7Q/gacDe0F+dDj5ZefoBJKWfNzCtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBPVqGi9b1Wh84Qb4lpFbLaqNZ/SMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvRTlXb2FMMXZWYUh6aEJ2aVdrVnN0cW8xbjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDggDoMA8E
AgACMAkDBwAqAsbBAAwwDQYJKoZIhvcNAQELBQADggEBAH6XKU5SNXWuGwiMATT7
bZfGAN4ThJWmLOzzxl5EZBWg9ModKIM2dOkQKJj6gpqBrhGY8X3iThyPgBEO8DX4
QIz5Fbuz5SirXguFiCIHQNVUTv+85MLJFDo8ogTKxfPBDn3eS+8UJTo/HforJKEp
sR9lm+oVHeTlA337gqKeA28EY2WZww/hx9enJ7HAFPg7RPT1bET3h+91sU20oh+Y
esAr+7yE7DbIdtz6KxI1X690pG64PGtWCcz3fWS4uzskczkcxFRpRSB68WE0eHu2
oFX9zQxm4xuxkLaJiGKM8VWax514yOPh5Ny/rmdZ+sOSqFQXELL17jcUMoqBonI9
JQA=
-----END CERTIFICATE-----