Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/SmdCIeK9lRRzAx1c1UVRzlXnAGs.roa
File:                     SmdCIeK9lRRzAx1c1UVRzlXnAGs.roa (raw, json)
Hash identifier:          iEyWz4PN5Box0mXXULDYAVatI4D44Vhifl6Wl/CMnbk=
Subject key identifier:   4A:67:42:21:E2:BD:95:14:73:03:1D:5C:D5:45:51:CE:55:E7:00:6B
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       0192B3E364EEC2728F441EC0CBDD7F5D457B
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/SmdCIeK9lRRzAx1c1UVRzlXnAGs.roa
Signing time:             Tue 22 Oct 2024 11:01:17 +0000
ROA not before:           Tue 22 Oct 2024 11:01:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17818
IP address blocks:        2a06:e800::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:e3:64:ee:c2:72:8f:44:1e:c0:cb:dd:7f:5d:45:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Oct 22 11:01:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a674221e2bd951473031d5cd54551ce55e7006b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:68:3f:47:59:6a:34:c0:a9:0f:0d:fd:af:42:
                    77:8d:18:0a:2d:af:af:ff:d6:ed:81:87:fd:bd:a4:
                    c9:92:78:68:12:40:41:ae:e6:84:a7:0c:10:3e:01:
                    48:aa:6a:e9:cd:1e:70:92:9a:21:16:09:66:b3:4b:
                    43:a3:13:ef:ad:a8:61:98:0b:f5:73:c2:65:92:cd:
                    5f:4b:a1:60:81:8e:1e:b6:e0:24:02:d2:3d:3e:df:
                    f0:78:0b:3b:37:af:c3:b7:6f:0d:bf:63:3f:5c:76:
                    80:1e:c6:b7:23:b2:71:91:04:c5:60:b6:24:00:0b:
                    85:e4:cd:b9:5f:b3:c9:d2:c0:bd:cb:e7:8a:31:c8:
                    d8:b8:28:02:2b:01:77:d4:e1:65:06:79:94:53:5e:
                    bd:80:c6:a1:58:97:0c:d8:98:a0:c8:03:ca:b0:d8:
                    d4:ca:87:6a:20:1c:7b:bc:49:21:18:e0:8a:c9:d8:
                    2e:a9:0d:74:86:7b:6b:aa:ed:9a:f2:bc:53:9e:ba:
                    c4:93:ec:f0:02:14:e1:f8:b3:3f:b7:a1:04:6c:ce:
                    ed:3b:fe:df:05:ff:3d:b1:29:43:9c:17:a7:e7:1a:
                    f0:32:83:e6:66:ce:71:c3:36:39:b0:9b:21:04:d4:
                    2a:43:3b:c6:7e:5a:63:39:d7:1a:b5:8a:bf:4d:6c:
                    50:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:67:42:21:E2:BD:95:14:73:03:1D:5C:D5:45:51:CE:55:E7:00:6B
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/SmdCIeK9lRRzAx1c1UVRzlXnAGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:ae:54:6c:a2:4a:83:52:7b:30:14:93:8c:9e:d4:97:98:52:
         f3:eb:12:39:07:e3:3c:89:7f:83:d6:4c:86:90:12:02:f6:4d:
         8b:a3:c1:93:95:dc:3e:70:b5:2f:dd:d8:74:85:7b:3b:c7:c4:
         5c:30:b7:69:3c:f9:ce:1b:75:00:de:50:64:09:fe:d2:32:13:
         60:5c:3d:20:28:20:7c:7b:49:2f:59:c2:6e:a9:81:13:b6:e6:
         47:55:bf:0d:54:d5:07:7b:c8:39:0a:a8:3d:b6:d6:e9:bb:6a:
         ec:1c:db:48:e0:8a:38:be:cd:b7:83:d9:74:30:62:7b:f6:24:
         54:01:80:90:fa:ba:7c:e6:84:89:b5:f4:d8:b8:73:f7:fc:6b:
         ef:f8:cd:9b:81:af:50:45:21:58:d7:74:a1:b3:38:f1:a9:c5:
         f3:48:a1:da:07:c5:11:fa:5b:dc:f5:2a:68:d4:7f:b1:27:9b:
         10:2e:12:2a:32:d5:df:2b:0b:9e:4f:6e:da:72:d4:01:e5:1d:
         e4:c3:9c:b1:61:59:54:48:9c:a3:5c:f5:0b:51:95:bd:c2:33:
         2d:f2:17:9a:c5:e8:ca:c9:ff:e2:bb:b6:1b:c8:b1:75:e3:85:
         31:89:32:a5:93:41:11:02:1a:f3:1c:f9:a4:ad:19:a1:37:97:
         af:2f:13:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKz42TuwnKPRB7Ay91/XUV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQxMDIyMTEwMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY3NDIyMWUyYmQ5NTE0NzMwMzFkNWNkNTQ1NTFjZTU1ZTcwMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmg/R1lqNMCpDw39r0J3jRgKLa+v
/9btgYf9vaTJknhoEkBBruaEpwwQPgFIqmrpzR5wkpohFglms0tDoxPvrahhmAv1
c8Jlks1fS6FggY4etuAkAtI9Pt/weAs7N6/Dt28Nv2M/XHaAHsa3I7JxkQTFYLYk
AAuF5M25X7PJ0sC9y+eKMcjYuCgCKwF31OFlBnmUU169gMahWJcM2JigyAPKsNjU
yodqIBx7vEkhGOCKydguqQ10hntrqu2a8rxTnrrEk+zwAhTh+LM/t6EEbM7tO/7f
Bf89sSlDnBen5xrwMoPmZs5xwzY5sJshBNQqQzvGflpjOdcatYq/TWxQmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEpnQiHivZUUcwMdXNVFUc5V5wBrMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvU21kQ0llSzlsUlJ6QXgxYzFVVlJ6bFhuQUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgboADAN
BgkqhkiG9w0BAQsFAAOCAQEASa5UbKJKg1J7MBSTjJ7Ul5hS8+sSOQfjPIl/g9ZM
hpASAvZNi6PBk5XcPnC1L93YdIV7O8fEXDC3aTz5zht1AN5QZAn+0jITYFw9ICgg
fHtJL1nCbqmBE7bmR1W/DVTVB3vIOQqoPbbW6btq7BzbSOCKOL7Nt4PZdDBie/Yk
VAGAkPq6fOaEibX02Lhz9/xr7/jNm4GvUEUhWNd0obM48anF80ih2gfFEfpb3PUq
aNR/sSebEC4SKjLV3ysLnk9u2nLUAeUd5MOcsWFZVEico1z1C1GVvcIzLfIXmsXo
ysn/4ru2G8ixdeOFMYkypZNBEQIa8xz5pK0ZoTeXry8TuQ==
-----END CERTIFICATE-----