Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/de592L6_5KVEFkK_3IXi1kAPEss.roa
File:                     de592L6_5KVEFkK_3IXi1kAPEss.roa (raw, json)
Hash identifier:          MLKgLzU1+GReEKMwyWUlFAYrwgWVd1wYX9vSVvaP8J4=
Subject key identifier:   75:EE:7D:D8:BE:BF:E4:A5:44:16:42:BF:DC:85:E2:D6:40:0F:12:CB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0192E85D9C4CBD987982A11D428B60ABE85F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/de592L6_5KVEFkK_3IXi1kAPEss.roa
Signing time:             Fri 01 Nov 2024 15:35:01 +0000
ROA not before:           Fri 01 Nov 2024 15:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        2a0f:4f80::/29 maxlen: 29
                          2a12:ecc7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e8:5d:9c:4c:bd:98:79:82:a1:1d:42:8b:60:ab:e8:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov  1 15:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75ee7dd8bebfe4a5441642bfdc85e2d6400f12cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:27:e1:0d:3d:e6:13:fc:01:3e:b1:93:c9:a7:
                    86:c8:d0:9b:17:93:fa:39:0d:c0:26:39:c5:ff:ee:
                    e2:36:09:35:f1:28:ca:bf:f6:e0:9e:98:06:eb:98:
                    8d:6f:2d:20:4e:d0:c0:01:94:51:da:72:d4:e0:30:
                    cc:f0:82:43:18:e9:23:17:e1:b1:e9:dc:de:ef:52:
                    0e:0e:80:24:d9:cd:78:fb:b7:2b:d4:ff:52:7a:77:
                    af:ce:3f:f1:90:59:c0:c1:f4:12:a7:3e:57:a6:75:
                    62:6d:ac:f3:1b:c5:3f:81:8c:10:37:e7:e2:a6:e2:
                    cd:86:50:6b:e1:cd:8d:93:55:9b:86:1a:e9:e9:56:
                    18:e1:02:92:78:4e:f9:f7:78:1f:c8:8c:88:49:9a:
                    10:90:6e:22:8e:17:d8:1d:ce:ae:58:54:da:f3:fe:
                    eb:e0:ce:10:80:13:b1:43:2f:d8:64:35:9a:6a:52:
                    eb:87:79:25:38:b3:4e:cc:e5:43:86:06:53:bf:53:
                    01:99:66:c9:aa:03:f3:4e:6c:2f:ba:e5:84:50:a2:
                    e4:b1:18:90:3c:b7:69:e2:cd:cf:1b:ba:a2:c6:2f:
                    74:7e:3f:52:ae:db:8b:4b:65:f8:65:0a:54:8d:48:
                    2d:1f:9f:e1:78:c5:f1:b6:1c:ff:12:bb:00:ea:98:
                    20:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EE:7D:D8:BE:BF:E4:A5:44:16:42:BF:DC:85:E2:D6:40:0F:12:CB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/de592L6_5KVEFkK_3IXi1kAPEss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:4f80::/29
                  2a12:ecc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:84:9e:6c:0c:fa:1a:9d:0d:a4:61:49:ec:7b:62:d7:c7:52:
         64:a8:03:3c:14:ff:57:f4:6f:06:c0:45:c3:ce:e0:f4:d2:56:
         33:e9:70:6c:25:9f:95:8f:7b:53:3b:8d:f8:eb:36:20:3b:cb:
         fc:6c:7b:75:ea:89:e7:c2:e5:6c:d0:23:85:31:83:59:bb:8c:
         3a:33:50:e0:c5:1a:1e:3b:31:c4:39:17:e7:64:13:b6:83:3e:
         de:ef:11:f8:c8:ae:34:5d:54:b9:9b:d9:94:c4:de:0d:d3:09:
         5f:17:5d:79:e9:5e:1e:6c:3e:e0:ed:d8:46:79:16:4d:a2:37:
         65:77:6d:bf:07:58:df:9b:49:cb:11:eb:16:92:c0:44:c8:60:
         be:a8:10:86:bc:9d:ab:bf:ec:2a:20:4d:7c:41:c7:be:3c:2d:
         50:aa:07:75:66:56:fb:2f:8c:9f:e2:5f:24:da:ba:cf:d4:9e:
         b5:2e:d8:48:1c:f4:1a:61:70:42:47:15:03:c6:a4:90:a6:8e:
         9f:20:64:1b:58:de:ed:cd:c5:86:ce:ba:04:34:cd:fb:b8:86:
         cb:59:ac:eb:2b:34:ab:85:5b:6f:a7:c6:8f:6a:f1:79:47:85:
         f3:f5:6e:a8:53:b8:ef:81:11:75:33:ee:f0:75:3c:8a:94:ef:
         ff:6b:ff:fc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZLoXZxMvZh5gqEdQotgq+hfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMTAxMTUzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWVlN2RkOGJlYmZlNGE1NDQxNjQyYmZkYzg1ZTJkNjQwMGYxMmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzifhDT3mE/wBPrGTyaeGyNCbF5P6
OQ3AJjnF/+7iNgk18SjKv/bgnpgG65iNby0gTtDAAZRR2nLU4DDM8IJDGOkjF+Gx
6dze71IODoAk2c14+7cr1P9Senevzj/xkFnAwfQSpz5XpnVibazzG8U/gYwQN+fi
puLNhlBr4c2Nk1Wbhhrp6VYY4QKSeE7593gfyIyISZoQkG4ijhfYHc6uWFTa8/7r
4M4QgBOxQy/YZDWaalLrh3klOLNOzOVDhgZTv1MBmWbJqgPzTmwvuuWEUKLksRiQ
PLdp4s3PG7qixi90fj9SrtuLS2X4ZQpUjUgtH5/heMXxthz/ErsA6pggFwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHXufdi+v+SlRBZCv9yF4tZADxLLMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZGU1OTJMNl81S1ZFRmtLXzNJWGkxa0FQRXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg9PgAMF
ACoS7McwDQYJKoZIhvcNAQELBQADggEBAHCEnmwM+hqdDaRhSex7YtfHUmSoAzwU
/1f0bwbARcPO4PTSVjPpcGwln5WPe1M7jfjrNiA7y/xse3XqiefC5WzQI4Uxg1m7
jDozUODFGh47McQ5F+dkE7aDPt7vEfjIrjRdVLmb2ZTE3g3TCV8XXXnpXh5sPuDt
2EZ5Fk2iN2V3bb8HWN+bScsR6xaSwETIYL6oEIa8nau/7CogTXxBx748LVCqB3Vm
VvsvjJ/iXyTaus/UnrUu2Egc9BphcEJHFQPGpJCmjp8gZBtY3u3NxYbOugQ0zfu4
hstZrOsrNKuFW2+nxo9q8XlHhfP1bqhTuO+BEXUz7vB1PIqU7/9r//w=
-----END CERTIFICATE-----