Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/7rypsDOFrQTuuvdlqTtmkmarD0s.roa
File:                     7rypsDOFrQTuuvdlqTtmkmarD0s.roa (raw, json)
Hash identifier:          sYdeI9/wsaNBauutQJJhEoSiIFE5RFlsqWs6xeedpwc=
Subject key identifier:   EE:BC:A9:B0:33:85:AD:04:EE:BA:F7:65:A9:3B:66:92:66:AB:0F:4B
Certificate issuer:       /CN=46d713ada8dabcf77681c0ca42d9969e447c8ea7
Certificate serial:       01905AAF09C406031E84558EEBAC66088BA4
Authority key identifier: 46:D7:13:AD:A8:DA:BC:F7:76:81:C0:CA:42:D9:96:9E:44:7C:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/7rypsDOFrQTuuvdlqTtmkmarD0s.roa
Signing time:             Thu 27 Jun 2024 17:12:18 +0000
ROA not before:           Thu 27 Jun 2024 17:12:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205036
IP address blocks:        2a0f:5fc0:b00b::/48 maxlen: 48
                          2a0f:5fc0:beef::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:af:09:c4:06:03:1e:84:55:8e:eb:ac:66:08:8b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d713ada8dabcf77681c0ca42d9969e447c8ea7
        Validity
            Not Before: Jun 27 17:12:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eebca9b03385ad04eebaf765a93b669266ab0f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2c:93:4f:2e:c5:b9:ca:01:95:d8:6d:2f:ec:
                    50:b8:a2:8c:64:69:2b:a5:31:be:98:12:86:72:c6:
                    c4:26:2f:d2:f3:d8:b1:78:1a:dc:39:d6:a0:5f:4c:
                    e0:04:ba:f1:04:87:d4:fd:46:3e:a9:7c:d7:69:58:
                    80:39:4e:af:bb:f3:63:f9:77:b8:d2:ff:2b:ad:34:
                    35:a2:35:dd:a0:9a:f0:57:33:db:18:ab:4b:66:ce:
                    92:0b:57:62:2a:3b:c3:27:f1:d3:36:f7:60:01:49:
                    1b:63:3a:cc:7d:da:e5:e2:52:5c:8f:49:e2:5e:3d:
                    ef:ca:0b:34:c8:4a:23:83:c4:20:c9:69:bb:ee:8f:
                    db:96:82:6f:10:ba:3b:88:86:4b:8c:8c:26:2e:3f:
                    d0:16:66:9d:4d:67:b0:d3:b8:c8:af:65:cc:d4:e0:
                    32:6d:06:ea:f3:7f:e1:9b:a4:30:4f:6d:7a:d1:89:
                    24:56:a0:a4:50:26:bf:d8:42:32:02:9a:c4:f7:a6:
                    d2:15:be:c4:6b:d6:45:99:30:33:0f:d7:9a:de:8d:
                    81:c5:0a:72:5c:9a:bc:4c:d7:5a:f3:fe:a2:9d:28:
                    db:15:11:eb:84:30:8a:0e:bf:52:b8:43:64:59:d7:
                    2c:60:26:38:43:35:c4:72:38:ef:60:7b:f9:2e:32:
                    b4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:BC:A9:B0:33:85:AD:04:EE:BA:F7:65:A9:3B:66:92:66:AB:0F:4B
            X509v3 Authority Key Identifier:
                keyid:46:D7:13:AD:A8:DA:BC:F7:76:81:C0:CA:42:D9:96:9E:44:7C:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/7rypsDOFrQTuuvdlqTtmkmarD0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5fc0:b00b::/48
                  2a0f:5fc0:beef::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:d6:1d:23:3b:72:e1:1d:54:fa:c6:ac:ea:10:11:96:51:8a:
         19:67:8a:26:5f:c1:8d:7f:b9:da:6a:72:fe:1c:6a:ee:02:f1:
         e5:83:52:ed:83:b6:47:81:75:7f:59:f5:47:37:32:b0:f9:d4:
         98:c4:2e:7f:46:4a:2f:dd:98:2c:a6:43:ef:76:23:ba:3b:8f:
         3c:9a:a7:43:bc:a8:15:73:df:dd:69:47:ac:5f:7b:6c:3f:4a:
         0c:c3:27:f0:af:4b:f8:85:23:12:a2:63:37:f1:a5:68:60:72:
         66:ee:4f:ec:fb:bd:50:eb:1d:47:ba:10:ef:17:c8:af:4a:6d:
         59:3f:d4:d8:e4:1d:08:2f:f7:e4:9e:be:13:28:78:27:e8:ff:
         fc:10:b2:43:5b:66:97:ad:d3:30:e5:80:b9:fc:4b:2c:33:83:
         7a:c4:1f:cc:b5:28:4b:3f:f0:12:87:7d:b8:56:a8:6c:c7:e0:
         02:3c:7c:a5:c5:cf:2f:36:8a:9b:53:84:22:f8:56:44:86:de:
         d7:74:4b:dc:39:9a:86:7e:fb:e8:0e:d5:e8:51:a8:28:96:eb:
         3b:38:cd:8d:d1:ee:52:c2:92:6a:8f:10:7c:3a:7e:62:20:0d:
         25:4a:db:1f:4a:5b:96:42:55:95:f6:28:d3:a3:ce:8a:04:9f:
         c3:92:eb:6d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZBarwnEBgMehFWO66xmCIukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDcxM2FkYThkYWJjZjc3NjgxYzBjYTQyZDk5NjllNDQ3
YzhlYTcwHhcNMjQwNjI3MTcxMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWJjYTliMDMzODVhZDA0ZWViYWY3NjVhOTNiNjY5MjY2YWIwZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSyTTy7FucoBldhtL+xQuKKMZGkr
pTG+mBKGcsbEJi/S89ixeBrcOdagX0zgBLrxBIfU/UY+qXzXaViAOU6vu/Nj+Xe4
0v8rrTQ1ojXdoJrwVzPbGKtLZs6SC1diKjvDJ/HTNvdgAUkbYzrMfdrl4lJcj0ni
Xj3vygs0yEojg8QgyWm77o/bloJvELo7iIZLjIwmLj/QFmadTWew07jIr2XM1OAy
bQbq83/hm6QwT2160YkkVqCkUCa/2EIyAprE96bSFb7Ea9ZFmTAzD9ea3o2BxQpy
XJq8TNda8/6inSjbFRHrhDCKDr9SuENkWdcsYCY4QzXEcjjvYHv5LjK0TQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO68qbAzha0E7rr3Zak7ZpJmqw9LMB8GA1UdIwQY
MBaAFEbXE62o2rz3doHAykLZlp5EfI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRjVHJhamF2UGQyZ2NES1F0bVdua1I4anFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84OWYwZjYtYTVhYy00NjdiLWE0YWQt
YmUyMThjZWY0YTExLzEvN3J5cHNET0ZyUVR1dXZkbHFUdG1rbWFyRDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84OWYwZjYtYTVhYy00NjdiLWE0YWQtYmUyMThjZWY0YTEx
LzEvUnRjVHJhamF2UGQyZ2NES1F0bVdua1I4anFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg9fwLAL
AwcAKg9fwL7vMA0GCSqGSIb3DQEBCwUAA4IBAQC01h0jO3LhHVT6xqzqEBGWUYoZ
Z4omX8GNf7naanL+HGruAvHlg1Ltg7ZHgXV/WfVHNzKw+dSYxC5/Rkov3ZgspkPv
diO6O488mqdDvKgVc9/daUesX3tsP0oMwyfwr0v4hSMSomM38aVoYHJm7k/s+71Q
6x1HuhDvF8ivSm1ZP9TY5B0IL/fknr4TKHgn6P/8ELJDW2aXrdMw5YC5/EssM4N6
xB/MtShLP/ASh324Vqhsx+ACPHylxc8vNoqbU4Qi+FZEht7XdEvcOZqGfvvoDtXo
Uagolus7OM2N0e5SwpJqjxB8On5iIA0lStsfSluWQlWV9ijTo86KBJ/Dkutt
-----END CERTIFICATE-----