Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oVF6Pv44gcswMGi_KYG5C-B9cDg.roa
File:                     oVF6Pv44gcswMGi_KYG5C-B9cDg.roa (raw, json)
Hash identifier:          PC41VFoX9diQFS0jeirfg1NMRlEMi5XRXBoCP/iwbco=
Subject key identifier:   A1:51:7A:3E:FE:38:81:CB:30:30:68:BF:29:81:B9:0B:E0:7D:70:38
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0193017232851F0ACDB5D188C43FC6CEB624
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oVF6Pv44gcswMGi_KYG5C-B9cDg.roa
Signing time:             Wed 06 Nov 2024 12:28:01 +0000
ROA not before:           Wed 06 Nov 2024 12:28:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21738
IP address blocks:        2a10:5200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:72:32:85:1f:0a:cd:b5:d1:88:c4:3f:c6:ce:b6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov  6 12:28:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1517a3efe3881cb303068bf2981b90be07d7038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a8:44:55:09:d4:f0:c5:59:4d:8e:d5:45:e0:
                    0d:fb:db:dc:4f:83:7e:eb:d3:8f:f2:eb:66:8b:28:
                    c4:aa:a0:20:04:9c:a6:26:b4:56:54:4a:a2:5a:b4:
                    7b:f9:83:5a:19:02:b5:2f:06:3e:ab:20:78:46:58:
                    5f:e9:b5:e7:b9:73:d0:7f:80:75:e3:1b:f3:53:23:
                    03:8a:fc:a2:02:bf:f1:05:63:d1:59:c1:45:27:35:
                    5a:21:61:db:5c:ba:b1:22:8b:69:5f:28:a2:ea:e3:
                    86:cc:05:1b:13:40:53:45:2d:f4:6d:24:72:55:0f:
                    ba:63:8a:63:97:06:40:66:cb:5b:95:ed:09:dc:4c:
                    90:d5:14:18:a6:d8:91:c5:d8:b9:f7:a2:cd:d8:a5:
                    43:d0:1e:39:e9:5a:29:fa:cd:78:dc:5d:14:8d:10:
                    51:0d:5e:bd:16:95:6b:7b:90:0a:b2:fd:69:60:1a:
                    bc:0c:3d:37:5f:af:0c:a8:92:3d:2e:08:10:bc:3e:
                    24:8c:5e:da:9e:38:d1:7e:57:71:ec:84:9c:3c:1a:
                    f8:d0:4b:62:28:47:b5:04:ce:ed:b2:43:c8:1a:75:
                    0e:5f:c8:9d:d8:9e:8f:95:f6:c5:9f:4d:b9:f1:43:
                    8a:4e:3a:47:e0:79:20:a4:90:77:03:47:2c:c8:6d:
                    23:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:51:7A:3E:FE:38:81:CB:30:30:68:BF:29:81:B9:0B:E0:7D:70:38
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/oVF6Pv44gcswMGi_KYG5C-B9cDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:5200::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:f8:48:cf:eb:66:9a:28:bb:d3:a1:b0:e3:53:ba:87:48:1d:
         55:ef:c3:09:92:42:37:7a:ba:9f:1e:51:ce:26:cb:14:92:47:
         30:15:b8:68:3a:d0:6e:b9:67:ce:73:9d:29:7e:7a:bb:bd:ed:
         ca:3e:17:ec:87:bb:91:b5:a3:ab:90:40:73:f9:1f:19:a2:d4:
         f0:61:99:76:09:54:61:85:01:ee:13:0c:4c:e4:a5:e6:da:4b:
         27:5d:d3:45:1b:7b:9f:ce:04:89:95:0e:df:90:6c:d6:f2:54:
         44:29:69:b5:3a:49:55:65:fa:b4:d8:00:eb:3f:2c:06:9b:45:
         b0:98:27:c0:9d:18:33:2e:22:69:ad:4e:06:ac:2a:57:4f:8b:
         58:61:a3:25:e1:b4:d9:39:10:f2:b8:6d:0c:a2:54:16:d3:01:
         8b:ff:14:fb:69:94:6e:0f:47:6c:87:e9:e7:98:c6:07:6d:43:
         a8:56:79:2d:ce:df:55:f2:a1:ad:3e:bc:16:0b:43:12:3f:51:
         88:ae:2a:e2:30:0c:60:cf:1e:91:3f:5c:5b:ff:14:cb:5b:dc:
         80:90:22:05:82:63:03:3b:e2:c6:55:9d:be:d5:df:ab:af:91:
         07:22:38:c9:0b:f1:70:83:9a:c9:0f:49:33:bd:62:12:df:d4:
         0e:22:02:62
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMBcjKFHwrNtdGIxD/GzrYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMTA2MTIyODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTUxN2EzZWZlMzg4MWNiMzAzMDY4YmYyOTgxYjkwYmUwN2Q3MDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ahEVQnU8MVZTY7VReAN+9vcT4N+
69OP8utmiyjEqqAgBJymJrRWVEqiWrR7+YNaGQK1LwY+qyB4Rlhf6bXnuXPQf4B1
4xvzUyMDivyiAr/xBWPRWcFFJzVaIWHbXLqxIotpXyii6uOGzAUbE0BTRS30bSRy
VQ+6Y4pjlwZAZstble0J3EyQ1RQYptiRxdi596LN2KVD0B456Vop+s143F0UjRBR
DV69FpVre5AKsv1pYBq8DD03X68MqJI9LggQvD4kjF7anjjRfldx7IScPBr40Eti
KEe1BM7tskPIGnUOX8id2J6PlfbFn0258UOKTjpH4HkgpJB3A0csyG0jSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKFRej7+OIHLMDBovymBuQvgfXA4MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb1ZGNlB2NDRnY3N3TUdpX0tZRzVDLUI5Y0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBSADAN
BgkqhkiG9w0BAQsFAAOCAQEAK/hIz+tmmii706Gw41O6h0gdVe/DCZJCN3q6nx5R
zibLFJJHMBW4aDrQbrlnznOdKX56u73tyj4X7Ie7kbWjq5BAc/kfGaLU8GGZdglU
YYUB7hMMTOSl5tpLJ13TRRt7n84EiZUO35Bs1vJURClptTpJVWX6tNgA6z8sBptF
sJgnwJ0YMy4iaa1OBqwqV0+LWGGjJeG02TkQ8rhtDKJUFtMBi/8U+2mUbg9HbIfp
55jGB21DqFZ5Lc7fVfKhrT68FgtDEj9RiK4q4jAMYM8ekT9cW/8Uy1vcgJAiBYJj
AzvixlWdvtXfq6+RByI4yQvxcIOayQ9JM71iEt/UDiICYg==
-----END CERTIFICATE-----