Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/t91qGA8O2nuUhJwWZNXwTgm-zJ8.roa
File:                     t91qGA8O2nuUhJwWZNXwTgm-zJ8.roa (raw, json)
Hash identifier:          tWQWj3q/osBUCGhuh0Kfxv2aMqtTlbafT0cwam/rUYw=
Subject key identifier:   B7:DD:6A:18:0F:0E:DA:7B:94:84:9C:16:64:D5:F0:4E:09:BE:CC:9F
Certificate issuer:       /CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
Certificate serial:       0193C133436B457E9B7ACAE51C828FEDCFB4
Authority key identifier: DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/t91qGA8O2nuUhJwWZNXwTgm-zJ8.roa
Signing time:             Fri 13 Dec 2024 18:06:22 +0000
ROA not before:           Fri 13 Dec 2024 18:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216246
IP address blocks:        2a01:e5c0::/36 maxlen: 36
                          2a01:e5c0:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:c1:33:43:6b:45:7e:9b:7a:ca:e5:1c:82:8f:ed:cf:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da7d5fca1e469929d4a8b6f57af3cbcdc639a35e
        Validity
            Not Before: Dec 13 18:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7dd6a180f0eda7b94849c1664d5f04e09becc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:00:74:b4:63:d6:4f:f4:fe:d7:df:46:69:a8:
                    3c:a4:fa:52:ca:64:77:26:78:89:3f:81:b9:6a:d8:
                    00:2c:2e:0f:42:3c:16:36:8c:0d:cb:18:2b:3a:fd:
                    9b:cc:3e:77:3c:d3:ae:ac:42:64:3f:07:80:3e:0c:
                    66:20:e6:2c:67:e5:80:2b:88:a7:a9:9a:4b:6a:fc:
                    da:ef:f8:33:59:d1:c4:47:f7:c1:d0:af:f1:66:1e:
                    9b:e7:61:bb:52:f9:af:99:77:43:48:98:e6:d4:37:
                    99:0c:ee:a7:65:d0:a8:77:9e:ae:4c:d3:ef:bd:c0:
                    b7:97:da:22:50:ae:42:eb:d4:12:30:73:38:4f:cd:
                    e6:41:70:a8:78:88:67:b9:32:80:3b:2e:6d:81:a3:
                    b6:5b:6b:4d:6f:e3:b0:40:a4:c6:6e:00:d2:47:91:
                    b2:a1:b9:4b:0d:41:c5:e9:30:a7:5a:83:32:e4:3e:
                    4b:32:34:5c:41:2e:56:ea:52:b2:5f:25:dd:8e:0b:
                    c7:3e:be:9c:fa:4a:a0:64:13:e7:6c:a1:d4:c8:90:
                    f5:d9:61:1d:be:e5:fa:6b:01:7c:5e:55:52:31:5f:
                    80:ed:ce:a2:bc:6c:24:00:ed:af:4b:c0:07:db:66:
                    fa:b4:11:78:dc:1c:d6:c8:c4:8a:b6:c9:50:18:ee:
                    02:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:DD:6A:18:0F:0E:DA:7B:94:84:9C:16:64:D5:F0:4E:09:BE:CC:9F
            X509v3 Authority Key Identifier:
                keyid:DA:7D:5F:CA:1E:46:99:29:D4:A8:B6:F5:7A:F3:CB:CD:C6:39:A3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2n1fyh5GmSnUqLb1evPLzcY5o14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/t91qGA8O2nuUhJwWZNXwTgm-zJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/060f32-a48b-4657-a58b-41b730327c78/1/2n1fyh5GmSnUqLb1evPLzcY5o14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e5c0::/35

    Signature Algorithm: sha256WithRSAEncryption
         0d:9f:b6:bd:0c:d4:57:7d:af:41:12:2c:3e:8d:1d:f9:bd:b0:
         22:30:67:cc:ef:95:4f:d3:64:be:c2:e5:ce:0c:fc:dd:0a:07:
         39:c3:36:b8:f0:cf:d9:87:54:a5:9c:d8:e9:83:a9:1e:e6:a1:
         31:a0:de:31:f8:fc:c1:1f:1f:03:54:a3:d1:91:b7:09:b4:12:
         c2:22:93:9b:83:25:8b:2b:1f:1c:8e:0c:4e:ef:ac:3d:95:a8:
         61:4a:ef:5c:9f:68:7c:94:bc:11:9d:58:eb:ea:fc:21:66:bb:
         65:df:97:4c:71:41:c4:e3:95:83:3f:7e:a0:bf:f7:c7:ba:a3:
         8d:85:83:d7:c0:2d:48:08:a8:f3:23:db:c5:12:cf:23:61:87:
         d5:14:d8:1d:a5:0d:df:ef:28:fe:ce:bd:00:32:87:f6:61:16:
         b4:9b:ad:81:15:70:c3:13:14:1c:e4:9f:e4:91:16:7d:52:c1:
         83:1b:c8:99:06:e1:73:72:70:f1:de:3f:69:41:cb:c3:93:c6:
         55:92:d9:be:d5:50:a9:6f:ad:95:ec:2d:ba:3a:f3:93:db:3d:
         ca:ab:cd:25:7c:83:e2:42:b1:3f:2f:c2:55:76:3b:f3:33:7f:
         b0:e7:7d:15:36:7a:17:d4:6c:6e:76:d3:3d:33:33:a9:15:69:
         3c:9f:59:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZPBM0NrRX6besrlHIKP7c+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhN2Q1ZmNhMWU0Njk5MjlkNGE4YjZmNTdhZjNjYmNkYzYz
OWEzNWUwHhcNMjQxMjEzMTgwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2RkNmExODBmMGVkYTdiOTQ4NDljMTY2NGQ1ZjA0ZTA5YmVjYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQB0tGPWT/T+199Gaag8pPpSymR3
JniJP4G5atgALC4PQjwWNowNyxgrOv2bzD53PNOurEJkPweAPgxmIOYsZ+WAK4in
qZpLavza7/gzWdHER/fB0K/xZh6b52G7UvmvmXdDSJjm1DeZDO6nZdCod56uTNPv
vcC3l9oiUK5C69QSMHM4T83mQXCoeIhnuTKAOy5tgaO2W2tNb+OwQKTGbgDSR5Gy
oblLDUHF6TCnWoMy5D5LMjRcQS5W6lKyXyXdjgvHPr6c+kqgZBPnbKHUyJD12WEd
vuX6awF8XlVSMV+A7c6ivGwkAO2vS8AH22b6tBF43BzWyMSKtslQGO4CXQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLfdahgPDtp7lIScFmTV8E4JvsyfMB8GA1UdIwQY
MBaAFNp9X8oeRpkp1Ki29Xrzy83GOaNeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGIt
NDFiNzMwMzI3Yzc4LzEvdDkxcUdBOE8ybnVVaEp3V1pOWHdUZ20teko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8wNjBmMzItYTQ4Yi00NjU3LWE1OGItNDFiNzMwMzI3Yzc4
LzEvMm4xZnloNUdtU25VcUxiMWV2UEx6Y1k1bzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgHlwAAw
DQYJKoZIhvcNAQELBQADggEBAA2ftr0M1Fd9r0ESLD6NHfm9sCIwZ8zvlU/TZL7C
5c4M/N0KBznDNrjwz9mHVKWc2OmDqR7moTGg3jH4/MEfHwNUo9GRtwm0EsIik5uD
JYsrHxyODE7vrD2VqGFK71yfaHyUvBGdWOvq/CFmu2Xfl0xxQcTjlYM/fqC/98e6
o42Fg9fALUgIqPMj28USzyNhh9UU2B2lDd/vKP7OvQAyh/ZhFrSbrYEVcMMTFBzk
n+SRFn1SwYMbyJkG4XNycPHeP2lBy8OTxlWS2b7VUKlvrZXsLbo685PbPcqrzSV8
g+JCsT8vwlV2O/Mzf7DnfRU2ehfUbG520z0zM6kVaTyfWZs=
-----END CERTIFICATE-----