Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/TbZRM3h4AsMjWvHak2KrmhLVQCU.roa
File:                     TbZRM3h4AsMjWvHak2KrmhLVQCU.roa (raw, json)
Hash identifier:          jIYARf85azSdSt3z2i3QmxNxs7i1RGU9J9OCGWG96JA=
Subject key identifier:   4D:B6:51:33:78:78:02:C3:23:5A:F1:DA:93:62:AB:9A:12:D5:40:25
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       01927C558413683E877D7960C85BE8242A47
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/TbZRM3h4AsMjWvHak2KrmhLVQCU.roa
Signing time:             Fri 11 Oct 2024 16:07:12 +0000
ROA not before:           Fri 11 Oct 2024 16:07:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2a01:e900:f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7c:55:84:13:68:3e:87:7d:79:60:c8:5b:e8:24:2a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Oct 11 16:07:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4db65133787802c3235af1da9362ab9a12d54025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f1:ac:67:fc:f3:c9:ce:77:c7:82:6e:32:40:
                    64:5e:9a:b7:3d:c8:ff:a7:5b:42:83:6f:4e:62:41:
                    f2:15:0e:1c:f4:75:99:90:fd:dc:39:cd:0d:0e:02:
                    62:27:44:9a:1c:ef:93:9e:67:b8:b0:26:95:bd:7d:
                    bc:97:19:cc:0d:8a:45:44:fe:de:75:7c:53:69:cb:
                    c8:7a:26:e7:c3:aa:0c:f2:4f:81:9e:63:2e:07:5c:
                    66:79:50:e9:ba:d4:06:c5:63:cc:c7:3f:55:48:cb:
                    7d:f4:5c:29:f1:a9:47:d2:d8:0b:4c:bc:36:db:b4:
                    d2:62:62:73:eb:c1:a1:bd:25:f9:1d:56:98:9c:59:
                    dc:e3:b0:e0:6e:3b:34:ee:f2:54:b3:3b:e1:4d:1b:
                    03:30:70:01:8e:ce:76:30:20:16:62:0e:a5:1a:4b:
                    63:12:42:aa:20:31:73:7a:ad:a3:d8:1f:b8:f9:2e:
                    fd:b2:1a:b6:2e:61:99:7a:03:98:52:85:c6:ca:42:
                    aa:26:84:73:73:2d:0f:38:ea:da:15:bc:2f:3e:51:
                    73:0f:f0:ae:29:bc:94:95:5b:5b:95:03:2e:72:bf:
                    de:3f:bf:93:3a:96:b9:e8:33:af:04:de:9c:3e:cb:
                    55:2c:cf:88:85:28:f0:c3:56:fd:f4:e8:b0:a3:4c:
                    89:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B6:51:33:78:78:02:C3:23:5A:F1:DA:93:62:AB:9A:12:D5:40:25
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/TbZRM3h4AsMjWvHak2KrmhLVQCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e900:f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:16:92:75:15:58:07:1e:bc:a7:9a:17:f0:2e:64:84:9c:0e:
         bf:02:4b:b8:5f:52:a9:ae:87:b3:54:d5:5e:41:c9:16:0e:67:
         55:9d:a5:9a:2c:06:4e:11:3f:02:7e:81:77:a1:a8:00:2f:47:
         81:d2:b1:6f:b5:5a:d3:08:1a:7b:93:d6:0c:b3:f4:3c:9e:77:
         55:60:05:4c:63:75:b3:ce:56:54:6d:91:a8:c3:d6:df:af:0c:
         90:3d:d8:b4:0b:7d:3b:12:b9:e2:f9:c9:b1:96:ce:fa:c3:9c:
         92:c3:bc:ce:ee:6a:81:c6:28:a6:5a:b2:9c:c7:3c:06:cf:22:
         9c:a3:55:03:a8:1e:a4:c4:73:d3:cd:66:04:29:ce:f6:f3:ac:
         d5:69:55:12:65:e2:f3:3d:2d:0a:c5:49:1a:1b:99:3c:40:0c:
         3e:98:e8:5c:af:ec:52:06:12:b6:9f:35:28:00:4c:66:ec:e7:
         bc:4f:93:77:e3:b9:26:be:c4:c8:cb:8d:9b:43:66:c3:05:78:
         15:f5:66:6b:cd:6c:bf:5b:bf:a6:07:ec:a8:f4:79:38:9e:95:
         5d:94:11:29:4b:18:b7:7b:a6:6f:66:de:5a:0b:92:fa:78:93:
         d4:74:14:ee:b2:13:3f:17:da:4f:f0:97:4c:3f:62:7c:e0:85:
         69:a5:0a:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ8VYQTaD6HfXlgyFvoJCpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjQxMDExMTYwNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGI2NTEzMzc4NzgwMmMzMjM1YWYxZGE5MzYyYWI5YTEyZDU0MDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvGsZ/zzyc53x4JuMkBkXpq3Pcj/
p1tCg29OYkHyFQ4c9HWZkP3cOc0NDgJiJ0SaHO+Tnme4sCaVvX28lxnMDYpFRP7e
dXxTacvIeibnw6oM8k+BnmMuB1xmeVDputQGxWPMxz9VSMt99Fwp8alH0tgLTLw2
27TSYmJz68GhvSX5HVaYnFnc47Dgbjs07vJUszvhTRsDMHABjs52MCAWYg6lGktj
EkKqIDFzeq2j2B+4+S79shq2LmGZegOYUoXGykKqJoRzcy0POOraFbwvPlFzD/Cu
KbyUlVtblQMucr/eP7+TOpa56DOvBN6cPstVLM+IhSjww1b99Oiwo0yJaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE22UTN4eALDI1rx2pNiq5oS1UAlMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvVGJaUk0zaDRBc01qV3ZIYWsyS3JtaExWUUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHpAADw
MA0GCSqGSIb3DQEBCwUAA4IBAQAHFpJ1FVgHHrynmhfwLmSEnA6/Aku4X1Kproez
VNVeQckWDmdVnaWaLAZOET8CfoF3oagAL0eB0rFvtVrTCBp7k9YMs/Q8nndVYAVM
Y3WzzlZUbZGow9bfrwyQPdi0C307Erni+cmxls76w5ySw7zO7mqBxiimWrKcxzwG
zyKco1UDqB6kxHPTzWYEKc7286zVaVUSZeLzPS0KxUkaG5k8QAw+mOhcr+xSBhK2
nzUoAExm7Oe8T5N347kmvsTIy42bQ2bDBXgV9WZrzWy/W7+mB+yo9Hk4npVdlBEp
Sxi3e6ZvZt5aC5L6eJPUdBTushM/F9pP8JdMP2J84IVppQpw
-----END CERTIFICATE-----