Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/qgWojbiRuqBFoOwI2cMj_kzSmWQ.roa
File:                     qgWojbiRuqBFoOwI2cMj_kzSmWQ.roa (raw, json)
Hash identifier:          8Ltt3vtuJsjMHe4X3U98OAGjOZHkb8mvBtqNIc/vOg0=
Subject key identifier:   AA:05:A8:8D:B8:91:BA:A0:45:A0:EC:08:D9:C3:23:FE:4C:D2:99:64
Certificate issuer:       /CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
Certificate serial:       0192BE1257E4AA636EF6CF61D8EF74FFE8FE
Authority key identifier: BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/qgWojbiRuqBFoOwI2cMj_kzSmWQ.roa
Signing time:             Thu 24 Oct 2024 10:28:46 +0000
ROA not before:           Thu 24 Oct 2024 10:28:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208505
IP address blocks:        2a0e:f43:10::/44 maxlen: 47
                          2a0e:f43:1f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:12:57:e4:aa:63:6e:f6:cf:61:d8:ef:74:ff:e8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea649ef6030fc80848fdfe21d4321ac8011fd10
        Validity
            Not Before: Oct 24 10:28:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa05a88db891baa045a0ec08d9c323fe4cd29964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0f:ae:9d:dd:a9:27:c9:a0:de:fd:da:0b:4d:
                    28:71:ae:8a:57:ae:c9:a5:39:17:5f:5b:05:ec:ec:
                    c6:6e:d5:52:a0:db:4c:4c:93:05:21:d2:23:8e:87:
                    7f:8c:6d:3f:af:da:ca:3d:79:02:3d:50:61:30:98:
                    52:09:bf:c5:78:9b:4a:78:81:ea:ad:1b:60:ae:7e:
                    0f:59:c3:ad:29:88:7d:fb:50:f5:ec:4b:58:af:02:
                    4d:dc:49:88:ef:b6:2b:88:26:df:85:34:5c:bf:ee:
                    16:05:24:75:ea:9a:70:f4:d8:a6:2c:4f:09:66:d5:
                    60:44:b5:25:54:24:ef:b1:89:09:9e:d1:b4:c8:50:
                    5c:2e:93:e7:9a:20:b1:77:c7:bd:3b:2a:48:56:52:
                    eb:07:d1:41:9a:52:77:38:3c:e7:8b:fe:50:7e:63:
                    b6:97:d1:6d:b9:c0:0f:76:00:15:f1:2f:e4:ef:91:
                    b0:bc:47:86:3c:19:6a:7e:32:38:4e:bd:7d:50:b2:
                    d1:36:8b:72:a8:a3:28:f6:3a:b5:e6:e8:c9:fd:89:
                    a9:17:13:6c:e3:9f:fc:7a:4c:b8:ba:1e:05:13:a9:
                    0f:0d:c4:09:dd:8c:03:3a:60:d1:29:11:50:c7:0a:
                    6b:78:76:42:c7:2c:1f:6c:f2:d2:cd:67:9f:6a:a0:
                    76:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:05:A8:8D:B8:91:BA:A0:45:A0:EC:08:D9:C3:23:FE:4C:D2:99:64
            X509v3 Authority Key Identifier:
                keyid:BE:A6:49:EF:60:30:FC:80:84:8F:DF:E2:1D:43:21:AC:80:11:FD:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/qgWojbiRuqBFoOwI2cMj_kzSmWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/19455b-d2cf-4e5f-bf58-21df55ba9ebf/1/vqZJ72Aw_ICEj9_iHUMhrIAR_RA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f43:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:f3:b0:56:6b:5b:5d:bf:46:2b:5f:9a:b0:ca:56:76:1e:65:
         93:f6:a5:4f:82:2f:d6:28:6a:2b:0a:0a:cc:b2:c1:97:d6:6b:
         48:63:72:14:32:95:d7:cb:60:d3:11:a8:bf:30:1d:c0:94:6b:
         1f:66:7e:91:b1:87:08:6d:37:aa:da:de:44:a0:9b:d8:1f:36:
         74:70:fd:9c:cd:11:1a:ac:c5:a7:fa:21:4e:e5:64:7c:4b:1b:
         2d:fa:e4:d3:d8:19:35:f2:24:4e:76:bd:fa:13:21:49:cf:1b:
         4e:d5:c9:84:ff:1e:9f:84:0a:01:52:dd:af:17:0d:b9:b9:e4:
         7c:1e:09:09:12:1e:d7:53:d9:1e:6e:08:e0:c9:3f:a0:fe:f2:
         5b:fe:02:97:a0:67:56:dd:36:70:ba:ec:19:07:69:ce:9f:5d:
         8b:af:a5:ae:5f:cb:5f:46:dd:b0:75:80:44:10:93:7e:b3:39:
         27:92:dc:65:3c:82:3c:fe:58:c5:01:e2:07:e4:60:75:f7:3e:
         50:0b:f2:09:dc:b3:81:3c:7e:50:d2:fd:a1:fd:03:f6:0c:f2:
         fd:09:13:ce:6e:f1:71:a6:b5:95:d8:c3:61:3b:f3:22:4a:e5:
         25:0a:13:67:57:36:3e:7b:5b:77:88:4c:4a:cb:e9:cb:48:db:
         57:4e:f6:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZK+ElfkqmNu9s9h2O90/+j+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTY0OWVmNjAzMGZjODA4NDhmZGZlMjFkNDMyMWFjODAx
MWZkMTAwHhcNMjQxMDI0MTAyODQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTA1YTg4ZGI4OTFiYWEwNDVhMGVjMDhkOWMzMjNmZTRjZDI5OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug+und2pJ8mg3v3aC00oca6KV67J
pTkXX1sF7OzGbtVSoNtMTJMFIdIjjod/jG0/r9rKPXkCPVBhMJhSCb/FeJtKeIHq
rRtgrn4PWcOtKYh9+1D17EtYrwJN3EmI77YriCbfhTRcv+4WBSR16ppw9NimLE8J
ZtVgRLUlVCTvsYkJntG0yFBcLpPnmiCxd8e9OypIVlLrB9FBmlJ3ODzni/5QfmO2
l9FtucAPdgAV8S/k75GwvEeGPBlqfjI4Tr19ULLRNotyqKMo9jq15ujJ/YmpFxNs
45/8eky4uh4FE6kPDcQJ3YwDOmDRKRFQxwpreHZCxywfbPLSzWefaqB2CwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKoFqI24kbqgRaDsCNnDI/5M0plkMB8GA1UdIwQY
MBaAFL6mSe9gMPyAhI/f4h1DIayAEf0QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgt
MjFkZjU1YmE5ZWJmLzEvcWdXb2piaVJ1cUJGb093STJjTWpfa3pTbVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xOTQ1NWItZDJjZi00ZTVmLWJmNTgtMjFkZjU1YmE5ZWJm
LzEvdnFaSjcyQXdfSUNFajlfaUhVTWhySUFSX1JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg4PQwAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBH87BWa1tdv0YrX5qwylZ2HmWT9qVPgi/WKGor
CgrMssGX1mtIY3IUMpXXy2DTEai/MB3AlGsfZn6RsYcIbTeq2t5EoJvYHzZ0cP2c
zREarMWn+iFO5WR8Sxst+uTT2Bk18iROdr36EyFJzxtO1cmE/x6fhAoBUt2vFw25
ueR8HgkJEh7XU9kebgjgyT+g/vJb/gKXoGdW3TZwuuwZB2nOn12Lr6WuX8tfRt2w
dYBEEJN+szknktxlPII8/ljFAeIH5GB19z5QC/IJ3LOBPH5Q0v2h/QP2DPL9CRPO
bvFxprWV2MNhO/MiSuUlChNnVzY+e1t3iExKy+nLSNtXTvYz
-----END CERTIFICATE-----