Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/PoPZgbPPOJaBN33XEXpMqVYUrDk.roa
File:                     PoPZgbPPOJaBN33XEXpMqVYUrDk.roa (raw, json)
Hash identifier:          N19IZmjkFJGnIWA84k/JO9OAKA4aqCuojZBOnkbU7qE=
Subject key identifier:   3E:83:D9:81:B3:CF:38:96:81:37:7D:D7:11:7A:4C:A9:56:14:AC:39
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       01934451C5ACBF6F1255EB23461E709AEF1B
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/PoPZgbPPOJaBN33XEXpMqVYUrDk.roa
Signing time:             Tue 19 Nov 2024 12:07:09 +0000
ROA not before:           Tue 19 Nov 2024 12:07:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60118
IP address blocks:        176.126.236.0/22 maxlen: 22
                          2a02:59e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:51:c5:ac:bf:6f:12:55:eb:23:46:1e:70:9a:ef:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Nov 19 12:07:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e83d981b3cf389681377dd7117a4ca95614ac39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ea:c6:e7:54:a5:c4:82:44:7d:fa:af:db:dc:
                    02:c7:6d:d6:65:fc:48:ff:58:a7:7c:58:6b:02:5f:
                    d4:d7:de:0e:d3:f1:3a:17:cb:cf:30:b9:e1:31:e9:
                    3a:cb:2a:05:74:48:b7:1b:54:fb:59:33:14:70:d4:
                    b1:3b:c6:5b:85:d7:69:68:b7:b4:b1:c1:cb:e3:30:
                    8d:2a:4d:6e:c8:a2:79:92:e1:05:bb:2a:fe:a5:ed:
                    44:6c:d1:a7:67:04:7a:76:9f:01:1f:e5:8f:ea:57:
                    70:2b:f2:24:72:dd:10:af:9a:53:49:c7:68:c1:04:
                    d7:14:88:19:74:b2:ea:e6:b7:b8:9b:3f:38:62:28:
                    b0:3d:b9:25:64:2a:ba:01:ee:17:f7:eb:55:26:7e:
                    1b:04:3b:36:09:b7:4d:1f:58:2c:32:75:5c:21:66:
                    e4:6e:52:4d:1e:27:e8:6f:25:2a:e8:56:ca:74:c8:
                    f7:98:c2:d1:a9:c8:5d:ce:da:1f:c0:01:ff:50:c5:
                    e2:b3:57:bf:b7:be:72:00:d4:3c:4e:8c:18:a1:e7:
                    4f:1c:29:7e:f8:58:b4:19:03:31:91:02:6c:6b:0c:
                    99:7e:34:00:5b:82:d8:c3:3d:a2:42:fc:7e:13:eb:
                    06:04:50:3e:70:29:99:62:44:16:ab:b2:8a:2c:5c:
                    98:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:83:D9:81:B3:CF:38:96:81:37:7D:D7:11:7A:4C:A9:56:14:AC:39
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/PoPZgbPPOJaBN33XEXpMqVYUrDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.236.0/22
                IPv6:
                  2a02:59e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:06:ff:fc:e4:da:0e:c2:51:9d:e9:c4:a8:7c:be:c3:3d:77:
         8a:6f:fa:7a:38:5c:19:5a:f3:53:1a:ae:54:b1:d4:1c:22:54:
         81:3b:86:3b:78:30:61:be:ac:ca:8b:75:4d:07:47:18:d1:34:
         ea:a9:93:62:f0:e1:1f:db:3a:09:ac:aa:c9:0f:bb:01:93:b3:
         01:eb:4c:9e:17:3e:f4:d3:ab:6c:b7:e7:c9:d3:78:58:17:86:
         68:04:97:d1:46:c3:48:b8:55:f2:aa:12:9d:26:4f:00:c2:b7:
         c0:6f:01:d3:42:16:bf:fa:97:3a:e4:cb:23:82:b5:53:79:42:
         3c:a3:8d:5a:a2:c7:51:6f:79:19:3d:3b:90:39:d9:15:c1:64:
         6c:bf:fb:25:40:d7:a0:9b:79:f0:41:46:7d:cf:7c:87:a2:2f:
         94:f4:57:dd:17:1d:74:2f:15:46:3b:d0:07:ba:77:1e:55:c0:
         eb:b8:5f:be:ef:9d:d2:03:68:e7:eb:c1:1c:17:4d:b5:2e:82:
         a0:0c:da:ec:b6:29:f9:d9:c3:cd:90:48:b7:c5:c8:d6:8a:a3:
         d7:27:5d:55:02:5f:0b:bf:fc:c3:70:02:70:c5:72:09:34:34:
         9c:0f:9a:66:81:9e:2f:ee:a6:c4:2b:c1:b5:11:69:73:4a:46:
         a1:a5:80:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNEUcWsv28SVesjRh5wmu8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjQxMTE5MTIwNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTgzZDk4MWIzY2YzODk2ODEzNzdkZDcxMTdhNGNhOTU2MTRhYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOrG51SlxIJEffqv29wCx23WZfxI
/1infFhrAl/U194O0/E6F8vPMLnhMek6yyoFdEi3G1T7WTMUcNSxO8ZbhddpaLe0
scHL4zCNKk1uyKJ5kuEFuyr+pe1EbNGnZwR6dp8BH+WP6ldwK/Ikct0Qr5pTScdo
wQTXFIgZdLLq5re4mz84YiiwPbklZCq6Ae4X9+tVJn4bBDs2CbdNH1gsMnVcIWbk
blJNHifobyUq6FbKdMj3mMLRqchdztofwAH/UMXis1e/t75yANQ8TowYoedPHCl+
+Fi0GQMxkQJsawyZfjQAW4LYwz2iQvx+E+sGBFA+cCmZYkQWq7KKLFyYVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD6D2YGzzziWgTd91xF6TKlWFKw5MB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvUG9QWmdiUFBPSmFCTjMzWEVYcE1xVllVckRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCsH7sMA8E
AgACMAkDBwAqAlngAAAwDQYJKoZIhvcNAQELBQADggEBABkG//zk2g7CUZ3pxKh8
vsM9d4pv+no4XBla81MarlSx1BwiVIE7hjt4MGG+rMqLdU0HRxjRNOqpk2Lw4R/b
OgmsqskPuwGTswHrTJ4XPvTTq2y358nTeFgXhmgEl9FGw0i4VfKqEp0mTwDCt8Bv
AdNCFr/6lzrkyyOCtVN5QjyjjVqix1FveRk9O5A52RXBZGy/+yVA16CbefBBRn3P
fIeiL5T0V90XHXQvFUY70Ae6dx5VwOu4X77vndIDaOfrwRwXTbUugqAM2uy2KfnZ
w82QSLfFyNaKo9cnXVUCXwu//MNwAnDFcgk0NJwPmmaBni/upsQrwbURaXNKRqGl
gOg=
-----END CERTIFICATE-----