Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/tedxv31Rrx5zDEpovVsTdVFr5s4.roa
File:                     tedxv31Rrx5zDEpovVsTdVFr5s4.roa (raw, json)
Hash identifier:          7+ByAmj7IQWqLR/di/6ER98p0Aamq6zhEeCEFidNMes=
Subject key identifier:   B5:E7:71:BF:7D:51:AF:1E:73:0C:4A:68:BD:5B:13:75:51:6B:E6:CE
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019368EB4BA77E520316B7752927EE39BD7E
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/tedxv31Rrx5zDEpovVsTdVFr5s4.roa
Signing time:             Tue 26 Nov 2024 14:41:10 +0000
ROA not before:           Tue 26 Nov 2024 14:41:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60188
IP address blocks:        2a06:5040:8::/48 maxlen: 48
                          2a06:5040:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:68:eb:4b:a7:7e:52:03:16:b7:75:29:27:ee:39:bd:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 14:41:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5e771bf7d51af1e730c4a68bd5b1375516be6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:43:b6:15:18:de:0c:75:d3:75:29:31:07:b4:
                    ee:39:5a:15:9f:a7:ae:11:19:64:88:f6:f4:f5:34:
                    e3:a6:86:6c:93:4a:71:08:e7:4e:1d:f9:e4:99:51:
                    e3:80:39:46:0e:4d:07:96:f9:50:01:bf:69:87:5f:
                    c1:d7:99:28:d4:54:6c:f9:3b:b1:34:18:3d:27:73:
                    8f:5c:07:70:42:0f:af:94:2e:86:9a:e6:d4:1c:9b:
                    25:0c:73:b4:bd:6d:bf:40:db:a9:ac:74:78:13:d4:
                    5e:3b:5d:a1:2b:d1:f8:e2:33:54:cc:f9:6d:63:3f:
                    2b:e2:5c:91:bd:fc:3b:9c:4f:d1:f1:61:ef:61:48:
                    77:21:1b:e6:9b:1d:e9:fd:6a:37:db:bb:ae:1d:2a:
                    db:3d:80:15:dc:74:e8:8e:db:3a:61:0c:14:72:a3:
                    92:7e:d6:3c:cf:b8:3b:59:aa:e0:ac:bc:b6:0c:c6:
                    1f:fb:3e:5a:5c:c3:97:a5:0a:0d:be:43:35:d3:0d:
                    8d:73:84:b8:64:5a:1d:8e:f8:ca:3b:98:5c:52:0a:
                    1e:a6:f8:5d:91:86:26:d6:65:fb:a3:e1:e7:c3:f2:
                    41:bd:b6:c2:ee:21:76:39:2c:91:61:6a:ba:ef:6c:
                    96:5c:45:2d:22:71:65:83:ef:74:b9:a9:ba:0d:4c:
                    32:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:E7:71:BF:7D:51:AF:1E:73:0C:4A:68:BD:5B:13:75:51:6B:E6:CE
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/tedxv31Rrx5zDEpovVsTdVFr5s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:5040:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         62:c4:63:c0:7b:2b:19:63:b7:e2:21:df:c6:9b:04:53:07:c8:
         61:d1:b9:75:08:aa:45:83:3a:bd:ec:e1:ba:95:6e:44:1a:8e:
         0d:81:50:7a:8c:d8:8c:5b:ed:fb:49:93:1c:3d:c2:47:62:df:
         89:ac:20:20:3c:f6:a0:54:ff:cc:ff:f8:c6:78:4e:45:93:3b:
         fb:ce:97:25:28:37:e6:db:99:6e:50:04:f3:1d:28:5f:1a:d2:
         fc:7e:10:d1:a5:2f:ce:ec:70:21:be:fd:01:7b:76:02:fb:24:
         e3:da:20:a3:52:b0:3c:60:f9:28:9e:3a:93:f7:bf:fe:e1:24:
         74:94:15:4e:fc:56:32:b0:25:97:24:97:0a:2a:6a:b7:5c:7f:
         dc:66:1b:f2:d1:e7:76:1b:34:dc:00:08:5e:c7:ba:c7:e1:db:
         6f:26:3b:bc:8e:31:14:6d:43:95:43:c0:ed:d9:0d:a5:43:2b:
         57:01:ad:d9:62:8a:d0:f6:ce:59:e1:43:25:92:ec:1f:aa:24:
         5b:48:ec:a9:8c:47:21:6f:03:46:d6:d5:9f:97:c9:9f:db:07:
         b7:78:c6:bf:c1:37:b4:40:90:4b:1c:b1:4e:a7:50:50:9d:c5:
         26:9d:d2:fd:4d:29:8c:48:fe:82:af:e0:c3:ba:c3:c3:14:69:
         e5:86:88:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNo60unflIDFrd1KSfuOb1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTQ0MTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWU3NzFiZjdkNTFhZjFlNzMwYzRhNjhiZDViMTM3NTUxNmJlNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0O2FRjeDHXTdSkxB7TuOVoVn6eu
ERlkiPb09TTjpoZsk0pxCOdOHfnkmVHjgDlGDk0HlvlQAb9ph1/B15ko1FRs+Tux
NBg9J3OPXAdwQg+vlC6GmubUHJslDHO0vW2/QNuprHR4E9ReO12hK9H44jNUzPlt
Yz8r4lyRvfw7nE/R8WHvYUh3IRvmmx3p/Wo327uuHSrbPYAV3HTojts6YQwUcqOS
ftY8z7g7WargrLy2DMYf+z5aXMOXpQoNvkM10w2Nc4S4ZFodjvjKO5hcUgoepvhd
kYYm1mX7o+Hnw/JBvbbC7iF2OSyRYWq672yWXEUtInFlg+90uam6DUwycwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLXncb99Ua8ecwxKaL1bE3VRa+bOMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvdGVkeHYzMVJyeDV6REVwb3ZWc1RkVkZyNXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgZQQAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBixGPAeysZY7fiId/GmwRTB8hh0bl1CKpFgzq9
7OG6lW5EGo4NgVB6jNiMW+37SZMcPcJHYt+JrCAgPPagVP/M//jGeE5Fkzv7zpcl
KDfm25luUATzHShfGtL8fhDRpS/O7HAhvv0Be3YC+yTj2iCjUrA8YPkonjqT97/+
4SR0lBVO/FYysCWXJJcKKmq3XH/cZhvy0ed2GzTcAAhex7rH4dtvJju8jjEUbUOV
Q8Dt2Q2lQytXAa3ZYorQ9s5Z4UMlkuwfqiRbSOypjEchbwNG1tWfl8mf2we3eMa/
wTe0QJBLHLFOp1BQncUmndL9TSmMSP6Cr+DDusPDFGnlhohK
-----END CERTIFICATE-----