Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/hIob5To274fAjehq0AwMGr3UEqc.roa
File:                     hIob5To274fAjehq0AwMGr3UEqc.roa (raw, json)
Hash identifier:          hw+Q/TxC5+ykZBYqAmyf+tysb/cdlyf6YfnhtNq3SA8=
Subject key identifier:   84:8A:1B:E5:3A:36:EF:87:C0:8D:E8:6A:D0:0C:0C:1A:BD:D4:12:A7
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       01916E45A13716F0D63C17D73AB79C6F3A74
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/hIob5To274fAjehq0AwMGr3UEqc.roa
Signing time:             Tue 20 Aug 2024 05:32:22 +0000
ROA not before:           Tue 20 Aug 2024 05:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214341
IP address blocks:        2a01:e901:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 20:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6e:45:a1:37:16:f0:d6:3c:17:d7:3a:b7:9c:6f:3a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Aug 20 05:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=848a1be53a36ef87c08de86ad00c0c1abdd412a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b5:93:36:49:6a:dd:8b:05:0f:f4:9b:b8:82:
                    f3:10:33:c6:00:11:d1:24:18:db:d0:59:38:be:02:
                    69:5e:c2:fd:95:7a:c2:3b:7f:f1:79:3c:2e:37:55:
                    f1:51:d6:92:fd:38:bb:3a:02:db:19:c0:83:2b:55:
                    bd:c2:5d:43:ba:6b:64:e0:82:6c:b3:6b:79:0d:e3:
                    3e:52:bb:e1:29:4d:0e:a4:b3:93:c2:ee:b1:99:bb:
                    fa:ce:60:f5:20:91:06:7a:7d:52:f8:e2:cc:62:76:
                    1b:7c:67:8d:85:2b:4b:c6:e4:be:a7:1a:62:87:05:
                    42:da:55:9a:2d:d0:b2:6e:2f:af:10:cc:0a:d0:7f:
                    a4:97:9e:c7:47:5e:9d:c7:db:3c:58:ea:43:2f:c5:
                    08:1e:9f:5b:74:df:04:4a:e7:21:83:53:c0:64:e2:
                    60:c0:a8:3e:74:a7:eb:f3:53:eb:a4:a7:8f:7f:cb:
                    40:fd:38:e8:f2:9f:a9:50:f5:68:bf:e6:34:ec:b5:
                    e3:eb:02:ad:6c:e6:c8:1d:e8:94:b5:6c:cb:97:05:
                    f5:23:ca:eb:b0:7f:c0:c4:d2:ab:3a:21:28:76:f3:
                    07:56:59:ce:05:d4:74:51:4d:df:18:69:8e:ec:d3:
                    cd:d2:e0:35:57:b1:19:52:d4:0b:68:64:3c:be:c3:
                    bf:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8A:1B:E5:3A:36:EF:87:C0:8D:E8:6A:D0:0C:0C:1A:BD:D4:12:A7
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/hIob5To274fAjehq0AwMGr3UEqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e901:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:5a:de:b7:41:c5:25:13:cb:22:99:6b:d2:64:86:a3:61:b0:
         b4:4b:6b:07:d5:92:1c:b2:9a:9f:90:66:a8:55:cb:89:da:2e:
         31:af:f8:0e:c4:a7:41:58:74:16:39:8a:c4:ec:6e:21:ba:78:
         54:5c:92:33:3e:18:30:9b:5b:f2:e3:a4:0c:98:63:8e:01:e9:
         b5:95:78:f4:9f:82:98:a7:e0:6c:1d:d7:3d:2e:d9:fd:c0:0f:
         8b:44:60:6b:f7:70:b2:8c:28:a5:2a:14:c7:11:67:18:bc:b3:
         ec:d4:1a:33:bc:9b:5d:87:63:3f:95:f1:05:98:cf:4d:95:19:
         c8:84:2e:d3:43:a0:16:59:a4:99:1d:7d:07:1b:33:8c:cd:b2:
         47:63:6e:06:42:77:ba:e9:d3:e3:d7:4d:f0:2b:6a:62:7e:a2:
         7d:87:0a:09:44:ab:ca:fd:f4:b4:08:56:fe:61:b2:18:f9:78:
         97:f9:68:bb:ae:84:07:90:9d:9b:21:3f:a3:52:f3:0f:9e:22:
         c2:4b:7d:20:a5:13:62:4e:a3:bc:79:e3:a9:60:0d:de:5e:5f:
         87:c8:97:23:dd:4e:d4:23:84:88:1c:e0:f1:89:39:4d:38:0a:
         ba:ab:82:d4:97:da:eb:e0:6f:f4:1f:0f:89:7c:3b:11:45:75:
         93:10:40:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFuRaE3FvDWPBfXOrecbzp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjQwODIwMDUzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhhMWJlNTNhMzZlZjg3YzA4ZGU4NmFkMDBjMGMxYWJkZDQxMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrWTNklq3YsFD/SbuILzEDPGABHR
JBjb0Fk4vgJpXsL9lXrCO3/xeTwuN1XxUdaS/Ti7OgLbGcCDK1W9wl1Dumtk4IJs
s2t5DeM+UrvhKU0OpLOTwu6xmbv6zmD1IJEGen1S+OLMYnYbfGeNhStLxuS+pxpi
hwVC2lWaLdCybi+vEMwK0H+kl57HR16dx9s8WOpDL8UIHp9bdN8ESuchg1PAZOJg
wKg+dKfr81PrpKePf8tA/Tjo8p+pUPVov+Y07LXj6wKtbObIHeiUtWzLlwX1I8rr
sH/AxNKrOiEodvMHVlnOBdR0UU3fGGmO7NPN0uA1V7EZUtQLaGQ8vsO/fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFISKG+U6Nu+HwI3oatAMDBq91BKnMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvaElvYjVUbzI3NGZBamVocTBBd01HcjNVRXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHpAQAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBoWt63QcUlE8simWvSZIajYbC0S2sH1ZIcspqf
kGaoVcuJ2i4xr/gOxKdBWHQWOYrE7G4hunhUXJIzPhgwm1vy46QMmGOOAem1lXj0
n4KYp+BsHdc9Ltn9wA+LRGBr93CyjCilKhTHEWcYvLPs1BozvJtdh2M/lfEFmM9N
lRnIhC7TQ6AWWaSZHX0HGzOMzbJHY24GQne66dPj103wK2pifqJ9hwoJRKvK/fS0
CFb+YbIY+XiX+Wi7roQHkJ2bIT+jUvMPniLCS30gpRNiTqO8eeOpYA3eXl+HyJcj
3U7UI4SIHODxiTlNOAq6q4LUl9rr4G/0Hw+JfDsRRXWTEECO
-----END CERTIFICATE-----