Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/rb5WaVK7ZimrNSUOJv8wEGb18f0.roa
File:                     rb5WaVK7ZimrNSUOJv8wEGb18f0.roa (raw, json)
Hash identifier:          g5XYxcTP8DA9mgA8mve6qv7vZVAMmltuxo2yKM70qpM=
Subject key identifier:   AD:BE:56:69:52:BB:66:29:AB:35:25:0E:26:FF:30:10:66:F5:F1:FD
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       0192B8329BAD7FB7017872866CF3746F361A
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/rb5WaVK7ZimrNSUOJv8wEGb18f0.roa
Signing time:             Wed 23 Oct 2024 07:06:17 +0000
ROA not before:           Wed 23 Oct 2024 07:06:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137182
IP address blocks:        2a0f:4280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:32:9b:ad:7f:b7:01:78:72:86:6c:f3:74:6f:36:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Oct 23 07:06:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adbe566952bb6629ab35250e26ff301066f5f1fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d4:e2:66:c7:1c:2d:3b:5a:f9:63:36:31:c7:
                    bd:a9:8a:11:d4:a7:2f:a3:55:2e:1f:60:21:9d:8a:
                    ca:49:42:9f:45:60:6b:1e:8a:af:8c:4c:c3:ce:93:
                    52:32:d1:92:cf:a1:1c:d7:90:77:c2:d0:9d:24:bb:
                    d1:9e:00:09:f8:62:b2:67:8b:3a:23:1a:c3:7a:a6:
                    be:60:3a:8f:bf:05:ac:e2:d9:69:36:9b:3b:5f:f9:
                    3e:9d:6b:de:4a:6c:2b:7d:7f:85:cf:56:05:b3:9d:
                    52:1e:c3:47:7b:7d:99:c3:83:4b:a9:f2:4c:bc:4f:
                    c1:27:5d:9c:73:36:6b:a7:c5:c1:bc:bc:1b:79:3b:
                    1f:a9:81:ee:76:1e:9a:66:66:68:07:1b:d8:40:13:
                    2a:cd:52:f0:bd:08:a6:e6:24:69:cf:08:cb:37:75:
                    c5:41:7c:28:52:10:ab:5d:ac:57:da:23:a3:17:df:
                    d6:49:ed:cc:30:fc:28:94:e4:55:29:4d:e8:39:f1:
                    70:90:11:b3:a5:51:6d:5a:99:df:f2:93:cf:b2:33:
                    ee:32:3c:36:49:37:d3:16:c5:f9:65:26:29:88:30:
                    7b:3c:14:4f:14:9f:91:7e:50:07:6d:26:b9:4d:57:
                    dc:45:0b:19:96:a8:31:56:8a:8c:86:62:2f:f5:69:
                    45:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:BE:56:69:52:BB:66:29:AB:35:25:0E:26:FF:30:10:66:F5:F1:FD
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/rb5WaVK7ZimrNSUOJv8wEGb18f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:0c:cc:22:14:ae:ef:b4:95:0b:28:6b:9b:71:fd:8f:6d:09:
         5c:38:aa:e2:fe:fa:c1:86:84:17:1c:52:98:44:35:bd:e2:25:
         11:25:7c:9c:a0:26:8f:4c:33:04:c1:95:16:d1:83:dd:e6:8a:
         d8:b9:5b:54:6e:a8:10:fd:cd:da:30:25:ed:fd:86:0c:8a:3e:
         b6:50:69:67:35:b9:00:bd:db:6c:63:bd:5b:e2:2e:f0:b9:9d:
         0e:e6:30:5a:71:6f:44:3c:65:e5:c5:be:63:fc:df:66:95:53:
         29:4c:f8:c1:6b:01:6d:16:c7:80:79:32:da:ef:94:89:6d:72:
         b1:a2:95:5e:f4:4d:1f:b9:8c:12:fc:54:b4:77:be:07:d7:f9:
         05:74:3f:11:66:25:f1:fd:17:13:f0:f9:97:bf:5a:ae:e0:c5:
         73:c8:4f:88:34:0a:61:f5:1b:02:ec:e7:12:af:3f:fe:5f:11:
         6e:b8:c8:50:96:82:09:28:9c:6f:61:8e:d7:42:76:e7:fd:74:
         83:a1:3a:2c:86:6e:4e:f7:31:af:74:88:8a:df:21:10:b9:20:
         83:ac:2b:17:3c:89:8d:30:cd:82:9f:a4:20:2d:d0:cd:2b:22:
         d9:b6:81:68:70:c4:62:15:d0:46:b4:df:9b:02:76:4e:9a:92:
         66:ce:44:ff
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZK4Mputf7cBeHKGbPN0bzYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjQxMDIzMDcwNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGJlNTY2OTUyYmI2NjI5YWIzNTI1MGUyNmZmMzAxMDY2ZjVmMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tTiZsccLTta+WM2Mce9qYoR1Kcv
o1UuH2AhnYrKSUKfRWBrHoqvjEzDzpNSMtGSz6Ec15B3wtCdJLvRngAJ+GKyZ4s6
IxrDeqa+YDqPvwWs4tlpNps7X/k+nWveSmwrfX+Fz1YFs51SHsNHe32Zw4NLqfJM
vE/BJ12cczZrp8XBvLwbeTsfqYHudh6aZmZoBxvYQBMqzVLwvQim5iRpzwjLN3XF
QXwoUhCrXaxX2iOjF9/WSe3MMPwolORVKU3oOfFwkBGzpVFtWpnf8pPPsjPuMjw2
STfTFsX5ZSYpiDB7PBRPFJ+RflAHbSa5TVfcRQsZlqgxVoqMhmIv9WlFKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK2+VmlSu2YpqzUlDib/MBBm9fH9MB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvcmI1V2FWSzdaaW1yTlNVT0p2OHdFR2IxOGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg9CgDAN
BgkqhkiG9w0BAQsFAAOCAQEARgzMIhSu77SVCyhrm3H9j20JXDiq4v76wYaEFxxS
mEQ1veIlESV8nKAmj0wzBMGVFtGD3eaK2LlbVG6oEP3N2jAl7f2GDIo+tlBpZzW5
AL3bbGO9W+Iu8LmdDuYwWnFvRDxl5cW+Y/zfZpVTKUz4wWsBbRbHgHky2u+UiW1y
saKVXvRNH7mMEvxUtHe+B9f5BXQ/EWYl8f0XE/D5l79aruDFc8hPiDQKYfUbAuzn
Eq8//l8RbrjIUJaCCSicb2GO10J25/10g6E6LIZuTvcxr3SIit8hELkgg6wrFzyJ
jTDNgp+kIC3QzSsi2baBaHDEYhXQRrTfmwJ2TpqSZs5E/w==
-----END CERTIFICATE-----