Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/rE3YGSYa3-bNZwq4ObURWaa3KnA.roa
File:                     rE3YGSYa3-bNZwq4ObURWaa3KnA.roa (raw, json)
Hash identifier:          F8J3J+O4LkFYMHHtAnSrkI4AkbqzBr4SRDcT8pExP58=
Subject key identifier:   AC:4D:D8:19:26:1A:DF:E6:CD:67:0A:B8:39:B5:11:59:A6:B7:2A:70
Certificate issuer:       /CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
Certificate serial:       019426D979A6FF1F72F3C8753FBE01C1710F
Authority key identifier: DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/rE3YGSYa3-bNZwq4ObURWaa3KnA.roa
Signing time:             Thu 02 Jan 2025 11:49:34 +0000
ROA not before:           Thu 02 Jan 2025 11:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216246
IP address blocks:        2a01:e5c0::/36 maxlen: 36
                          2a01:e5c0:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:79:a6:ff:1f:72:f3:c8:75:3f:be:01:c1:71:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
        Validity
            Not Before: Jan  2 11:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac4dd819261adfe6cd670ab839b51159a6b72a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:68:1f:ed:fc:ba:59:ce:58:15:cf:47:eb:74:
                    81:48:3d:e0:8c:7a:41:a9:bc:8e:90:07:d9:3b:3b:
                    c9:3d:6c:65:3d:de:dc:6f:72:25:13:36:64:c2:8f:
                    9e:db:ee:d8:41:3c:d5:f5:d2:c6:8d:37:97:35:4a:
                    2f:bf:ba:7b:a2:a1:04:49:3f:57:72:0b:ba:79:78:
                    f8:ef:89:21:82:3b:9b:3f:0e:30:f9:95:7f:d0:c9:
                    f9:2e:a8:c2:8a:6f:0f:c8:01:bb:82:ce:39:bb:4d:
                    9b:f4:c3:8c:d3:4e:db:1f:dc:a2:d2:c8:42:c2:fe:
                    eb:6e:a3:6d:e3:03:69:12:90:b8:c8:56:03:1e:f8:
                    f3:ec:8c:14:cd:a6:08:5b:61:a8:5a:1b:e6:20:e6:
                    13:18:e0:93:f3:7b:06:77:5f:66:50:6c:e5:5d:c7:
                    07:c0:de:9a:8c:72:1e:4d:11:62:e6:75:3d:ac:1e:
                    b0:4d:71:52:ca:ff:8a:76:3b:f4:4f:12:33:6e:97:
                    a3:57:49:20:f5:c5:c0:7d:18:7a:76:3c:20:39:00:
                    94:8a:71:d5:85:3f:a5:35:cf:eb:84:bc:52:6a:47:
                    18:36:55:c0:52:34:97:a2:b9:39:0f:87:39:55:48:
                    b9:0b:e0:82:b6:22:50:6a:e4:bb:ba:51:39:1c:75:
                    13:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:4D:D8:19:26:1A:DF:E6:CD:67:0A:B8:39:B5:11:59:A6:B7:2A:70
            X509v3 Authority Key Identifier:
                keyid:DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/rE3YGSYa3-bNZwq4ObURWaa3KnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e5c0::/35

    Signature Algorithm: sha256WithRSAEncryption
         ac:70:c1:b4:7b:c8:77:d6:91:fd:00:c4:4e:3c:9f:e4:8e:b1:
         a0:1e:47:ac:05:6f:a1:e4:2c:bc:28:b0:92:0c:0a:5b:89:79:
         d5:ff:e0:87:2d:a0:00:28:1a:38:68:1f:57:78:13:18:f9:8a:
         17:b7:f6:be:e7:ad:20:ec:2f:93:a7:d5:b1:ab:4e:0d:7a:50:
         63:fe:29:78:d9:9f:3d:18:9b:6f:e5:24:e6:8d:50:5f:42:97:
         a2:6c:5e:84:b7:fa:70:f1:c0:6b:ac:9e:43:64:e2:37:70:4a:
         47:90:28:51:f9:e6:b3:a0:86:13:b8:05:7f:67:62:a9:63:8d:
         ab:5a:46:a9:9c:ed:a9:04:af:4b:36:ff:3d:fc:07:b8:37:1c:
         03:f9:bc:28:0e:02:7c:1c:2e:88:0a:9c:5f:4d:81:4b:23:0b:
         73:a9:97:6a:75:bd:5c:a3:26:1b:6c:bf:3f:ce:dc:e9:46:cb:
         93:34:d1:18:fd:61:65:75:0c:ef:b1:84:2a:4e:4f:74:b3:10:
         80:9b:4f:ca:6b:1b:83:6d:93:91:17:95:50:74:ef:a6:d7:e4:
         95:bd:1d:62:17:01:21:ad:54:bd:1d:d1:8d:37:df:52:34:aa:
         b4:d5:c1:94:c6:95:1f:9c:46:8a:4f:24:58:b5:0d:6b:41:bd:
         4b:77:42:0c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQm2Xmm/x9y88h1P74BwXEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhN2Q1ZmNhMWU0Njk5MjlkNGE4YjZmNTdhZjNjYmNkYzYz
OWEzNWUwHhcNMjUwMTAyMTE0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzRkZDgxOTI2MWFkZmU2Y2Q2NzBhYjgzOWI1MTE1OWE2YjcyYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmgf7fy6Wc5YFc9H63SBSD3gjHpB
qbyOkAfZOzvJPWxlPd7cb3IlEzZkwo+e2+7YQTzV9dLGjTeXNUovv7p7oqEEST9X
cgu6eXj474khgjubPw4w+ZV/0Mn5LqjCim8PyAG7gs45u02b9MOM007bH9yi0shC
wv7rbqNt4wNpEpC4yFYDHvjz7IwUzaYIW2GoWhvmIOYTGOCT83sGd19mUGzlXccH
wN6ajHIeTRFi5nU9rB6wTXFSyv+Kdjv0TxIzbpejV0kg9cXAfRh6djwgOQCUinHV
hT+lNc/rhLxSakcYNlXAUjSXork5D4c5VUi5C+CCtiJQauS7ulE5HHUT9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKxN2BkmGt/mzWcKuDm1EVmmtypwMB8GA1UdIwQY
MBaAFNp9X8oeRpkp1Ki29Xrzy83GOaNeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGIt
NDFiNzMwMzI3Yzc4LzEvckUzWUdTWWEzLWJOWndxNE9iVVJXYWEzS25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGItNDFiNzMwMzI3Yzc4
LzEvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgHlwAAw
DQYJKoZIhvcNAQELBQADggEBAKxwwbR7yHfWkf0AxE48n+SOsaAeR6wFb6HkLLwo
sJIMCluJedX/4IctoAAoGjhoH1d4Exj5ihe39r7nrSDsL5On1bGrTg16UGP+KXjZ
nz0Ym2/lJOaNUF9Cl6JsXoS3+nDxwGusnkNk4jdwSkeQKFH55rOghhO4BX9nYqlj
jataRqmc7akEr0s2/z38B7g3HAP5vCgOAnwcLogKnF9NgUsjC3Opl2p1vVyjJhts
vz/O3OlGy5M00Rj9YWV1DO+xhCpOT3SzEICbT8prG4Ntk5EXlVB076bX5JW9HWIX
ASGtVL0d0Y0331I0qrTVwZTGlR+cRopPJFi1DWtBvUt3Qgw=
-----END CERTIFICATE-----