Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/21c61a-d6b1-4aca-9782-97348336f33a/1/enFtVXBgaMGQa9qKqE10tuuEhsI.roa
File:                     enFtVXBgaMGQa9qKqE10tuuEhsI.roa (raw, json)
Hash identifier:          VD2QLK351g8/KsLYp3dyFuA4p3rSIpQzQGNcDGlU4B0=
Subject key identifier:   7A:71:6D:55:70:60:68:C1:90:6B:DA:8A:A8:4D:74:B6:EB:84:86:C2
Certificate issuer:       /CN=315955c4af3eb1a8d3400a86625e365c26298d6a
Certificate serial:       019288BBA536E25060E8F680908C42DE8B56
Authority key identifier: 31:59:55:C4:AF:3E:B1:A8:D3:40:0A:86:62:5E:36:5C:26:29:8D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MVlVxK8-sajTQAqGYl42XCYpjWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/21c61a-d6b1-4aca-9782-97348336f33a/1/enFtVXBgaMGQa9qKqE10tuuEhsI.roa
Signing time:             Mon 14 Oct 2024 01:54:11 +0000
ROA not before:           Mon 14 Oct 2024 01:54:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214390
IP address blocks:        2a0f:3400:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/21c61a-d6b1-4aca-9782-97348336f33a/1/MVlVxK8-sajTQAqGYl42XCYpjWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/21c61a-d6b1-4aca-9782-97348336f33a/1/MVlVxK8-sajTQAqGYl42XCYpjWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MVlVxK8-sajTQAqGYl42XCYpjWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:88:bb:a5:36:e2:50:60:e8:f6:80:90:8c:42:de:8b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=315955c4af3eb1a8d3400a86625e365c26298d6a
        Validity
            Not Before: Oct 14 01:54:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a716d55706068c1906bda8aa84d74b6eb8486c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ad:f9:49:fd:b5:53:ea:9a:ca:47:b1:ff:ed:
                    d4:4d:f7:6d:b9:52:3d:66:9d:5f:bb:b2:4d:a6:29:
                    92:74:b1:93:5b:de:6c:53:44:2d:aa:55:94:7b:c6:
                    97:29:8a:e8:9d:b8:dd:76:71:5d:08:27:bd:2f:43:
                    06:e0:af:cc:b0:17:e3:a6:8a:6d:7f:4e:87:5e:f3:
                    a1:34:d8:0e:f8:eb:76:3c:26:9d:cc:15:61:fc:85:
                    22:f9:c2:08:d6:5f:03:d7:d7:91:0c:da:f8:da:60:
                    76:87:f8:8a:b8:a7:24:da:ea:af:f0:12:5d:8d:ef:
                    f7:20:8c:ed:49:3e:28:bd:e4:10:cf:f1:5b:f7:ff:
                    32:f9:c5:bf:b7:a1:22:2a:ce:82:92:76:c2:46:92:
                    3c:cb:c7:d1:60:8b:aa:dd:8e:8a:99:14:8a:3d:98:
                    09:9b:ec:25:fd:0d:98:1a:f8:47:fe:33:04:06:6d:
                    df:d1:7c:28:92:8c:bd:a4:0c:40:7f:97:b7:e0:57:
                    5b:51:9b:26:b5:25:2a:5e:19:9c:f6:bd:bd:75:ca:
                    a2:8a:62:f5:70:80:58:ce:c6:dc:c0:22:96:18:fb:
                    08:a0:4a:0e:2c:cb:b6:50:55:cc:58:2a:df:37:e7:
                    9f:35:be:cc:9e:21:b0:5f:f2:cf:b7:34:60:cf:49:
                    f4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:71:6D:55:70:60:68:C1:90:6B:DA:8A:A8:4D:74:B6:EB:84:86:C2
            X509v3 Authority Key Identifier:
                keyid:31:59:55:C4:AF:3E:B1:A8:D3:40:0A:86:62:5E:36:5C:26:29:8D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MVlVxK8-sajTQAqGYl42XCYpjWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/21c61a-d6b1-4aca-9782-97348336f33a/1/enFtVXBgaMGQa9qKqE10tuuEhsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/21c61a-d6b1-4aca-9782-97348336f33a/1/MVlVxK8-sajTQAqGYl42XCYpjWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3400:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:a4:23:d2:8a:79:64:e4:ad:0c:11:80:bb:d0:b9:e9:ce:9d:
         b7:0e:78:ae:d6:56:ed:25:95:da:79:1d:bf:cf:01:05:af:93:
         12:3a:80:ea:de:da:e7:30:99:b9:06:7c:a5:c0:99:ea:28:9d:
         8b:9a:b7:7e:de:be:9b:4b:44:98:42:33:9e:18:f6:39:5f:a6:
         25:d8:1c:3e:3d:14:42:4e:04:80:54:31:ad:96:63:47:48:12:
         e2:f3:5a:84:68:e0:66:48:91:a6:8e:35:c0:7c:37:07:2c:d4:
         b6:54:a1:c6:c9:4c:4d:14:ff:e9:23:77:fb:f1:9e:2e:59:2b:
         2a:c6:ce:61:79:4a:27:0a:9a:b4:c4:73:55:d8:ee:80:d0:72:
         3d:0f:b3:c3:58:a9:b8:72:18:dd:6c:4a:2b:bb:17:49:e7:b9:
         4c:80:0b:2a:b8:13:39:d7:c3:bf:59:18:cc:6c:01:16:4b:50:
         21:92:37:da:56:b2:81:1b:9d:c8:8d:31:ce:9d:0d:28:4d:07:
         e8:92:68:b4:b3:2a:a8:a5:25:ae:d6:3a:52:00:93:60:61:fd:
         3b:bd:ff:66:d1:3c:d8:35:54:99:59:cb:ca:87:57:ae:29:45:
         c1:36:e0:b3:fe:fc:7c:a1:09:00:eb:72:57:ec:98:dd:1b:00:
         d6:ac:2b:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZKIu6U24lBg6PaAkIxC3otWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNTk1NWM0YWYzZWIxYThkMzQwMGE4NjYyNWUzNjVjMjYy
OThkNmEwHhcNMjQxMDE0MDE1NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTcxNmQ1NTcwNjA2OGMxOTA2YmRhOGFhODRkNzRiNmViODQ4NmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta35Sf21U+qaykex/+3UTfdtuVI9
Zp1fu7JNpimSdLGTW95sU0QtqlWUe8aXKYronbjddnFdCCe9L0MG4K/MsBfjpopt
f06HXvOhNNgO+Ot2PCadzBVh/IUi+cII1l8D19eRDNr42mB2h/iKuKck2uqv8BJd
je/3IIztST4oveQQz/Fb9/8y+cW/t6EiKs6CknbCRpI8y8fRYIuq3Y6KmRSKPZgJ
m+wl/Q2YGvhH/jMEBm3f0Xwokoy9pAxAf5e34FdbUZsmtSUqXhmc9r29dcqiimL1
cIBYzsbcwCKWGPsIoEoOLMu2UFXMWCrfN+efNb7MniGwX/LPtzRgz0n07QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHpxbVVwYGjBkGvaiqhNdLbrhIbCMB8GA1UdIwQY
MBaAFDFZVcSvPrGo00AKhmJeNlwmKY1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVZsVnhLOC1zYWpUUUFxR1lsNDJYQ1lwaldvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8yMWM2MWEtZDZiMS00YWNhLTk3ODIt
OTczNDgzMzZmMzNhLzEvZW5GdFZYQmdhTUdRYTlxS3FFMTB0dXVFaHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8yMWM2MWEtZDZiMS00YWNhLTk3ODItOTczNDgzMzZmMzNh
LzEvTVZsVnhLOC1zYWpUUUFxR1lsNDJYQ1lwaldvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg80AAEw
DQYJKoZIhvcNAQELBQADggEBAHakI9KKeWTkrQwRgLvQuenOnbcOeK7WVu0lldp5
Hb/PAQWvkxI6gOre2ucwmbkGfKXAmeoonYuat37evptLRJhCM54Y9jlfpiXYHD49
FEJOBIBUMa2WY0dIEuLzWoRo4GZIkaaONcB8Nwcs1LZUocbJTE0U/+kjd/vxni5Z
KyrGzmF5SicKmrTEc1XY7oDQcj0Ps8NYqbhyGN1sSiu7F0nnuUyACyq4EznXw79Z
GMxsARZLUCGSN9pWsoEbnciNMc6dDShNB+iSaLSzKqilJa7WOlIAk2Bh/Tu9/2bR
PNg1VJlZy8qHV64pRcE24LP+/HyhCQDrclfsmN0bANasK/o=
-----END CERTIFICATE-----