Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/ebLW16FJJmVaP1xB6PsTDucQTS4.roa
File:                     ebLW16FJJmVaP1xB6PsTDucQTS4.roa (raw, json)
Hash identifier:          NhuRJvG3nv9DTmqFrZoEtCt39xBZ5AjjSpxVeIj9GS8=
Subject key identifier:   79:B2:D6:D7:A1:49:26:65:5A:3F:5C:41:E8:FB:13:0E:E7:10:4D:2E
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       018E5BE91285F525928F0C52C0FD686797F3
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/ebLW16FJJmVaP1xB6PsTDucQTS4.roa
Signing time:             Wed 20 Mar 2024 12:49:45 +0000
ROA not before:           Wed 20 Mar 2024 12:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212469
IP address blocks:        2a0e:e704:60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:e9:12:85:f5:25:92:8f:0c:52:c0:fd:68:67:97:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Mar 20 12:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79b2d6d7a14926655a3f5c41e8fb130ee7104d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ed:2f:94:1f:b4:4b:60:0a:5d:48:49:5d:0a:
                    9e:ba:cb:43:ea:93:dd:27:33:fd:33:5a:45:91:e3:
                    f7:4a:d3:0e:ea:36:10:7d:5d:69:41:90:a2:45:7a:
                    93:96:fb:00:87:35:42:22:de:cf:7e:6c:59:92:68:
                    f2:b2:94:8e:37:86:c9:95:fe:ae:98:35:c5:03:82:
                    76:2a:9c:25:70:5c:a2:04:04:64:42:31:10:dc:61:
                    14:9f:d2:bc:1b:cf:65:71:53:55:e1:f0:8d:57:9c:
                    0f:cf:b8:c7:1e:ae:cc:d5:ae:5e:a8:34:b3:1a:00:
                    17:5f:14:1e:31:49:fa:09:30:c5:3e:a3:d8:21:19:
                    1a:fb:03:fc:8c:6d:51:98:ca:cb:af:ca:f8:db:a0:
                    4c:2a:d9:75:60:b5:b5:95:67:f4:c8:db:72:f7:87:
                    c4:28:fb:2a:0c:df:8c:65:b7:3f:4a:af:a6:39:91:
                    04:f5:4b:d0:38:23:bb:76:7b:d3:d2:d2:c5:14:3a:
                    49:a3:93:d2:de:58:c2:ab:f1:23:80:2a:a8:11:a0:
                    8c:eb:f3:df:ff:48:7f:39:7e:06:b1:ad:21:c0:6b:
                    d3:6b:bc:5f:63:67:43:9e:d5:1b:80:69:7a:1c:72:
                    6d:20:c6:58:fa:cd:97:e8:38:f4:04:d9:48:04:d9:
                    bf:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B2:D6:D7:A1:49:26:65:5A:3F:5C:41:E8:FB:13:0E:E7:10:4D:2E
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/ebLW16FJJmVaP1xB6PsTDucQTS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:51:99:e3:8f:72:07:8e:f5:39:4f:e0:15:52:dc:43:e5:52:
         84:ca:f9:f9:fd:73:75:e8:42:02:92:c7:73:f6:af:4b:6e:55:
         32:45:3c:bb:17:db:72:1d:08:fd:48:b4:9b:f7:a8:e7:d2:39:
         8c:72:35:ca:c0:e4:38:6a:08:93:83:3a:44:30:15:74:64:23:
         a1:aa:b3:4f:56:85:cf:2c:13:5c:67:4a:e5:b2:c3:f7:4a:b4:
         b4:af:4c:78:35:8b:e8:52:87:84:f2:4e:aa:a0:ba:9c:32:2b:
         de:e6:fb:fc:a1:2e:70:9e:5b:40:65:4a:eb:e3:75:a9:77:7b:
         17:be:73:dc:88:87:68:81:28:d6:7b:cb:d4:15:cd:f1:76:89:
         77:0c:5b:a2:38:6e:64:2e:51:f2:85:96:ff:f6:c2:2e:5d:be:
         9d:20:8e:d0:80:90:bd:30:e5:db:08:42:80:37:84:de:62:18:
         bb:6e:03:83:6f:e6:d8:e1:bc:96:ed:ba:23:73:f0:40:98:06:
         f2:e9:d9:3c:bb:bc:92:33:64:76:cf:5b:9e:22:8d:48:07:44:
         c6:60:fa:7d:3e:62:d1:a1:4c:31:11:8a:cf:57:86:94:84:a2:
         6b:f6:57:48:3d:dc:a1:1f:cb:46:1e:3d:19:05:ad:5b:ef:01:
         fd:66:5c:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5b6RKF9SWSjwxSwP1oZ5fzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjQwMzIwMTI0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWIyZDZkN2ExNDkyNjY1NWEzZjVjNDFlOGZiMTMwZWU3MTA0ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+0vlB+0S2AKXUhJXQqeustD6pPd
JzP9M1pFkeP3StMO6jYQfV1pQZCiRXqTlvsAhzVCIt7PfmxZkmjyspSON4bJlf6u
mDXFA4J2KpwlcFyiBARkQjEQ3GEUn9K8G89lcVNV4fCNV5wPz7jHHq7M1a5eqDSz
GgAXXxQeMUn6CTDFPqPYIRka+wP8jG1RmMrLr8r426BMKtl1YLW1lWf0yNty94fE
KPsqDN+MZbc/Sq+mOZEE9UvQOCO7dnvT0tLFFDpJo5PS3ljCq/EjgCqoEaCM6/Pf
/0h/OX4Gsa0hwGvTa7xfY2dDntUbgGl6HHJtIMZY+s2X6Dj0BNlIBNm/zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHmy1tehSSZlWj9cQej7Ew7nEE0uMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvZWJMVzE2RkpKbVZhUDF4QjZQc1REdWNRVFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg7nBABg
MA0GCSqGSIb3DQEBCwUAA4IBAQBbUZnjj3IHjvU5T+AVUtxD5VKEyvn5/XN16EIC
ksdz9q9LblUyRTy7F9tyHQj9SLSb96jn0jmMcjXKwOQ4agiTgzpEMBV0ZCOhqrNP
VoXPLBNcZ0rlssP3SrS0r0x4NYvoUoeE8k6qoLqcMive5vv8oS5wnltAZUrr43Wp
d3sXvnPciIdogSjWe8vUFc3xdol3DFuiOG5kLlHyhZb/9sIuXb6dII7QgJC9MOXb
CEKAN4TeYhi7bgODb+bY4byW7bojc/BAmAby6dk8u7ySM2R2z1ueIo1IB0TGYPp9
PmLRoUwxEYrPV4aUhKJr9ldIPdyhH8tGHj0ZBa1b7wH9Zly+
-----END CERTIFICATE-----