Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/5nms_U5aWNZ3FJBIayzuX-d8Tl0.roa
File:                     5nms_U5aWNZ3FJBIayzuX-d8Tl0.roa (raw, json)
Hash identifier:          cDMWgeK6lGRTpehwwbMNqGgnOpbqWBu/6tBkHd/W9O0=
Subject key identifier:   E6:79:AC:FD:4E:5A:58:D6:77:14:90:48:6B:2C:EE:5F:E7:7C:4E:5D
Certificate issuer:       /CN=351a14ce9d25239b92fe5abce532515044c1aba4
Certificate serial:       0190ABFBF5249D6FFBF5AB1F5C01F687AF1E
Authority key identifier: 35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/5nms_U5aWNZ3FJBIayzuX-d8Tl0.roa
Signing time:             Sat 13 Jul 2024 12:05:34 +0000
ROA not before:           Sat 13 Jul 2024 12:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216249
IP address blocks:        2a05:91c3:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:fb:f5:24:9d:6f:fb:f5:ab:1f:5c:01:f6:87:af:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a14ce9d25239b92fe5abce532515044c1aba4
        Validity
            Not Before: Jul 13 12:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e679acfd4e5a58d6771490486b2cee5fe77c4e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d5:5c:f8:ee:3a:30:b4:89:cb:a2:b6:21:e8:
                    49:3c:99:e4:dc:12:a6:00:55:4f:89:5a:af:db:05:
                    23:d8:30:97:70:33:61:7c:37:e3:b9:35:3a:4d:f6:
                    9e:88:66:21:bf:25:ca:84:a7:fd:f6:0e:07:93:a4:
                    63:fc:47:0c:77:41:f1:48:0a:06:2b:72:ff:46:e9:
                    a3:ff:76:40:70:c3:93:2b:fb:f7:b7:6f:7d:56:43:
                    48:3c:01:c5:f9:6b:8f:08:eb:3e:ed:25:a2:3c:ae:
                    fd:64:6d:79:42:af:49:99:9b:27:52:59:6e:73:2c:
                    13:59:8d:26:5a:36:d6:99:82:2c:a5:20:93:fc:cd:
                    f8:e1:50:b2:64:0f:11:5f:1c:a9:8e:10:37:57:55:
                    17:57:86:86:b6:ec:3b:86:b6:54:ec:83:90:ac:11:
                    b8:5d:28:16:ac:60:4c:32:b0:ea:da:0b:97:88:96:
                    e1:4c:51:d7:e7:ce:53:51:67:ea:c4:01:b2:66:e2:
                    68:4e:fd:7f:1b:8b:81:37:8e:7a:cc:98:c1:30:7d:
                    de:e9:95:75:44:b4:82:ea:bc:5d:46:ed:06:8f:58:
                    49:c2:75:bc:e9:5d:88:62:34:f0:c7:00:67:94:84:
                    ed:c8:a9:14:6a:0b:ab:49:5b:43:46:5f:dd:83:f5:
                    39:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:79:AC:FD:4E:5A:58:D6:77:14:90:48:6B:2C:EE:5F:E7:7C:4E:5D
            X509v3 Authority Key Identifier:
                keyid:35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/5nms_U5aWNZ3FJBIayzuX-d8Tl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:91c3:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:10:df:d0:e1:a7:52:74:59:05:71:3f:74:8b:67:41:49:1f:
         82:49:ab:d4:f4:c8:3c:49:6d:1e:7f:86:dd:eb:b7:ba:f3:d8:
         ad:70:99:6c:c0:67:d1:02:d8:b1:f0:06:99:a8:50:29:4e:64:
         02:de:2a:17:19:3b:bd:f5:0d:21:ad:cd:10:d7:81:8f:98:b9:
         21:fe:b5:b2:29:f2:5c:9c:90:ab:f0:7c:ee:83:4f:b0:85:e4:
         80:f1:d2:70:0b:f5:68:72:78:09:45:7f:14:06:63:bb:76:53:
         e8:17:32:0a:c7:d6:1f:d1:fd:63:a5:fe:6a:3a:a7:9b:94:fa:
         07:bb:76:0a:86:72:da:13:1c:61:0e:b8:96:94:5d:42:13:74:
         f8:b6:17:fd:fd:a5:9b:f4:66:66:55:09:f7:d9:54:e9:f7:15:
         55:da:ab:55:f6:ba:a8:49:48:51:1d:01:a0:15:e1:a1:37:a5:
         c7:a8:8f:82:d8:65:55:37:63:39:f8:bb:32:88:11:53:04:7b:
         11:f7:41:d0:58:f4:fe:da:f5:05:b3:93:a9:55:eb:62:26:79:
         42:a0:07:01:45:db:83:91:cf:81:6a:be:79:43:a6:0a:aa:86:
         7e:eb:ec:ab:bc:81:57:f1:cf:e8:71:67:63:57:de:6a:73:48:
         1c:eb:a4:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCr+/UknW/79asfXAH2h68eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWExNGNlOWQyNTIzOWI5MmZlNWFiY2U1MzI1MTUwNDRj
MWFiYTQwHhcNMjQwNzEzMTIwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjc5YWNmZDRlNWE1OGQ2NzcxNDkwNDg2YjJjZWU1ZmU3N2M0ZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dVc+O46MLSJy6K2IehJPJnk3BKm
AFVPiVqv2wUj2DCXcDNhfDfjuTU6TfaeiGYhvyXKhKf99g4Hk6Rj/EcMd0HxSAoG
K3L/Rumj/3ZAcMOTK/v3t299VkNIPAHF+WuPCOs+7SWiPK79ZG15Qq9JmZsnUllu
cywTWY0mWjbWmYIspSCT/M344VCyZA8RXxypjhA3V1UXV4aGtuw7hrZU7IOQrBG4
XSgWrGBMMrDq2guXiJbhTFHX585TUWfqxAGyZuJoTv1/G4uBN456zJjBMH3e6ZV1
RLSC6rxdRu0Gj1hJwnW86V2IYjTwxwBnlITtyKkUagurSVtDRl/dg/U5nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOZ5rP1OWljWdxSQSGss7l/nfE5dMB8GA1UdIwQY
MBaAFDUaFM6dJSObkv5avOUyUVBEwaukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEt
Mjk1Mzg5NGIxZjZkLzEvNW5tc19VNWFXTlozRkpCSWF5enVYLWQ4VGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEtMjk1Mzg5NGIxZjZk
LzEvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWRwwAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBnEN/Q4adSdFkFcT90i2dBSR+CSavU9Mg8SW0e
f4bd67e689itcJlswGfRAtix8AaZqFApTmQC3ioXGTu99Q0hrc0Q14GPmLkh/rWy
KfJcnJCr8Hzug0+wheSA8dJwC/VocngJRX8UBmO7dlPoFzIKx9Yf0f1jpf5qOqeb
lPoHu3YKhnLaExxhDriWlF1CE3T4thf9/aWb9GZmVQn32VTp9xVV2qtV9rqoSUhR
HQGgFeGhN6XHqI+C2GVVN2M5+LsyiBFTBHsR90HQWPT+2vUFs5OpVetiJnlCoAcB
RduDkc+Bar55Q6YKqoZ+6+yrvIFX8c/ocWdjV95qc0gc66Ty
-----END CERTIFICATE-----