Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/e0qbtW3jXCZt0TlaV-uMYH29sdA.roa
File:                     e0qbtW3jXCZt0TlaV-uMYH29sdA.roa (raw, json)
Hash identifier:          0VCpY+Ksy15m5Ft3+rP4YftK/uKYOqMPdtMQ3Naogn0=
Subject key identifier:   7B:4A:9B:B5:6D:E3:5C:26:6D:D1:39:5A:57:EB:8C:60:7D:BD:B1:D0
Certificate issuer:       /CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
Certificate serial:       018CCA2A2537E26394EA6CDC5C5827BF1050
Authority key identifier: 47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/e0qbtW3jXCZt0TlaV-uMYH29sdA.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203350
IP address blocks:        2a05:4240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:25:37:e2:63:94:ea:6c:dc:5c:58:27:bf:10:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b4a9bb56de35c266dd1395a57eb8c607dbdb1d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7f:86:08:e5:b0:c4:82:e7:f1:95:80:45:83:
                    25:ce:b1:e5:ad:c9:0c:7b:45:e5:18:0b:fb:30:b4:
                    d4:3b:a8:b4:20:6c:92:5d:d7:b2:b3:ef:71:ed:91:
                    e0:ce:5f:60:27:20:72:ec:f3:d2:4c:af:e7:a7:57:
                    6c:75:41:44:f4:83:ec:6b:de:58:95:ea:45:f0:60:
                    55:a4:11:67:2d:c8:8a:6e:c8:8f:c5:64:43:4e:2b:
                    16:43:a8:ba:51:30:29:e6:bf:cb:9c:03:17:37:dc:
                    ae:9b:a9:7c:fb:1f:b7:87:60:f4:aa:99:4b:bd:fd:
                    cf:dd:68:ea:6c:d6:fe:3a:8b:eb:d9:d0:de:81:a7:
                    9e:32:ea:55:28:15:e4:19:e0:c3:7d:0b:c5:f4:e3:
                    92:d6:95:3e:2c:99:71:f2:ff:d9:40:02:79:27:84:
                    2c:e0:a3:9d:bc:b0:bf:99:7f:48:f9:36:34:cb:cc:
                    98:1f:47:8f:ed:32:cb:07:cf:fb:2b:52:22:00:19:
                    0b:5c:d6:a9:89:95:92:15:a0:13:11:e2:e8:bf:f6:
                    07:db:b2:d1:bf:88:08:af:bd:a7:e2:4e:ea:cc:dd:
                    a3:f5:c2:2b:2f:44:d5:f8:5b:22:f7:cd:a0:a8:1e:
                    0e:55:eb:b3:b9:49:39:18:6c:f2:9c:c4:e4:74:49:
                    ba:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:4A:9B:B5:6D:E3:5C:26:6D:D1:39:5A:57:EB:8C:60:7D:BD:B1:D0
            X509v3 Authority Key Identifier:
                keyid:47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/e0qbtW3jXCZt0TlaV-uMYH29sdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4240::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:0d:92:c4:57:40:41:16:a5:66:18:50:1a:87:1b:b3:b8:a3:
         ab:2d:fb:01:c0:17:a4:c2:c5:37:30:c8:7d:1e:79:5b:d1:75:
         76:32:e2:40:b7:13:0e:70:54:09:93:dd:bf:3d:15:c8:55:02:
         f4:92:3b:b6:eb:fa:15:4d:bf:d8:97:ea:c4:35:a5:4a:85:ef:
         2e:9e:59:55:7e:47:e0:86:55:25:c4:ac:b5:e5:9c:55:05:eb:
         c0:fd:a1:8a:5d:3d:51:92:1c:bb:49:a7:fa:0e:40:25:af:5d:
         fe:85:f2:5b:38:e4:3b:a8:c9:06:a9:f3:6e:ce:9c:c8:db:61:
         aa:17:f9:b1:7d:2b:05:55:12:30:70:d8:11:7d:58:80:37:2d:
         46:8a:62:1e:4f:0d:f7:08:85:b4:ee:54:37:39:f6:fa:d3:62:
         a7:bf:ef:98:b2:ba:0d:d4:34:e6:32:76:bb:86:7f:40:4a:fc:
         66:74:be:e8:43:80:6b:84:4f:7b:d2:04:df:b5:ac:82:c3:20:
         51:60:82:6a:45:13:a4:2c:02:2a:5a:ac:21:11:09:24:e7:da:
         2f:d6:75:23:f7:d1:9c:6b:b3:25:b1:34:f4:e0:f0:64:8c:62:
         2d:e2:a5:e7:22:6e:99:1e:ef:39:d8:b9:83:b6:93:0b:5d:0c:
         db:c0:fa:63
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKiU34mOU6mzcXFgnvxBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjFiZjQ4ZTQwMTY2MGVlOTYxMWIzNWMwNGI1ZDFkMWYz
ZmFiZmEwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjRhOWJiNTZkZTM1YzI2NmRkMTM5NWE1N2ViOGM2MDdkYmRiMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn+GCOWwxILn8ZWARYMlzrHlrckM
e0XlGAv7MLTUO6i0IGySXdeys+9x7ZHgzl9gJyBy7PPSTK/np1dsdUFE9IPsa95Y
lepF8GBVpBFnLciKbsiPxWRDTisWQ6i6UTAp5r/LnAMXN9yum6l8+x+3h2D0qplL
vf3P3WjqbNb+Oovr2dDegaeeMupVKBXkGeDDfQvF9OOS1pU+LJlx8v/ZQAJ5J4Qs
4KOdvLC/mX9I+TY0y8yYH0eP7TLLB8/7K1IiABkLXNapiZWSFaATEeLov/YH27LR
v4gIr72n4k7qzN2j9cIrL0TV+Fsi982gqB4OVeuzuUk5GGzynMTkdEm60wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHtKm7Vt41wmbdE5WlfrjGB9vbHQMB8GA1UdIwQY
MBaAFEchv0jkAWYO6WEbNcBLXR0fP6v6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUt
NTZmZGU1ZTcxNWIxLzEvZTBxYnRXM2pYQ1p0MFRsYVYtdU1ZSDI5c2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUtNTZmZGU1ZTcxNWIx
LzEvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgVCQDAN
BgkqhkiG9w0BAQsFAAOCAQEAGg2SxFdAQRalZhhQGocbs7ijqy37AcAXpMLFNzDI
fR55W9F1djLiQLcTDnBUCZPdvz0VyFUC9JI7tuv6FU2/2JfqxDWlSoXvLp5ZVX5H
4IZVJcSsteWcVQXrwP2hil09UZIcu0mn+g5AJa9d/oXyWzjkO6jJBqnzbs6cyNth
qhf5sX0rBVUSMHDYEX1YgDctRopiHk8N9wiFtO5UNzn2+tNip7/vmLK6DdQ05jJ2
u4Z/QEr8ZnS+6EOAa4RPe9IE37WsgsMgUWCCakUTpCwCKlqsIREJJOfaL9Z1I/fR
nGuzJbE09ODwZIxiLeKl5yJumR7vOdi5g7aTC10M28D6Yw==
-----END CERTIFICATE-----