Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/X3NErJT46aY2ixbCouRBrLxAH2M.roa
File:                     X3NErJT46aY2ixbCouRBrLxAH2M.roa (raw, json)
Hash identifier:          r9aPbS3H1F20l3QPyI7lZHjNjd+mWuUrwg5b0y3oXbs=
Subject key identifier:   5F:73:44:AC:94:F8:E9:A6:36:8B:16:C2:A2:E4:41:AC:BC:40:1F:63
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       01934F015E5EC1F683B0E8C5238CBF8731F0
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/X3NErJT46aY2ixbCouRBrLxAH2M.roa
Signing time:             Thu 21 Nov 2024 13:55:09 +0000
ROA not before:           Thu 21 Nov 2024 13:55:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211299
IP address blocks:        2a0e:e704:70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:01:5e:5e:c1:f6:83:b0:e8:c5:23:8c:bf:87:31:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Nov 21 13:55:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f7344ac94f8e9a6368b16c2a2e441acbc401f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b6:0b:07:64:48:d6:5f:7c:76:15:00:b9:9c:
                    2f:5a:45:d2:21:86:b4:e6:f5:6b:ea:5b:0b:e2:02:
                    d3:72:ba:50:4b:b6:bd:3d:42:0a:ca:82:c4:17:6d:
                    7b:45:9e:c7:b7:7b:2f:b4:6d:c7:2f:8a:03:8a:48:
                    bb:8e:97:b6:e3:d6:31:7f:d0:80:19:5e:2e:5e:5c:
                    40:7d:d5:c4:a7:e7:a9:85:d3:86:b2:f6:7c:3b:78:
                    7e:aa:84:a8:05:64:d3:b5:29:b1:08:a1:a0:c3:22:
                    10:12:ad:b3:41:0f:b6:8e:db:62:d6:4c:e2:84:e0:
                    ad:be:fb:26:3d:3c:30:cd:c6:ed:e7:c5:b3:22:f0:
                    14:71:29:15:bc:88:e2:03:21:4c:38:3f:59:50:d1:
                    1e:e5:e2:b9:81:1c:58:a7:38:f3:86:b1:50:49:f1:
                    e5:1a:91:ff:35:a2:18:29:2f:91:54:b8:37:b1:2c:
                    17:e6:2b:a2:cc:fa:9f:8b:4d:c6:6c:16:29:3b:6b:
                    e6:7a:5b:d5:6f:a5:f1:73:54:84:92:96:38:ba:65:
                    c5:32:00:f7:7d:4a:f4:06:5d:bc:cc:6d:96:b9:19:
                    e9:11:00:f7:d2:20:13:9b:a7:db:c5:27:4c:5f:0b:
                    ae:06:c2:28:08:f9:27:75:6c:f8:36:f2:7f:c1:c8:
                    27:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:73:44:AC:94:F8:E9:A6:36:8B:16:C2:A2:E4:41:AC:BC:40:1F:63
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/X3NErJT46aY2ixbCouRBrLxAH2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:70::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:a6:d9:1b:7f:55:fb:f1:9e:4e:60:42:a5:4c:b0:96:ee:ed:
         f0:3a:4c:3f:44:5b:dc:84:fa:af:5d:16:0f:70:42:91:62:c1:
         9f:4c:73:17:62:39:8d:f3:a1:43:a7:31:e0:1d:f0:7c:83:5f:
         f3:b1:20:d3:ba:a0:c0:88:00:dc:0c:69:9f:cc:dd:97:ec:d8:
         4d:c1:e7:c0:22:df:ff:37:df:08:c0:e6:70:f6:00:e2:65:86:
         37:81:53:4a:16:c1:39:95:c9:aa:9b:e0:de:59:e2:7f:82:aa:
         aa:ae:5d:32:ce:51:b2:a3:f7:6d:c8:78:24:a5:3e:63:40:df:
         49:ad:de:de:d6:92:65:d6:68:e0:86:9a:c1:b8:02:b0:63:61:
         85:a3:9b:78:5b:0c:3d:80:2f:67:b5:ec:4a:9e:16:61:b7:b1:
         72:09:ec:d6:61:50:d2:95:9e:fe:30:b1:58:cd:73:01:67:80:
         56:71:30:5e:79:83:10:40:d1:e6:66:85:fa:f5:87:53:15:49:
         f7:ab:ed:09:18:bf:e5:b3:8d:40:78:54:c0:cc:97:06:5e:d3:
         85:63:a3:ec:76:2a:68:7a:f6:98:aa:4e:8b:21:e1:4f:fd:fb:
         48:de:ac:94:cc:e5:52:59:eb:22:df:02:4a:fc:ee:ea:05:b8:
         2f:16:3e:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNPAV5ewfaDsOjFI4y/hzHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjQxMTIxMTM1NTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjczNDRhYzk0ZjhlOWE2MzY4YjE2YzJhMmU0NDFhY2JjNDAxZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLYLB2RI1l98dhUAuZwvWkXSIYa0
5vVr6lsL4gLTcrpQS7a9PUIKyoLEF217RZ7Ht3svtG3HL4oDiki7jpe249Yxf9CA
GV4uXlxAfdXEp+ephdOGsvZ8O3h+qoSoBWTTtSmxCKGgwyIQEq2zQQ+2jtti1kzi
hOCtvvsmPTwwzcbt58WzIvAUcSkVvIjiAyFMOD9ZUNEe5eK5gRxYpzjzhrFQSfHl
GpH/NaIYKS+RVLg3sSwX5iuizPqfi03GbBYpO2vmelvVb6Xxc1SEkpY4umXFMgD3
fUr0Bl28zG2WuRnpEQD30iATm6fbxSdMXwuuBsIoCPkndWz4NvJ/wcgnZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF9zRKyU+OmmNosWwqLkQay8QB9jMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvWDNORXJKVDQ2YVkyaXhiQ291UkJyTHhBSDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABw
MA0GCSqGSIb3DQEBCwUAA4IBAQCPptkbf1X78Z5OYEKlTLCW7u3wOkw/RFvchPqv
XRYPcEKRYsGfTHMXYjmN86FDpzHgHfB8g1/zsSDTuqDAiADcDGmfzN2X7NhNwefA
It//N98IwOZw9gDiZYY3gVNKFsE5lcmqm+DeWeJ/gqqqrl0yzlGyo/dtyHgkpT5j
QN9Jrd7e1pJl1mjghprBuAKwY2GFo5t4Www9gC9ntexKnhZht7FyCezWYVDSlZ7+
MLFYzXMBZ4BWcTBeeYMQQNHmZoX69YdTFUn3q+0JGL/ls41AeFTAzJcGXtOFY6Ps
dipoevaYqk6LIeFP/ftI3qyUzOVSWesi3wJK/O7qBbgvFj7B
-----END CERTIFICATE-----