Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/NCMHt49-X911SswbKdxxu-8iwgM.roa
File:                     NCMHt49-X911SswbKdxxu-8iwgM.roa (raw, json)
Hash identifier:          T4Ldjjx+H+OOKh+TtNt7Ny1i5kKRD+TD4UDE8r2aNXE=
Subject key identifier:   34:23:07:B7:8F:7E:5F:DD:75:4A:CC:1B:29:DC:71:BB:EF:22:C2:03
Certificate issuer:       /CN=a16512b8a262bad599a3b023358c5ceccac9e085
Certificate serial:       01931D76933F4A169E87A42F034C02B80C7D
Authority key identifier: A1:65:12:B8:A2:62:BA:D5:99:A3:B0:23:35:8C:5C:EC:CA:C9:E0:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWUSuKJiutWZo7AjNYxc7MrJ4IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/NCMHt49-X911SswbKdxxu-8iwgM.roa
Signing time:             Mon 11 Nov 2024 23:02:10 +0000
ROA not before:           Mon 11 Nov 2024 23:02:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214145
IP address blocks:        2a01:e140::/44 maxlen: 48
                          2a01:e140::/48 maxlen: 48
                          2a01:e140:10::/44 maxlen: 48
                          2a01:e140:10::/48 maxlen: 48
                          2a01:e140:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/oWUSuKJiutWZo7AjNYxc7MrJ4IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/oWUSuKJiutWZo7AjNYxc7MrJ4IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWUSuKJiutWZo7AjNYxc7MrJ4IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1d:76:93:3f:4a:16:9e:87:a4:2f:03:4c:02:b8:0c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a16512b8a262bad599a3b023358c5ceccac9e085
        Validity
            Not Before: Nov 11 23:02:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=342307b78f7e5fdd754acc1b29dc71bbef22c203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:dc:e7:b7:ba:f0:63:b9:37:aa:5e:0d:c4:57:
                    12:2d:b6:85:27:2e:22:4c:cd:93:16:75:29:9e:2d:
                    dc:32:76:b6:6e:7b:65:18:fe:54:9c:3d:ff:3a:27:
                    ba:ca:b8:23:d2:f9:1f:2c:a9:7c:0d:28:4c:41:06:
                    10:d4:fa:67:1f:3e:06:98:b7:02:a9:04:2c:39:2a:
                    1f:7d:9b:be:da:1f:0d:c0:26:c5:03:60:55:c2:9c:
                    3c:b9:31:41:74:cd:e8:2d:4d:df:f7:78:34:19:a0:
                    d4:86:bf:a4:a3:40:aa:38:f6:b5:b3:40:35:36:f2:
                    a4:d3:e9:49:6d:54:92:8a:3f:6c:6b:a8:e2:48:ae:
                    74:70:fc:bf:a1:d7:c8:38:c5:56:73:fb:a9:a3:60:
                    19:eb:57:0f:6e:31:33:05:af:6d:52:ae:6d:77:e7:
                    3b:da:2b:a8:2a:30:9e:53:de:d9:58:64:55:25:e6:
                    e5:a5:fa:92:c4:84:86:51:5b:46:6b:fe:4f:e1:7c:
                    cd:b5:19:90:58:40:cb:4c:fb:3f:13:96:43:50:85:
                    c8:b7:02:da:65:dd:a7:69:3e:ec:13:76:0d:df:ab:
                    4a:2d:86:1e:af:79:2c:2e:c5:a7:a0:a1:d6:4d:fe:
                    38:d0:3c:5f:6d:0f:0d:b1:3f:0f:fa:05:9a:dd:2f:
                    55:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:23:07:B7:8F:7E:5F:DD:75:4A:CC:1B:29:DC:71:BB:EF:22:C2:03
            X509v3 Authority Key Identifier:
                keyid:A1:65:12:B8:A2:62:BA:D5:99:A3:B0:23:35:8C:5C:EC:CA:C9:E0:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWUSuKJiutWZo7AjNYxc7MrJ4IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/NCMHt49-X911SswbKdxxu-8iwgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8aa085-cadc-446e-bbe8-c9ec3a98f9a3/1/oWUSuKJiutWZo7AjNYxc7MrJ4IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e140::/43

    Signature Algorithm: sha256WithRSAEncryption
         29:97:89:d9:f8:2f:cc:4d:04:b9:5a:37:7e:88:61:e6:39:98:
         9a:39:24:6d:f8:5b:f4:35:67:31:c4:89:db:e0:d0:bb:74:09:
         de:68:5c:c5:23:c5:69:f9:dd:13:6d:ed:12:3b:c9:bf:bb:36:
         26:e8:4d:21:c5:78:c3:ae:ef:da:27:88:5f:a9:e9:1c:b3:da:
         a2:46:95:a0:e1:fa:d2:b8:72:6f:b0:1c:c1:ba:7d:cb:a1:ce:
         5a:22:12:89:5e:23:9e:81:4a:4d:59:10:7a:e9:5f:e8:12:d6:
         fe:1e:d2:b6:ee:b8:24:a4:c6:5b:a3:98:71:e1:08:de:ff:98:
         6c:e4:09:c5:e7:99:05:8c:e8:18:01:c4:bb:a0:91:a7:6e:d2:
         8a:7e:bf:51:0a:ef:b9:ce:63:4b:2d:0c:61:15:19:af:2f:dc:
         bb:b0:0f:2e:65:b5:cb:ff:42:a0:13:4d:f8:83:d8:35:66:1f:
         77:2d:17:bf:66:e6:39:d6:a4:22:04:59:86:9a:24:83:35:12:
         c0:c3:fa:ed:58:ba:cd:49:4c:88:be:7d:d5:97:7e:77:92:20:
         06:66:1e:03:97:09:a4:64:db:2f:e1:3a:7f:bc:45:2a:b3:3d:
         80:16:b0:0f:92:12:73:2d:a3:b3:1c:1c:91:12:9b:48:bb:80:
         d1:2f:ad:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMddpM/Shaeh6QvA0wCuAx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjUxMmI4YTI2MmJhZDU5OWEzYjAyMzM1OGM1Y2VjY2Fj
OWUwODUwHhcNMjQxMTExMjMwMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIzMDdiNzhmN2U1ZmRkNzU0YWNjMWIyOWRjNzFiYmVmMjJjMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitznt7rwY7k3ql4NxFcSLbaFJy4i
TM2TFnUpni3cMna2bntlGP5UnD3/Oie6yrgj0vkfLKl8DShMQQYQ1PpnHz4GmLcC
qQQsOSoffZu+2h8NwCbFA2BVwpw8uTFBdM3oLU3f93g0GaDUhr+ko0CqOPa1s0A1
NvKk0+lJbVSSij9sa6jiSK50cPy/odfIOMVWc/upo2AZ61cPbjEzBa9tUq5td+c7
2iuoKjCeU97ZWGRVJeblpfqSxISGUVtGa/5P4XzNtRmQWEDLTPs/E5ZDUIXItwLa
Zd2naT7sE3YN36tKLYYer3ksLsWnoKHWTf440DxfbQ8NsT8P+gWa3S9VTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDQjB7ePfl/ddUrMGynccbvvIsIDMB8GA1UdIwQY
MBaAFKFlEriiYrrVmaOwIzWMXOzKyeCFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dVU3VLSml1dFdabzdBak5ZeGM3TXJKNElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84YWEwODUtY2FkYy00NDZlLWJiZTgt
YzllYzNhOThmOWEzLzEvTkNNSHQ0OS1YOTExU3N3YktkeHh1LThpd2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84YWEwODUtY2FkYy00NDZlLWJiZTgtYzllYzNhOThmOWEz
LzEvb1dVU3VLSml1dFdabzdBak5ZeGM3TXJKNElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgHhQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQApl4nZ+C/MTQS5Wjd+iGHmOZiaOSRt+Fv0NWcx
xInb4NC7dAneaFzFI8Vp+d0Tbe0SO8m/uzYm6E0hxXjDru/aJ4hfqekcs9qiRpWg
4frSuHJvsBzBun3Loc5aIhKJXiOegUpNWRB66V/oEtb+HtK27rgkpMZbo5hx4Qje
/5hs5AnF55kFjOgYAcS7oJGnbtKKfr9RCu+5zmNLLQxhFRmvL9y7sA8uZbXL/0Kg
E034g9g1Zh93LRe/ZuY51qQiBFmGmiSDNRLAw/rtWLrNSUyIvn3Vl353kiAGZh4D
lwmkZNsv4Tp/vEUqsz2AFrAPkhJzLaOzHByREptIu4DRL61f
-----END CERTIFICATE-----