Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3a6bdd-0d3c-4a0d-8db6-2dd25184b0d0/1/9muM9LBcf9YN2ygueJD32pSkzLA.roa
File:                     9muM9LBcf9YN2ygueJD32pSkzLA.roa (raw, json)
Hash identifier:          aJcDI+6VLInG3sjMeZTIPod2hcEBKwIWSjBToa5Ip4Q=
Subject key identifier:   F6:6B:8C:F4:B0:5C:7F:D6:0D:DB:28:2E:78:90:F7:DA:94:A4:CC:B0
Certificate issuer:       /CN=d4336d5e74f1f8b7db1329f00bb857241ae74d19
Certificate serial:       0192240B894FEE26657418688470483BA4FB
Authority key identifier: D4:33:6D:5E:74:F1:F8:B7:DB:13:29:F0:0B:B8:57:24:1A:E7:4D:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DNtXnTx-LfbEynwC7hXJBrnTRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3a6bdd-0d3c-4a0d-8db6-2dd25184b0d0/1/9muM9LBcf9YN2ygueJD32pSkzLA.roa
Signing time:             Tue 24 Sep 2024 12:39:48 +0000
ROA not before:           Tue 24 Sep 2024 12:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214319
IP address blocks:        2a01:e680::/29 maxlen: 120

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3a6bdd-0d3c-4a0d-8db6-2dd25184b0d0/1/1DNtXnTx-LfbEynwC7hXJBrnTRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3a6bdd-0d3c-4a0d-8db6-2dd25184b0d0/1/1DNtXnTx-LfbEynwC7hXJBrnTRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DNtXnTx-LfbEynwC7hXJBrnTRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:0b:89:4f:ee:26:65:74:18:68:84:70:48:3b:a4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4336d5e74f1f8b7db1329f00bb857241ae74d19
        Validity
            Not Before: Sep 24 12:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f66b8cf4b05c7fd60ddb282e7890f7da94a4ccb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:9f:4c:5e:e3:b7:10:59:76:fc:5a:85:f5:3b:
                    fc:d5:e1:97:33:cd:52:cd:76:a5:0d:22:86:f9:56:
                    bb:45:98:03:48:9c:5f:f3:8f:80:11:5e:a6:8c:6b:
                    0d:24:02:20:ae:ee:62:a7:56:94:61:a6:14:b5:b0:
                    26:36:94:0f:48:9e:07:75:4d:e3:ff:b1:b4:f9:ad:
                    37:7d:59:be:e7:b8:8d:29:e1:23:65:4c:e4:5e:d2:
                    59:13:48:70:90:df:a3:fe:ed:7b:cc:c3:64:19:75:
                    b6:82:25:dd:4a:ae:14:6a:0d:99:91:88:63:ce:e7:
                    64:76:04:d8:d7:0d:52:40:aa:5e:0d:dd:06:45:39:
                    f9:23:16:3c:99:ee:5b:03:c4:a9:e5:26:95:d8:31:
                    db:d3:f6:40:37:54:80:27:08:9d:72:48:29:62:ea:
                    a0:02:2a:85:c8:8b:a3:0e:7b:ac:6b:e2:e5:c7:4c:
                    b4:95:3a:da:47:e3:b3:9d:2e:74:26:be:a6:f2:f8:
                    81:2f:48:95:dd:0a:d3:7c:72:e0:bb:43:f3:0d:fc:
                    08:11:83:a4:e1:3d:f4:13:45:e3:c2:74:aa:62:5b:
                    24:7b:ed:d0:4c:9d:55:00:4d:79:be:8e:7b:e2:b8:
                    11:44:d0:af:8a:57:e2:82:25:44:53:5f:50:3c:f5:
                    0c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:6B:8C:F4:B0:5C:7F:D6:0D:DB:28:2E:78:90:F7:DA:94:A4:CC:B0
            X509v3 Authority Key Identifier:
                keyid:D4:33:6D:5E:74:F1:F8:B7:DB:13:29:F0:0B:B8:57:24:1A:E7:4D:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DNtXnTx-LfbEynwC7hXJBrnTRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3a6bdd-0d3c-4a0d-8db6-2dd25184b0d0/1/9muM9LBcf9YN2ygueJD32pSkzLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3a6bdd-0d3c-4a0d-8db6-2dd25184b0d0/1/1DNtXnTx-LfbEynwC7hXJBrnTRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e680::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:f6:0f:e8:e0:5e:2b:d7:d2:c8:cc:ab:9d:ab:9a:69:ce:2c:
         fe:3e:33:49:65:19:2f:99:b1:c8:1f:ed:d6:f2:90:6b:98:36:
         4b:7d:b0:f2:ff:22:6c:71:b7:15:21:26:9c:eb:03:c0:80:f0:
         b1:e9:ba:d1:64:10:84:d2:1a:dc:de:d0:ec:30:12:25:bc:05:
         90:1e:32:32:31:b1:bb:de:e8:00:32:22:a3:24:7b:27:1e:71:
         67:8e:4e:0c:04:76:c2:8d:fe:23:c2:d0:67:74:9d:3b:47:10:
         d5:32:fd:4a:54:98:9b:73:42:66:2e:85:30:12:84:ef:48:19:
         a9:fc:e3:18:e2:80:c1:57:7e:b6:cd:e2:39:17:2c:6d:d0:30:
         ae:1d:e1:a9:e0:38:3a:cc:35:2e:a1:ba:9e:82:17:c2:27:94:
         9e:5a:a9:67:33:a3:61:7c:00:0e:06:e2:e0:7b:01:64:3a:fe:
         ac:34:39:55:8c:05:96:b0:3a:6e:ec:ec:15:06:f2:54:7b:96:
         a8:98:d5:4f:4a:e0:69:b6:86:1b:30:a8:b3:f7:cb:d5:0b:13:
         20:95:a6:ca:1b:ed:39:c6:19:4d:fd:0f:73:f7:0c:a4:bf:b5:
         21:35:59:2e:f5:d3:91:db:15:e2:87:80:9d:37:eb:20:59:65:
         f7:ce:09:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZIkC4lP7iZldBhohHBIO6T7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzM2ZDVlNzRmMWY4YjdkYjEzMjlmMDBiYjg1NzI0MWFl
NzRkMTkwHhcNMjQwOTI0MTIzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjZiOGNmNGIwNWM3ZmQ2MGRkYjI4MmU3ODkwZjdkYTk0YTRjY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Z9MXuO3EFl2/FqF9Tv81eGXM81S
zXalDSKG+Va7RZgDSJxf84+AEV6mjGsNJAIgru5ip1aUYaYUtbAmNpQPSJ4HdU3j
/7G0+a03fVm+57iNKeEjZUzkXtJZE0hwkN+j/u17zMNkGXW2giXdSq4Uag2ZkYhj
zudkdgTY1w1SQKpeDd0GRTn5IxY8me5bA8Sp5SaV2DHb0/ZAN1SAJwidckgpYuqg
AiqFyIujDnusa+Llx0y0lTraR+OznS50Jr6m8viBL0iV3QrTfHLgu0PzDfwIEYOk
4T30E0XjwnSqYlske+3QTJ1VAE15vo574rgRRNCvilfigiVEU19QPPUMewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPZrjPSwXH/WDdsoLniQ99qUpMywMB8GA1UdIwQY
MBaAFNQzbV508fi32xMp8Au4VyQa500ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUROdFhuVHgtTGZiRXlud0M3aFhKQnJuVFJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYTZiZGQtMGQzYy00YTBkLThkYjYt
MmRkMjUxODRiMGQwLzEvOW11TTlMQmNmOVlOMnlndWVKRDMycFNrekxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYTZiZGQtMGQzYy00YTBkLThkYjYtMmRkMjUxODRiMGQw
LzEvMUROdFhuVHgtTGZiRXlud0M3aFhKQnJuVFJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHmgDAN
BgkqhkiG9w0BAQsFAAOCAQEAifYP6OBeK9fSyMyrnauaac4s/j4zSWUZL5mxyB/t
1vKQa5g2S32w8v8ibHG3FSEmnOsDwIDwsem60WQQhNIa3N7Q7DASJbwFkB4yMjGx
u97oADIioyR7Jx5xZ45ODAR2wo3+I8LQZ3SdO0cQ1TL9SlSYm3NCZi6FMBKE70gZ
qfzjGOKAwVd+ts3iORcsbdAwrh3hqeA4Osw1LqG6noIXwieUnlqpZzOjYXwADgbi
4HsBZDr+rDQ5VYwFlrA6buzsFQbyVHuWqJjVT0rgabaGGzCos/fL1QsTIJWmyhvt
OcYZTf0Pc/cMpL+1ITVZLvXTkdsV4oeAnTfrIFll984Jhw==
-----END CERTIFICATE-----