Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/KZWaFU6hQZsXgpYdfa4Re1vcLpI.roa
File:                     KZWaFU6hQZsXgpYdfa4Re1vcLpI.roa (raw, json)
Hash identifier:          7oHShj7KLwvQSwWn7J3IkAoat9HEol+MpbrllJRGeHk=
Subject key identifier:   29:95:9A:15:4E:A1:41:9B:17:82:96:1D:7D:AE:11:7B:5B:DC:2E:92
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       01929C194D7712E3BD81D88B6EF8A571C6CF
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/KZWaFU6hQZsXgpYdfa4Re1vcLpI.roa
Signing time:             Thu 17 Oct 2024 20:09:16 +0000
ROA not before:           Thu 17 Oct 2024 20:09:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        2a0e:4582::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9c:19:4d:77:12:e3:bd:81:d8:8b:6e:f8:a5:71:c6:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Oct 17 20:09:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29959a154ea1419b1782961d7dae117b5bdc2e92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cf:6a:12:a9:dc:e5:a4:57:2c:e9:47:04:03:
                    9e:cf:40:76:d4:2c:7a:f2:9b:28:d0:44:aa:9f:64:
                    22:f4:85:1b:dc:ab:18:50:bb:89:e8:f2:82:d2:dd:
                    cd:fa:6e:b1:54:2a:5e:99:e4:31:52:f9:8e:e8:f5:
                    0c:4e:e6:23:44:8e:0c:04:fb:da:1a:67:d3:eb:ec:
                    90:42:4c:de:d9:48:ba:d5:a8:bd:f7:3a:04:70:c3:
                    23:d8:7a:2d:83:f3:ad:bb:2b:2d:bf:a8:c3:74:e8:
                    b6:fd:ea:79:20:47:5b:19:ae:e1:d9:07:6b:7e:b4:
                    4e:c8:45:60:da:d3:6b:8d:93:ea:96:e6:4e:23:29:
                    ab:e0:23:89:25:1f:fa:c8:fb:70:8e:53:90:47:da:
                    c6:08:13:04:25:92:34:db:c9:fe:be:f6:a7:ee:e4:
                    78:f6:f1:4a:68:4c:f5:40:f1:fc:9a:78:24:61:1c:
                    81:44:06:ac:ee:47:3f:f3:bf:a2:de:52:9f:95:4d:
                    fe:26:e5:c5:7f:10:0a:57:b8:7c:5b:c3:05:36:a5:
                    00:cb:a5:17:6b:a6:30:51:df:92:ec:44:d0:c5:65:
                    1c:15:80:02:12:21:a9:dd:90:52:0c:f0:8a:3a:ac:
                    84:88:d4:4d:71:e6:97:cf:f8:18:e7:5d:d5:05:40:
                    58:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:95:9A:15:4E:A1:41:9B:17:82:96:1D:7D:AE:11:7B:5B:DC:2E:92
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/KZWaFU6hQZsXgpYdfa4Re1vcLpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4582::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:be:39:07:e7:06:73:3d:46:c7:c2:98:0c:fd:46:83:d5:41:
         78:b3:67:73:06:43:a0:16:38:ac:34:04:f4:e1:e5:f6:2d:61:
         90:ee:9b:a3:92:01:89:95:ee:b3:b8:87:16:94:bc:3a:6f:5a:
         1c:ee:37:40:f3:38:71:5e:dc:e3:7a:e2:7b:21:fd:9a:43:bd:
         09:dd:88:3d:46:7d:98:e0:41:8e:91:10:6f:59:18:b9:b1:59:
         5d:93:54:4d:bb:c1:71:95:57:2e:be:6c:71:62:42:0a:c1:d5:
         3d:99:ae:2c:f3:ea:d8:c8:a6:5c:b0:15:41:0c:b7:5d:87:cd:
         a7:22:5c:24:ea:da:fa:eb:c8:03:a9:93:ae:cb:cf:00:f5:40:
         df:12:69:ec:03:6f:d8:49:24:c8:06:2b:54:63:33:e8:18:23:
         7f:98:2c:b8:f2:84:91:d2:ff:b8:b9:ab:31:68:0c:fb:49:60:
         34:8c:99:2a:6a:7d:a5:1c:1e:d1:7e:f7:c8:22:5f:79:87:87:
         c7:63:5e:57:df:b8:a3:03:f4:8d:bb:3a:18:d8:4e:08:53:1b:
         17:b1:f3:16:c8:1a:f7:66:57:f8:b4:02:80:ff:96:8c:3b:a7:
         7b:75:a4:31:85:56:c8:4d:f0:5e:4e:58:ee:50:fd:34:c2:e7:
         15:07:23:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKcGU13EuO9gdiLbvilccbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjQxMDE3MjAwOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk1OWExNTRlYTE0MTliMTc4Mjk2MWQ3ZGFlMTE3YjViZGMyZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM9qEqnc5aRXLOlHBAOez0B21Cx6
8pso0ESqn2Qi9IUb3KsYULuJ6PKC0t3N+m6xVCpemeQxUvmO6PUMTuYjRI4MBPva
GmfT6+yQQkze2Ui61ai99zoEcMMj2Hotg/Otuystv6jDdOi2/ep5IEdbGa7h2Qdr
frROyEVg2tNrjZPqluZOIymr4COJJR/6yPtwjlOQR9rGCBMEJZI028n+vvan7uR4
9vFKaEz1QPH8mngkYRyBRAas7kc/87+i3lKflU3+JuXFfxAKV7h8W8MFNqUAy6UX
a6YwUd+S7ETQxWUcFYACEiGp3ZBSDPCKOqyEiNRNceaXz/gY513VBUBY7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCmVmhVOoUGbF4KWHX2uEXtb3C6SMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvS1pXYUZVNmhRWnNYZ3BZZGZhNFJlMXZjTHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5FgjAN
BgkqhkiG9w0BAQsFAAOCAQEAJ745B+cGcz1Gx8KYDP1Gg9VBeLNncwZDoBY4rDQE
9OHl9i1hkO6bo5IBiZXus7iHFpS8Om9aHO43QPM4cV7c43rieyH9mkO9Cd2IPUZ9
mOBBjpEQb1kYubFZXZNUTbvBcZVXLr5scWJCCsHVPZmuLPPq2MimXLAVQQy3XYfN
pyJcJOra+uvIA6mTrsvPAPVA3xJp7ANv2EkkyAYrVGMz6Bgjf5gsuPKEkdL/uLmr
MWgM+0lgNIyZKmp9pRwe0X73yCJfeYeHx2NeV9+4owP0jbs6GNhOCFMbF7HzFsga
92ZX+LQCgP+WjDune3WkMYVWyE3wXk5Y7lD9NMLnFQcjTg==
-----END CERTIFICATE-----