Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/R75qY5c40R4Q0xkSPlTBCmVxq5k.roa
File:                     R75qY5c40R4Q0xkSPlTBCmVxq5k.roa (raw, json)
Hash identifier:          /Vz3izxBg+WjF+aOq1wwsQUNtDbU2bFxoyK/xqm1U4w=
Subject key identifier:   47:BE:6A:63:97:38:D1:1E:10:D3:19:12:3E:54:C1:0A:65:71:AB:99
Certificate issuer:       /CN=e47521e7b6b38abfb88bf71e9bc5a02b2eccd3b3
Certificate serial:       0192D7A8EFF52A8C0DBD7A831627485C6DA2
Authority key identifier: E4:75:21:E7:B6:B3:8A:BF:B8:8B:F7:1E:9B:C5:A0:2B:2E:CC:D3:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/R75qY5c40R4Q0xkSPlTBCmVxq5k.roa
Signing time:             Tue 29 Oct 2024 09:43:45 +0000
ROA not before:           Tue 29 Oct 2024 09:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202194
IP address blocks:        2a04:c000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:a8:ef:f5:2a:8c:0d:bd:7a:83:16:27:48:5c:6d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e47521e7b6b38abfb88bf71e9bc5a02b2eccd3b3
        Validity
            Not Before: Oct 29 09:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47be6a639738d11e10d319123e54c10a6571ab99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5f:13:84:09:9a:f9:36:ac:75:dd:d7:67:2a:
                    cc:20:bb:78:00:ac:85:0e:2a:19:ba:38:91:b3:80:
                    18:ce:52:ab:0a:5e:88:11:6f:38:af:8f:ee:f8:f4:
                    e8:f0:f6:d5:f2:c5:55:f6:b1:84:c7:c8:71:85:9b:
                    d1:6c:ae:ae:1c:56:14:c4:12:ae:16:6c:6e:10:de:
                    57:99:e3:69:bf:b7:2e:10:33:ca:85:0b:6b:11:9a:
                    57:fc:71:f0:83:9e:83:3b:cd:e5:6c:83:f5:7b:78:
                    b3:13:4a:54:45:58:5f:99:67:0f:f1:6b:f8:a0:d3:
                    df:3a:87:9f:26:bd:94:3b:d4:23:23:8c:c5:5b:2f:
                    e1:d3:bb:67:2d:cb:a1:26:35:f5:08:46:84:dc:1d:
                    73:11:57:7c:00:98:2e:8e:e2:3d:ae:07:fc:aa:6a:
                    40:76:c1:7e:f8:81:0d:2c:1f:d7:47:bc:9f:27:9f:
                    d7:35:8c:da:38:54:fd:99:d1:27:08:59:6a:35:60:
                    88:04:89:94:06:99:0e:0f:d8:fd:fb:b8:28:74:38:
                    77:c7:47:48:02:c6:54:04:9a:4d:77:bd:bd:98:14:
                    28:08:47:0c:fe:f0:7f:27:4a:ca:82:6b:cb:5a:17:
                    cc:1d:db:2e:f0:81:fd:de:d9:7b:85:14:12:0a:d8:
                    b7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BE:6A:63:97:38:D1:1E:10:D3:19:12:3E:54:C1:0A:65:71:AB:99
            X509v3 Authority Key Identifier:
                keyid:E4:75:21:E7:B6:B3:8A:BF:B8:8B:F7:1E:9B:C5:A0:2B:2E:CC:D3:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/R75qY5c40R4Q0xkSPlTBCmVxq5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:c000::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:f8:de:02:72:a8:d3:ac:fa:26:a2:44:c1:ca:9e:be:d3:f3:
         98:b0:b2:fe:40:91:ae:08:ce:67:0c:db:c5:c8:88:31:22:eb:
         3e:ae:43:81:27:ba:a7:7a:dc:13:1f:f9:7c:91:e8:39:1b:72:
         a9:ce:d2:b4:af:5a:b6:9b:84:1b:1a:5d:78:71:8d:14:e2:9d:
         4a:61:a1:25:26:40:08:88:e4:ef:2d:47:3e:86:e2:8f:c3:b1:
         23:4c:27:31:ff:fb:aa:a2:2e:27:ab:16:8c:ef:da:41:1d:ee:
         7f:55:7f:dd:e1:c7:9a:17:81:3a:31:b9:59:43:c1:ab:52:26:
         81:61:2d:ab:fb:5c:ec:25:72:4c:d5:f0:11:5e:7c:8d:c2:1a:
         4a:62:76:1e:1f:ee:f2:62:63:a8:32:90:d3:0d:ae:32:b2:95:
         75:16:bb:af:1e:ba:af:52:18:51:26:4f:25:6c:66:39:a8:f5:
         f2:14:42:d5:95:76:57:f3:18:68:6f:0e:b1:74:e0:5f:52:b2:
         68:7d:f9:9a:ab:be:7b:ed:50:ab:ab:43:d2:23:1f:6d:2d:90:
         ae:20:e8:e1:89:b5:01:db:83:cb:45:d3:90:f8:83:50:c5:79:
         15:74:54:7f:f9:33:09:67:84:c1:27:d9:37:51:4f:48:2f:41:
         73:fc:34:c9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLXqO/1KowNvXqDFidIXG2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NzUyMWU3YjZiMzhhYmZiODhiZjcxZTliYzVhMDJiMmVj
Y2QzYjMwHhcNMjQxMDI5MDk0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JlNmE2Mzk3MzhkMTFlMTBkMzE5MTIzZTU0YzEwYTY1NzFhYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF8ThAma+Tasdd3XZyrMILt4AKyF
DioZujiRs4AYzlKrCl6IEW84r4/u+PTo8PbV8sVV9rGEx8hxhZvRbK6uHFYUxBKu
FmxuEN5XmeNpv7cuEDPKhQtrEZpX/HHwg56DO83lbIP1e3izE0pURVhfmWcP8Wv4
oNPfOoefJr2UO9QjI4zFWy/h07tnLcuhJjX1CEaE3B1zEVd8AJgujuI9rgf8qmpA
dsF++IENLB/XR7yfJ5/XNYzaOFT9mdEnCFlqNWCIBImUBpkOD9j9+7godDh3x0dI
AsZUBJpNd729mBQoCEcM/vB/J0rKgmvLWhfMHdsu8IH93tl7hRQSCti3lwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEe+amOXONEeENMZEj5UwQplcauZMB8GA1UdIwQY
MBaAFOR1Iee2s4q/uIv3HpvFoCsuzNOzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUhVaDU3YXppci00aV9jZW04V2dLeTdNMDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8xOTEzNmUtNDI5Zi00M2FkLTk0ZWYt
ODM2MWE4MzAzNTIyLzEvUjc1cVk1YzQwUjRRMHhrU1BsVEJDbVZ4cTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8xOTEzNmUtNDI5Zi00M2FkLTk0ZWYtODM2MWE4MzAzNTIy
LzEvNUhVaDU3YXppci00aV9jZW04V2dLeTdNMDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgTAADAN
BgkqhkiG9w0BAQsFAAOCAQEAkfjeAnKo06z6JqJEwcqevtPzmLCy/kCRrgjOZwzb
xciIMSLrPq5DgSe6p3rcEx/5fJHoORtyqc7StK9atpuEGxpdeHGNFOKdSmGhJSZA
CIjk7y1HPobij8OxI0wnMf/7qqIuJ6sWjO/aQR3uf1V/3eHHmheBOjG5WUPBq1Im
gWEtq/tc7CVyTNXwEV58jcIaSmJ2Hh/u8mJjqDKQ0w2uMrKVdRa7rx66r1IYUSZP
JWxmOaj18hRC1ZV2V/MYaG8OsXTgX1KyaH35mqu+e+1Qq6tD0iMfbS2QriDo4Ym1
AduDy0XTkPiDUMV5FXRUf/kzCWeEwSfZN1FPSC9Bc/w0yQ==
-----END CERTIFICATE-----