Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/HO5oukZjJ2AZKpiq4rvfz5N-Z88.roa
File:                     HO5oukZjJ2AZKpiq4rvfz5N-Z88.roa (raw, json)
Hash identifier:          kMVW748hM9GNc1p+TsyKO5KtvUVXc329YW80u87M6ek=
Subject key identifier:   1C:EE:68:BA:46:63:27:60:19:2A:98:AA:E2:BB:DF:CF:93:7E:67:CF
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       0190A1CB9E2C78803566B7417401F3BCC8FE
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/HO5oukZjJ2AZKpiq4rvfz5N-Z88.roa
Signing time:             Thu 11 Jul 2024 12:36:34 +0000
ROA not before:           Thu 11 Jul 2024 12:36:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215762
IP address blocks:        2a0f:ca81:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a1:cb:9e:2c:78:80:35:66:b7:41:74:01:f3:bc:c8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jul 11 12:36:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cee68ba46632760192a98aae2bbdfcf937e67cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f6:22:44:1f:49:a7:54:b8:50:c3:a8:10:a9:
                    6b:17:b2:af:e2:2e:f0:71:33:33:6f:b2:ad:c7:7d:
                    5b:d8:10:82:1d:04:70:1a:5a:7e:01:66:db:4d:cf:
                    10:d6:91:47:9a:1a:a3:dd:b8:a3:8e:99:05:e2:8c:
                    04:8a:74:83:22:f9:00:44:9d:e4:ea:63:0f:46:86:
                    33:cf:85:c6:51:c8:8c:73:d6:9a:26:46:a8:a7:f3:
                    d9:c4:ee:e8:ba:3e:8f:ae:c7:4c:ad:9b:a7:13:72:
                    44:5c:3d:4c:27:b3:51:b8:46:57:a5:a0:41:c6:8f:
                    bc:8b:87:9d:b3:f4:8b:f9:60:5a:42:2e:0a:2b:72:
                    14:99:db:72:fe:e1:0a:22:13:62:d8:99:d6:94:a7:
                    12:fb:51:5d:57:98:f1:95:75:43:03:d4:24:3c:82:
                    35:ed:43:32:36:56:30:da:8b:eb:02:05:36:80:74:
                    58:b9:af:a8:a5:45:76:57:39:e1:ea:98:1a:4b:c2:
                    10:52:1e:02:62:1b:1f:f6:14:2b:46:ff:36:42:f3:
                    84:00:41:7a:b4:68:45:ef:ef:40:c7:19:ce:5e:cb:
                    a5:85:4a:2a:ba:9e:f4:d8:3b:7a:28:b2:8d:7d:16:
                    ff:75:c2:61:c8:d5:df:99:b0:4f:5d:9d:7d:7c:c1:
                    40:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:EE:68:BA:46:63:27:60:19:2A:98:AA:E2:BB:DF:CF:93:7E:67:CF
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/HO5oukZjJ2AZKpiq4rvfz5N-Z88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca81:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:59:07:0b:eb:4b:e0:99:54:d9:d5:8f:38:50:17:be:47:9a:
         31:62:b2:6a:98:38:2f:a4:f0:ce:b8:d4:7c:80:29:bd:c7:bd:
         d7:e3:23:a2:df:ae:8b:34:ec:25:ed:aa:32:0d:62:3f:cd:b8:
         ab:64:b8:9d:1c:b6:10:ef:49:91:46:16:2d:82:90:02:64:7d:
         08:af:ba:38:20:d6:fa:bd:d4:99:34:20:0f:ec:5b:08:00:69:
         06:5e:7f:c4:1c:ea:e3:8b:df:a3:91:83:96:26:a7:ec:48:18:
         3d:83:7b:db:95:79:f5:f3:c4:af:01:32:ed:f6:f8:e9:58:65:
         89:ae:d6:88:ce:97:e2:91:99:21:20:3e:b9:dc:89:e4:78:74:
         df:5f:71:6e:15:c2:88:b4:a4:34:0b:92:e7:e1:0c:23:cb:f7:
         5e:3e:1f:a7:1d:84:1c:87:4a:5b:28:00:08:88:00:a8:b1:b7:
         2a:fe:11:0c:b2:15:1b:7e:89:79:58:03:b4:c6:98:e3:eb:6c:
         29:2b:fb:38:0b:ce:71:2e:96:ce:95:bc:4c:d8:d6:9a:b6:b9:
         3d:1e:94:67:49:1e:fd:42:0e:dc:b6:03:12:eb:63:c9:3a:b9:
         c2:1b:52:55:24:df:11:ba:d1:79:33:5b:bb:d7:b8:bf:b3:13:
         47:37:ed:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZChy54seIA1ZrdBdAHzvMj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwNzExMTIzNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2VlNjhiYTQ2NjMyNzYwMTkyYTk4YWFlMmJiZGZjZjkzN2U2N2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/YiRB9Jp1S4UMOoEKlrF7Kv4i7w
cTMzb7Ktx31b2BCCHQRwGlp+AWbbTc8Q1pFHmhqj3bijjpkF4owEinSDIvkARJ3k
6mMPRoYzz4XGUciMc9aaJkaop/PZxO7ouj6PrsdMrZunE3JEXD1MJ7NRuEZXpaBB
xo+8i4eds/SL+WBaQi4KK3IUmdty/uEKIhNi2JnWlKcS+1FdV5jxlXVDA9QkPII1
7UMyNlYw2ovrAgU2gHRYua+opUV2Vznh6pgaS8IQUh4CYhsf9hQrRv82QvOEAEF6
tGhF7+9AxxnOXsulhUoqup702Dt6KLKNfRb/dcJhyNXfmbBPXZ19fMFAvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBzuaLpGYydgGSqYquK738+TfmfPMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvSE81b3VrWmpKMkFaS3BpcTRydmZ6NU4tWjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/KgbAL
MA0GCSqGSIb3DQEBCwUAA4IBAQAOWQcL60vgmVTZ1Y84UBe+R5oxYrJqmDgvpPDO
uNR8gCm9x73X4yOi366LNOwl7aoyDWI/zbirZLidHLYQ70mRRhYtgpACZH0Ir7o4
INb6vdSZNCAP7FsIAGkGXn/EHOrji9+jkYOWJqfsSBg9g3vblXn188SvATLt9vjp
WGWJrtaIzpfikZkhID653InkeHTfX3FuFcKItKQ0C5Ln4Qwjy/dePh+nHYQch0pb
KAAIiACosbcq/hEMshUbfol5WAO0xpjj62wpK/s4C85xLpbOlbxM2Naatrk9HpRn
SR79Qg7ctgMS62PJOrnCG1JVJN8RutF5M1u717i/sxNHN+1+
-----END CERTIFICATE-----