Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/d661d4-c624-4a0c-9069-352cfc369ef3/1/ERx1XzlXZQWj6buYsUPFsHOjIdk.roa
File:                     ERx1XzlXZQWj6buYsUPFsHOjIdk.roa (raw, json)
Hash identifier:          s2Fu8Eq/ZShz2M5PVPY/Fg/6fS0rFwDgr2hOw+Hjj7M=
Subject key identifier:   11:1C:75:5F:39:57:65:05:A3:E9:BB:98:B1:43:C5:B0:73:A3:21:D9
Certificate issuer:       /CN=47e5d333dad9d62d5328d12578a31def42af8f34
Certificate serial:       018DEB1E4E8273A431DE6B11A0775A9CC596
Authority key identifier: 47:E5:D3:33:DA:D9:D6:2D:53:28:D1:25:78:A3:1D:EF:42:AF:8F:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-XTM9rZ1i1TKNEleKMd70KvjzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/d661d4-c624-4a0c-9069-352cfc369ef3/1/ERx1XzlXZQWj6buYsUPFsHOjIdk.roa
Signing time:             Tue 27 Feb 2024 15:10:48 +0000
ROA not before:           Tue 27 Feb 2024 15:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198432
IP address blocks:        2a00:e9c0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/d661d4-c624-4a0c-9069-352cfc369ef3/1/R-XTM9rZ1i1TKNEleKMd70KvjzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/d661d4-c624-4a0c-9069-352cfc369ef3/1/R-XTM9rZ1i1TKNEleKMd70KvjzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-XTM9rZ1i1TKNEleKMd70KvjzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:1e:4e:82:73:a4:31:de:6b:11:a0:77:5a:9c:c5:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e5d333dad9d62d5328d12578a31def42af8f34
        Validity
            Not Before: Feb 27 15:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=111c755f39576505a3e9bb98b143c5b073a321d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:09:e4:31:0e:9b:12:e0:db:31:53:89:c4:16:
                    44:f2:04:83:f1:41:eb:da:f1:e5:77:4c:e1:72:19:
                    9b:ce:aa:1e:18:74:b6:ff:d1:d9:74:94:67:9c:10:
                    44:f5:ec:76:38:31:4e:04:d5:f5:e3:9a:ba:14:1e:
                    4d:12:2a:89:eb:dc:c4:5c:0c:0f:3a:ce:69:f1:d7:
                    6d:f0:73:ea:79:e8:85:43:c7:ff:c5:b7:4b:29:25:
                    0b:c0:7d:f8:60:44:57:4e:55:6c:72:d4:0a:8e:4e:
                    d5:dc:18:c2:f1:35:70:7d:37:92:30:63:ea:52:d6:
                    c8:ee:40:db:3f:91:1f:b4:c1:21:72:a9:91:e4:7d:
                    6f:26:b7:3c:d4:ea:b4:f0:d0:f1:41:ea:2c:9f:a6:
                    ca:e7:24:b9:8c:74:42:47:c9:3c:78:17:72:cf:eb:
                    91:06:1b:b7:06:05:a2:7f:05:ee:18:21:5a:4c:62:
                    2c:f0:9f:ba:f3:7b:7f:61:b6:8d:4a:f0:2a:8a:46:
                    b4:23:4d:8d:e5:ec:93:f6:e3:6e:22:a6:ba:54:94:
                    b7:c7:91:77:ad:00:fd:8b:52:c0:d0:43:9e:9f:a0:
                    5b:10:ab:6e:e2:2a:29:59:e4:78:a8:bf:63:c9:f4:
                    02:da:ff:08:c4:4f:b7:89:8b:eb:b5:be:f6:af:5c:
                    71:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1C:75:5F:39:57:65:05:A3:E9:BB:98:B1:43:C5:B0:73:A3:21:D9
            X509v3 Authority Key Identifier:
                keyid:47:E5:D3:33:DA:D9:D6:2D:53:28:D1:25:78:A3:1D:EF:42:AF:8F:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-XTM9rZ1i1TKNEleKMd70KvjzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/d661d4-c624-4a0c-9069-352cfc369ef3/1/ERx1XzlXZQWj6buYsUPFsHOjIdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/d661d4-c624-4a0c-9069-352cfc369ef3/1/R-XTM9rZ1i1TKNEleKMd70KvjzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:e9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:9d:4e:cf:c3:89:a9:02:c7:40:99:4a:88:dd:31:5c:82:29:
         ef:7c:b4:ff:ca:f0:0f:59:87:f4:91:a2:d9:02:d3:9f:25:4c:
         63:2a:d5:2e:f9:f6:53:0d:e1:e6:ed:1d:fa:51:f7:1e:cf:4b:
         83:c1:2f:52:7a:9f:0c:41:fe:7c:b2:a5:9d:c2:10:19:c2:2d:
         f1:6d:c5:7d:83:72:9f:df:52:eb:d8:c4:d3:2f:0b:98:5b:31:
         ff:3a:23:09:05:e7:94:ed:99:02:77:06:e3:1b:03:cb:54:c5:
         10:6e:c7:24:6f:9e:0a:05:22:70:66:df:18:4e:a1:90:de:2c:
         c1:3c:a5:a0:65:85:6c:9f:cb:9c:37:c0:19:64:3b:ce:24:9c:
         5f:73:b9:85:63:00:ec:a2:af:9b:7e:d5:ba:51:84:46:6a:20:
         fc:1d:75:72:67:c5:b4:6c:d8:e5:5f:b5:e1:72:d8:3a:44:f1:
         97:9a:6b:1c:40:dd:de:96:a2:7b:41:4e:64:5f:67:59:a0:3c:
         af:e1:b5:ee:9c:6d:36:d5:41:f1:db:90:1b:f0:d7:0a:21:b2:
         fc:e0:49:bd:ec:47:14:aa:0f:45:40:61:d2:db:2b:34:56:ae:
         1b:8c:ac:16:19:95:92:d1:cc:a4:f0:1b:b9:9a:5c:73:1d:e4:
         fd:50:13:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3rHk6Cc6Qx3msRoHdanMWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTVkMzMzZGFkOWQ2MmQ1MzI4ZDEyNTc4YTMxZGVmNDJh
ZjhmMzQwHhcNMjQwMjI3MTUxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFjNzU1ZjM5NTc2NTA1YTNlOWJiOThiMTQzYzViMDczYTMyMWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAnkMQ6bEuDbMVOJxBZE8gSD8UHr
2vHld0zhchmbzqoeGHS2/9HZdJRnnBBE9ex2ODFOBNX145q6FB5NEiqJ69zEXAwP
Os5p8ddt8HPqeeiFQ8f/xbdLKSULwH34YERXTlVsctQKjk7V3BjC8TVwfTeSMGPq
UtbI7kDbP5EftMEhcqmR5H1vJrc81Oq08NDxQeosn6bK5yS5jHRCR8k8eBdyz+uR
Bhu3BgWifwXuGCFaTGIs8J+683t/YbaNSvAqika0I02N5eyT9uNuIqa6VJS3x5F3
rQD9i1LA0EOen6BbEKtu4iopWeR4qL9jyfQC2v8IxE+3iYvrtb72r1xxdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBEcdV85V2UFo+m7mLFDxbBzoyHZMB8GA1UdIwQY
MBaAFEfl0zPa2dYtUyjRJXijHe9Cr480MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1YVE05cloxaTFUS05FbGVLTWQ3MEt2anpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kNjYxZDQtYzYyNC00YTBjLTkwNjkt
MzUyY2ZjMzY5ZWYzLzEvRVJ4MVh6bFhaUVdqNmJ1WXNVUEZzSE9qSWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kNjYxZDQtYzYyNC00YTBjLTkwNjktMzUyY2ZjMzY5ZWYz
LzEvUi1YVE05cloxaTFUS05FbGVLTWQ3MEt2anpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgDpwDAN
BgkqhkiG9w0BAQsFAAOCAQEALp1Oz8OJqQLHQJlKiN0xXIIp73y0/8rwD1mH9JGi
2QLTnyVMYyrVLvn2Uw3h5u0d+lH3Hs9Lg8EvUnqfDEH+fLKlncIQGcIt8W3FfYNy
n99S69jE0y8LmFsx/zojCQXnlO2ZAncG4xsDy1TFEG7HJG+eCgUicGbfGE6hkN4s
wTyloGWFbJ/LnDfAGWQ7ziScX3O5hWMA7KKvm37VulGERmog/B11cmfFtGzY5V+1
4XLYOkTxl5prHEDd3paie0FOZF9nWaA8r+G17pxtNtVB8duQG/DXCiGy/OBJvexH
FKoPRUBh0tsrNFauG4ysFhmVktHMpPAbuZpccx3k/VATqw==
-----END CERTIFICATE-----