Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/OeeHwnY0CqGN6OHjTkExFQq4F0A.roa
File:                     OeeHwnY0CqGN6OHjTkExFQq4F0A.roa (raw, json)
Hash identifier:          0e0504zAPJ+jKkaedWGS33MBkq6Ap1W+4ew2L2knQfs=
Subject key identifier:   39:E7:87:C2:76:34:0A:A1:8D:E8:E1:E3:4E:41:31:15:0A:B8:17:40
Certificate issuer:       /CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
Certificate serial:       0193080405F8F18933FB5E4D44C03861449D
Authority key identifier: 11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/OeeHwnY0CqGN6OHjTkExFQq4F0A.roa
Signing time:             Thu 07 Nov 2024 19:05:01 +0000
ROA not before:           Thu 07 Nov 2024 19:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a03:5640::/36 maxlen: 48
                          2a03:5640:f000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:08:04:05:f8:f1:89:33:fb:5e:4d:44:c0:38:61:44:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
        Validity
            Not Before: Nov  7 19:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39e787c276340aa18de8e1e34e4131150ab81740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ee:a5:33:48:1a:5c:72:92:80:20:ee:af:43:
                    9c:f9:29:85:3b:04:3f:38:db:ed:39:e8:71:95:17:
                    7b:2a:2b:4b:a7:0b:74:eb:3e:c6:37:10:0a:dc:36:
                    b2:48:76:bd:ad:84:16:f6:c6:3f:3d:2d:0c:ee:fb:
                    05:ef:69:89:e1:bf:5f:4f:ee:a9:90:37:d2:d9:5d:
                    18:c1:fb:d4:f1:35:1e:90:7c:a9:0f:c1:c6:ca:a1:
                    f4:e0:7a:c3:46:fd:78:72:53:94:a2:b2:77:0f:c3:
                    a7:67:bc:d1:a7:25:1b:39:08:1c:3f:ca:a8:fb:d4:
                    b2:45:2d:1a:92:ec:14:7b:41:da:b9:a1:e7:a6:66:
                    54:ca:a0:ba:84:51:39:4d:00:ae:b0:7a:f9:c6:36:
                    ff:0b:f0:5c:c8:a6:20:7c:8a:be:44:8f:e5:50:9d:
                    a5:8c:2d:1d:8b:25:cd:cb:4b:55:2a:f8:b6:8f:37:
                    ba:1b:f3:c6:38:7b:c3:ef:77:93:2e:8d:16:26:1c:
                    d6:69:e8:fa:ec:45:08:10:b2:64:97:98:3d:3b:b3:
                    82:e3:a1:9c:bf:a4:d6:99:67:90:cd:b7:3c:83:5b:
                    12:26:15:48:81:79:4e:fc:ab:03:c1:da:91:ca:0f:
                    48:6a:3e:70:15:7f:13:c8:79:98:0a:e7:60:b9:a1:
                    59:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E7:87:C2:76:34:0A:A1:8D:E8:E1:E3:4E:41:31:15:0A:B8:17:40
            X509v3 Authority Key Identifier:
                keyid:11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/OeeHwnY0CqGN6OHjTkExFQq4F0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5640::/36
                  2a03:5640:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         72:a6:a7:09:fe:3a:95:67:f4:84:68:7d:91:97:d1:0a:eb:0e:
         38:ab:c7:b1:88:83:6b:af:55:4d:76:50:e3:5d:bd:58:b5:57:
         4b:44:af:74:66:04:3b:02:96:e8:be:af:59:40:92:62:8d:6b:
         3c:f9:66:b8:42:43:0c:7b:44:ed:5f:e0:8a:39:27:a5:91:1f:
         21:c5:e4:37:92:fe:d9:3a:ca:97:19:c1:2a:36:ef:5f:c1:3e:
         73:90:74:dc:29:60:ff:11:4c:a3:27:5a:ed:1c:10:ec:d7:db:
         b2:c4:cc:f5:6e:5d:09:9b:4b:1a:76:37:c3:dd:d3:5a:02:33:
         b1:07:34:71:e8:79:26:14:a7:fb:6b:9a:96:6d:3e:2a:7b:ef:
         d3:fe:f9:77:54:cf:68:7f:97:c5:2d:34:6a:01:e9:15:6b:db:
         8f:94:ef:bd:a1:b1:2c:6d:a2:ff:c0:e3:bc:1e:50:55:2d:c2:
         ac:14:a0:a7:58:f9:32:b5:8f:54:9b:30:52:35:09:1f:89:cb:
         0d:ee:bc:6e:47:50:75:9c:6d:97:70:38:ad:f2:06:16:6c:e0:
         74:f6:df:2c:05:a0:27:82:c8:d2:b3:27:c1:16:dd:4e:70:50:
         a1:d3:40:f7:2e:e4:87:fb:47:f4:42:0f:24:09:54:91:bc:06:
         ca:41:de:8b
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZMIBAX48Ykz+15NRMA4YUSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExOGJhNGVmOTAxYWFjMTA4NzZjY2Y5NzZhNWY3ZDE2YzRj
YTc5ZjAwHhcNMjQxMTA3MTkwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWU3ODdjMjc2MzQwYWExOGRlOGUxZTM0ZTQxMzExNTBhYjgxNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9e6lM0gaXHKSgCDur0Oc+SmFOwQ/
ONvtOehxlRd7KitLpwt06z7GNxAK3DaySHa9rYQW9sY/PS0M7vsF72mJ4b9fT+6p
kDfS2V0YwfvU8TUekHypD8HGyqH04HrDRv14clOUorJ3D8OnZ7zRpyUbOQgcP8qo
+9SyRS0akuwUe0HauaHnpmZUyqC6hFE5TQCusHr5xjb/C/BcyKYgfIq+RI/lUJ2l
jC0diyXNy0tVKvi2jze6G/PGOHvD73eTLo0WJhzWaej67EUIELJkl5g9O7OC46Gc
v6TWmWeQzbc8g1sSJhVIgXlO/KsDwdqRyg9Iaj5wFX8TyHmYCudguaFZ9QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFDnnh8J2NAqhjejh405BMRUKuBdAMB8GA1UdIwQY
MBaAFBGLpO+QGqwQh2zPl2pffRbEynnwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDIt
ZjJiNGVmYmE1OWJjLzEvT2VlSHduWTBDcUdONk9IalRrRXhGUXE0RjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDItZjJiNGVmYmE1OWJj
LzEvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgNWQAAD
BgQqA1ZA8DANBgkqhkiG9w0BAQsFAAOCAQEAcqanCf46lWf0hGh9kZfRCusOOKvH
sYiDa69VTXZQ4129WLVXS0SvdGYEOwKW6L6vWUCSYo1rPPlmuEJDDHtE7V/gijkn
pZEfIcXkN5L+2TrKlxnBKjbvX8E+c5B03Clg/xFMoyda7RwQ7NfbssTM9W5dCZtL
GnY3w93TWgIzsQc0ceh5JhSn+2ualm0+Knvv0/75d1TPaH+XxS00agHpFWvbj5Tv
vaGxLG2i/8DjvB5QVS3CrBSgp1j5MrWPVJswUjUJH4nLDe68bkdQdZxtl3A4rfIG
FmzgdPbfLAWgJ4LI0rMnwRbdTnBQodNA9y7kh/tH9EIPJAlUkbwGykHeiw==
-----END CERTIFICATE-----