Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/E7Hr_kuUE4uMC7QMmyeuB1nJR9Q.roa
File:                     E7Hr_kuUE4uMC7QMmyeuB1nJR9Q.roa (raw, json)
Hash identifier:          JgiPK6P99+itNs2p1L3bKecXzmpKZymjih/0M7arJpw=
Subject key identifier:   13:B1:EB:FE:4B:94:13:8B:8C:0B:B4:0C:9B:27:AE:07:59:C9:47:D4
Certificate issuer:       /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial:       018E418BCEBEEFA2198C7E13EF0A0C387D67
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/E7Hr_kuUE4uMC7QMmyeuB1nJR9Q.roa
Signing time:             Fri 15 Mar 2024 09:57:45 +0000
ROA not before:           Fri 15 Mar 2024 09:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50684
IP address blocks:        2001:4de0:49::/48 maxlen: 48
                          2001:4de0:1006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:41:8b:ce:be:ef:a2:19:8c:7e:13:ef:0a:0c:38:7d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
        Validity
            Not Before: Mar 15 09:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13b1ebfe4b94138b8c0bb40c9b27ae0759c947d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f9:7a:2f:c1:46:f1:98:d5:d6:93:a8:c3:e5:
                    2d:7c:ef:27:5d:7b:d5:3b:51:af:3e:dd:7a:ed:d5:
                    c4:39:e8:2b:f6:81:fe:a5:96:96:75:d4:d6:bf:d2:
                    e9:cd:a2:8b:31:99:fc:4c:80:a3:4f:3f:f8:88:21:
                    21:ff:fc:b0:9f:74:83:c0:cf:b1:ac:d7:81:04:6c:
                    e7:9a:f7:8d:18:3f:3b:db:57:94:dc:05:84:fd:81:
                    f5:10:e0:66:de:99:21:b0:02:a0:f3:96:77:2f:54:
                    58:c0:67:25:99:4f:e0:7f:8a:cd:ed:ec:de:9a:35:
                    50:cb:96:c3:2c:86:07:7f:51:15:4e:9a:d9:3d:86:
                    18:73:da:c7:07:a9:52:39:58:24:16:33:99:22:ed:
                    c1:24:a4:3b:a8:fb:46:57:46:b3:b8:d1:52:11:6f:
                    f8:9f:fc:fe:d0:c6:40:96:35:8a:97:60:91:af:21:
                    b8:79:ca:b7:de:08:28:25:dc:8f:99:06:e5:10:ad:
                    2d:81:34:7b:19:db:f4:1d:88:f7:18:12:a5:f6:0b:
                    6d:af:65:c6:d1:9d:7c:2f:91:b5:0c:70:7d:1f:e5:
                    0b:94:6c:ef:9d:fb:c1:47:97:ad:9d:ba:81:54:83:
                    d2:45:9d:9d:80:28:20:8d:24:df:83:06:0a:0b:c0:
                    0d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B1:EB:FE:4B:94:13:8B:8C:0B:B4:0C:9B:27:AE:07:59:C9:47:D4
            X509v3 Authority Key Identifier:
                keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/E7Hr_kuUE4uMC7QMmyeuB1nJR9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4de0:49::/48
                  2001:4de0:1006::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:65:10:11:1f:6b:c2:a2:7e:df:f6:55:ad:98:ee:67:a8:d1:
         e5:4a:5b:8b:3d:57:c6:3f:fe:8a:24:fc:d4:54:49:e8:fc:04:
         77:8f:5e:b1:ba:48:a2:16:9c:fa:00:f5:c6:29:d4:ad:4f:5c:
         84:f5:0b:ea:08:ca:3c:d3:f0:1d:80:3e:4c:7b:17:07:0a:80:
         df:5c:be:31:59:c8:96:01:46:a5:e1:76:9c:27:70:b9:1e:fd:
         d6:e1:5c:2d:9f:50:48:d0:16:ba:cd:5a:29:39:f8:ca:63:a0:
         0a:41:c0:f7:55:a7:ac:44:ac:c4:7d:2f:48:82:b5:56:f4:9e:
         74:2a:01:b1:d5:ea:c7:0b:52:39:3d:aa:80:5f:98:d8:5e:0a:
         25:cb:1a:88:e9:47:61:2f:25:d7:ff:08:7c:ec:fe:d3:98:11:
         80:b3:79:9b:ed:96:a5:ef:d7:9f:23:5c:e0:58:a2:49:22:b1:
         53:5e:cf:fa:e3:e8:d9:5a:40:da:1b:6a:3e:64:ee:3d:03:32:
         98:40:94:78:9e:12:14:ed:23:ee:f8:4b:f9:77:48:e4:09:78:
         d0:3e:53:fc:52:51:a9:ca:94:91:93:4b:5b:81:e7:f4:bf:34:
         c8:af:08:29:9c:5c:48:34:8c:10:71:eb:47:c6:8b:e1:33:21:
         66:20:2f:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5Bi86+76IZjH4T7woMOH1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWJiYTI4MDVhOTg4OTU0ZTRmZWM0MjU3MDUzMGYxNmY5
ZTcwOTMwHhcNMjQwMzE1MDk1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2IxZWJmZTRiOTQxMzhiOGMwYmI0MGM5YjI3YWUwNzU5Yzk0N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/l6L8FG8ZjV1pOow+UtfO8nXXvV
O1GvPt167dXEOegr9oH+pZaWddTWv9LpzaKLMZn8TICjTz/4iCEh//ywn3SDwM+x
rNeBBGznmveNGD8721eU3AWE/YH1EOBm3pkhsAKg85Z3L1RYwGclmU/gf4rN7eze
mjVQy5bDLIYHf1EVTprZPYYYc9rHB6lSOVgkFjOZIu3BJKQ7qPtGV0azuNFSEW/4
n/z+0MZAljWKl2CRryG4ecq33ggoJdyPmQblEK0tgTR7Gdv0HYj3GBKl9gttr2XG
0Z18L5G1DHB9H+ULlGzvnfvBR5etnbqBVIPSRZ2dgCggjSTfgwYKC8ANVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBOx6/5LlBOLjAu0DJsnrgdZyUfUMB8GA1UdIwQY
MBaAFKebuigFqYiVTk/sQlcFMPFvnnCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMt
ZTFlZDlkZDJhMDJhLzEvRTdIcl9rdVVFNHVNQzdRTW15ZXVCMW5KUjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMtZTFlZDlkZDJhMDJh
LzEvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAFN4ABJ
AwcAIAFN4BAGMA0GCSqGSIb3DQEBCwUAA4IBAQDIZRARH2vCon7f9lWtmO5nqNHl
SluLPVfGP/6KJPzUVEno/AR3j16xukiiFpz6APXGKdStT1yE9QvqCMo80/AdgD5M
excHCoDfXL4xWciWAUal4XacJ3C5Hv3W4Vwtn1BI0Ba6zVopOfjKY6AKQcD3Vaes
RKzEfS9IgrVW9J50KgGx1erHC1I5PaqAX5jYXgolyxqI6UdhLyXX/wh87P7TmBGA
s3mb7Zal79efI1zgWKJJIrFTXs/64+jZWkDaG2o+ZO49AzKYQJR4nhIU7SPu+Ev5
d0jkCXjQPlP8UlGpypSRk0tbgef0vzTIrwgpnFxINIwQcetHxovhMyFmIC91
-----END CERTIFICATE-----