Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/rR4hXf5xjqkFMsrOZWmEUJPUaDI.roa
File:                     rR4hXf5xjqkFMsrOZWmEUJPUaDI.roa (raw, json)
Hash identifier:          HxSE/W2FKBAUpBp5jBbN1k6iezKgsIfrUopPR6Q+JSQ=
Subject key identifier:   AD:1E:21:5D:FE:71:8E:A9:05:32:CA:CE:65:69:84:50:93:D4:68:32
Certificate issuer:       /CN=593897174f967490dbf6189d479df2c9371bf404
Certificate serial:       01915BA93AA8CEDE5F06D7AC97FDEF55611D
Authority key identifier: 59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/rR4hXf5xjqkFMsrOZWmEUJPUaDI.roa
Signing time:             Fri 16 Aug 2024 14:48:22 +0000
ROA not before:           Fri 16 Aug 2024 14:48:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201681
IP address blocks:        2a05:bc1:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:a9:3a:a8:ce:de:5f:06:d7:ac:97:fd:ef:55:61:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593897174f967490dbf6189d479df2c9371bf404
        Validity
            Not Before: Aug 16 14:48:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad1e215dfe718ea90532cace6569845093d46832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b2:a8:20:19:f2:ba:47:5a:dd:65:4b:96:4d:
                    dc:e3:ff:f2:56:10:22:14:ae:46:a7:c1:40:db:8d:
                    ec:eb:c7:b5:57:3c:20:cc:4d:35:ea:60:ac:9e:ec:
                    e2:18:99:5b:28:94:f9:2b:e8:af:66:7a:d5:1d:06:
                    d3:ce:ca:03:42:89:13:e3:65:7b:71:f8:49:27:2f:
                    81:13:5d:05:44:d5:13:40:93:3e:18:0b:de:3c:c5:
                    cc:c6:ee:6c:ab:f3:59:67:1f:2b:df:b7:dd:a1:b9:
                    2b:b5:3a:46:e1:c8:59:80:e1:f3:9b:1f:24:af:4d:
                    10:3d:7a:d6:86:4d:27:87:45:c8:ca:85:e8:8a:c5:
                    c6:06:6e:45:2a:f6:23:47:5f:ad:a3:c9:dc:b0:c0:
                    21:18:77:8b:9e:2c:f2:b9:6c:44:22:45:34:eb:43:
                    c2:6b:04:9f:2f:59:41:7d:32:e0:39:30:00:c1:ef:
                    6c:d1:f8:a4:7b:a7:0e:26:55:f8:fc:96:62:c1:75:
                    ed:22:dc:d4:76:52:7b:97:3a:59:b6:a5:c8:80:26:
                    4f:bd:09:8b:ce:bf:c4:75:4b:46:ea:94:8d:7e:58:
                    83:df:ad:28:15:cf:9f:21:c7:23:38:9c:07:16:a2:
                    fd:7c:4e:07:5f:8e:76:a1:55:55:12:aa:7a:fe:4e:
                    28:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:1E:21:5D:FE:71:8E:A9:05:32:CA:CE:65:69:84:50:93:D4:68:32
            X509v3 Authority Key Identifier:
                keyid:59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/rR4hXf5xjqkFMsrOZWmEUJPUaDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:bc1:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:db:fb:b6:6f:e7:98:23:03:88:db:09:8b:60:c1:73:02:a6:
         df:3b:81:b9:d3:5c:18:4f:d1:b5:16:66:b0:f4:3d:71:00:84:
         c2:5c:d8:6b:84:a3:48:54:6e:1d:ee:99:3d:c9:df:9e:fc:b2:
         74:8f:a4:16:36:04:c1:58:d6:bf:46:2a:66:3e:69:22:d3:be:
         06:a9:2b:b9:f7:a3:7c:c0:78:29:94:06:ae:db:29:1e:d2:15:
         12:49:f1:15:bd:83:87:95:ae:75:04:67:cf:8f:bf:3a:62:32:
         61:01:62:57:07:88:68:d8:71:d8:27:5e:76:b2:62:27:5d:c0:
         36:31:31:3c:f3:0d:7e:60:d9:c3:4c:ac:9d:a1:90:45:fe:a3:
         14:bc:5b:74:0a:f0:25:df:70:72:6c:5a:28:ca:e4:a4:20:3a:
         8d:84:12:b3:61:dd:05:44:09:eb:3b:c5:54:57:a4:a3:06:70:
         f6:1f:2f:c9:3c:c8:dc:88:87:a8:68:a7:65:c1:6c:44:41:ca:
         69:e3:8f:2c:79:2e:94:16:86:dc:dd:d2:37:1c:24:c2:a4:b6:
         d7:b8:08:00:ca:e9:7a:02:3e:f0:be:72:ce:85:cf:ab:41:34:
         2d:ee:02:7e:cf:65:16:1f:9f:63:93:9a:cb:0f:3f:b8:2a:be:
         00:5a:25:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFbqTqozt5fBtesl/3vVWEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Mzg5NzE3NGY5Njc0OTBkYmY2MTg5ZDQ3OWRmMmM5Mzcx
YmY0MDQwHhcNMjQwODE2MTQ0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDFlMjE1ZGZlNzE4ZWE5MDUzMmNhY2U2NTY5ODQ1MDkzZDQ2ODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLKoIBnyukda3WVLlk3c4//yVhAi
FK5Gp8FA243s68e1VzwgzE016mCsnuziGJlbKJT5K+ivZnrVHQbTzsoDQokT42V7
cfhJJy+BE10FRNUTQJM+GAvePMXMxu5sq/NZZx8r37fdobkrtTpG4chZgOHzmx8k
r00QPXrWhk0nh0XIyoXoisXGBm5FKvYjR1+to8ncsMAhGHeLnizyuWxEIkU060PC
awSfL1lBfTLgOTAAwe9s0fike6cOJlX4/JZiwXXtItzUdlJ7lzpZtqXIgCZPvQmL
zr/EdUtG6pSNfliD360oFc+fIccjOJwHFqL9fE4HX452oVVVEqp6/k4oQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK0eIV3+cY6pBTLKzmVphFCT1GgyMB8GA1UdIwQY
MBaAFFk4lxdPlnSQ2/YYnUed8sk3G/QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTIt
NWY4ZmM3MDc4MzZhLzEvclI0aFhmNXhqcWtGTXNyT1pXbUVVSlBVYURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTItNWY4ZmM3MDc4MzZh
LzEvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgULwYAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAi2/u2b+eYIwOI2wmLYMFzAqbfO4G501wYT9G1
Fmaw9D1xAITCXNhrhKNIVG4d7pk9yd+e/LJ0j6QWNgTBWNa/RipmPmki074GqSu5
96N8wHgplAau2yke0hUSSfEVvYOHla51BGfPj786YjJhAWJXB4ho2HHYJ152smIn
XcA2MTE88w1+YNnDTKydoZBF/qMUvFt0CvAl33BybFooyuSkIDqNhBKzYd0FRAnr
O8VUV6SjBnD2Hy/JPMjciIeoaKdlwWxEQcpp448seS6UFobc3dI3HCTCpLbXuAgA
yul6Aj7wvnLOhc+rQTQt7gJ+z2UWH59jk5rLDz+4Kr4AWiXZ
-----END CERTIFICATE-----