Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5hbAgqFbosUMQv0mZ0VP4Z7pjdA.roa
File:                     5hbAgqFbosUMQv0mZ0VP4Z7pjdA.roa (raw, json)
Hash identifier:          hylMI9KhS5IecBJKFv0dylK4sPVMbsnsqod3QS99KcY=
Subject key identifier:   E6:16:C0:82:A1:5B:A2:C5:0C:42:FD:26:67:45:4F:E1:9E:E9:8D:D0
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       0193546167F6E31A97962B2AD67A024A76B4
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5hbAgqFbosUMQv0mZ0VP4Z7pjdA.roa
Signing time:             Fri 22 Nov 2024 14:58:09 +0000
ROA not before:           Fri 22 Nov 2024 14:58:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15461
IP address blocks:        2001:978:3a00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:54:61:67:f6:e3:1a:97:96:2b:2a:d6:7a:02:4a:76:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Nov 22 14:58:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e616c082a15ba2c50c42fd2667454fe19ee98dd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:87:08:9d:2d:20:b6:1f:07:2b:d8:4f:35:44:
                    00:6c:96:37:6c:75:bd:d5:da:96:34:16:51:b0:0e:
                    e7:b5:3a:64:f6:99:37:ec:37:6e:99:d2:ab:da:9d:
                    f6:95:f2:c3:8b:41:93:d6:27:b3:dd:db:e0:5d:7f:
                    da:fe:c8:8f:ee:e0:66:95:06:82:75:b0:d9:70:10:
                    b9:9f:5b:fb:71:29:2a:31:b0:70:ae:bc:9d:bc:bc:
                    d9:df:8e:b9:dd:32:64:43:5f:e1:78:f6:96:66:dc:
                    a1:f9:04:4c:b8:ea:6e:95:b5:63:30:2e:4e:d1:aa:
                    fd:8e:10:10:5b:72:67:91:ca:d1:7a:0a:01:c7:bf:
                    db:32:c1:c2:5c:4c:c4:f2:25:60:cb:c6:13:d1:00:
                    2d:c9:ed:86:6f:94:8e:6a:a0:a8:f0:88:cd:50:08:
                    ea:96:1a:b5:17:19:fe:28:ad:a5:eb:c5:9d:58:4a:
                    bb:7b:c0:ba:06:e3:cb:7d:41:76:b1:10:df:91:21:
                    05:84:43:93:2a:55:fc:51:2f:ae:33:8c:fa:f3:af:
                    67:2b:d5:99:8a:00:7c:05:84:34:99:d4:a5:cf:2f:
                    d1:74:91:9e:e3:eb:3b:b5:c0:76:a5:fd:fe:d9:9c:
                    4d:b9:70:a9:19:72:4f:a7:50:27:4b:fd:36:62:10:
                    7b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:16:C0:82:A1:5B:A2:C5:0C:42:FD:26:67:45:4F:E1:9E:E9:8D:D0
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5hbAgqFbosUMQv0mZ0VP4Z7pjdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:978:3a00::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:16:4f:6f:82:90:43:a5:3f:f6:93:b0:22:ab:20:d0:b4:0f:
         08:9c:14:c6:ec:d8:83:90:b4:49:0f:70:f0:db:58:f1:19:7e:
         6e:8c:7b:8d:cd:12:f0:75:ef:97:81:97:b3:ca:8e:29:6a:25:
         15:db:d3:86:e8:07:4b:b9:7d:fb:42:18:09:6e:5f:26:a4:6f:
         eb:b6:ad:fa:25:53:0f:f5:8e:3c:9f:ca:eb:e8:70:e1:a6:cd:
         a4:8a:47:23:5f:a7:49:7c:75:24:c6:21:9d:32:c9:31:07:e8:
         d7:16:ba:21:19:34:e6:51:13:67:40:e5:8e:aa:76:9c:5e:31:
         6f:91:65:5c:d3:bf:d4:b5:8d:4e:fe:7a:69:3c:ec:eb:71:5b:
         0a:28:5c:7a:12:f9:35:a2:fe:40:f1:88:07:33:06:d1:76:05:
         bc:b2:dd:5f:f2:5e:a7:03:cf:dc:07:01:bb:dd:ec:8b:4a:17:
         51:87:97:cb:cd:28:80:08:b4:ee:dc:90:49:b4:89:b1:6b:a0:
         08:d8:e7:33:3a:0e:73:c5:94:65:b0:18:26:41:0f:fc:b5:b9:
         07:c9:49:a3:25:8e:10:e7:d5:a6:04:e7:75:02:1a:69:80:26:
         95:6e:43:f4:13:74:d3:3d:a2:3b:02:e6:66:92:bc:2d:74:54:
         ea:f9:c2:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNUYWf24xqXlisq1noCSna0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQxMTIyMTQ1ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE2YzA4MmExNWJhMmM1MGM0MmZkMjY2NzQ1NGZlMTllZTk4ZGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IcInS0gth8HK9hPNUQAbJY3bHW9
1dqWNBZRsA7ntTpk9pk37DdumdKr2p32lfLDi0GT1iez3dvgXX/a/siP7uBmlQaC
dbDZcBC5n1v7cSkqMbBwrrydvLzZ34653TJkQ1/hePaWZtyh+QRMuOpulbVjMC5O
0ar9jhAQW3JnkcrRegoBx7/bMsHCXEzE8iVgy8YT0QAtye2Gb5SOaqCo8IjNUAjq
lhq1Fxn+KK2l68WdWEq7e8C6BuPLfUF2sRDfkSEFhEOTKlX8US+uM4z6869nK9WZ
igB8BYQ0mdSlzy/RdJGe4+s7tcB2pf3+2ZxNuXCpGXJPp1AnS/02YhB7XwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOYWwIKhW6LFDEL9JmdFT+Ge6Y3QMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvNWhiQWdxRmJvc1VNUXYwbVowVlA0WjdwamRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEJeDoA
MA0GCSqGSIb3DQEBCwUAA4IBAQCTFk9vgpBDpT/2k7AiqyDQtA8InBTG7NiDkLRJ
D3Dw21jxGX5ujHuNzRLwde+XgZezyo4paiUV29OG6AdLuX37QhgJbl8mpG/rtq36
JVMP9Y48n8rr6HDhps2kikcjX6dJfHUkxiGdMskxB+jXFrohGTTmURNnQOWOqnac
XjFvkWVc07/UtY1O/nppPOzrcVsKKFx6Evk1ov5A8YgHMwbRdgW8st1f8l6nA8/c
BwG73eyLShdRh5fLzSiACLTu3JBJtImxa6AI2OczOg5zxZRlsBgmQQ/8tbkHyUmj
JY4Q59WmBOd1AhppgCaVbkP0E3TTPaI7AuZmkrwtdFTq+cKM
-----END CERTIFICATE-----