Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/7HBeCTK_Omtc7HI9FH3qHF54GW8.roa
File:                     7HBeCTK_Omtc7HI9FH3qHF54GW8.roa (raw, json)
Hash identifier:          iMYl5/Cpr8HpDQ4N9WmpFgJXOYSZhIh0W6YnplbpmpQ=
Subject key identifier:   EC:70:5E:09:32:BF:3A:6B:5C:EC:72:3D:14:7D:EA:1C:5E:78:19:6F
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       019206B9241FB21491CCEF3F2F75E7369114
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/7HBeCTK_Omtc7HI9FH3qHF54GW8.roa
Signing time:             Wed 18 Sep 2024 20:00:49 +0000
ROA not before:           Wed 18 Sep 2024 20:00:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197992
IP address blocks:        2a0e:7780::/29 maxlen: 29
                          2a11:3b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:06:b9:24:1f:b2:14:91:cc:ef:3f:2f:75:e7:36:91:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Sep 18 20:00:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec705e0932bf3a6b5cec723d147dea1c5e78196f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:12:9f:48:4f:e1:92:bf:7e:21:02:0a:70:83:
                    3b:f7:35:c4:59:be:86:5c:f8:25:a9:1c:ba:ea:d8:
                    3c:70:48:79:b4:bf:72:95:6b:22:56:ec:34:45:8b:
                    80:f0:59:a3:19:de:0c:1b:30:99:28:c7:15:14:91:
                    b2:33:de:04:58:f9:9d:04:1f:0f:22:ee:63:8c:f7:
                    28:82:18:08:53:58:f5:1b:e1:7e:da:b4:17:4b:2b:
                    84:ef:39:45:35:5c:28:0a:68:19:d8:14:dc:01:34:
                    1a:ed:eb:48:7b:ca:7f:2c:39:22:47:75:9a:20:da:
                    69:a4:f5:af:a1:55:8c:17:49:6e:68:76:f9:ee:1b:
                    72:9f:fa:52:77:e1:94:fa:06:88:af:c8:ac:c0:f6:
                    fb:86:41:e5:d8:ef:95:6b:d7:c6:f3:fd:0d:50:43:
                    7f:2c:8a:be:3b:5d:b5:6d:06:7f:15:4a:b0:c2:e1:
                    a8:e2:7a:10:d1:c4:ff:fb:48:0d:48:92:de:d8:05:
                    73:5c:61:a2:26:f3:de:7f:af:0d:09:b6:ac:41:73:
                    b5:b6:da:78:a3:d9:53:d4:f5:40:74:fb:24:68:3a:
                    bc:43:29:d6:ca:17:26:2a:06:fa:1a:ec:d8:a7:58:
                    de:28:69:5b:bc:19:ff:a1:86:23:87:5d:70:e7:fd:
                    bf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:70:5E:09:32:BF:3A:6B:5C:EC:72:3D:14:7D:EA:1C:5E:78:19:6F
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/7HBeCTK_Omtc7HI9FH3qHF54GW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7780::/29
                  2a11:3b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:76:10:6b:36:07:a2:31:2e:6b:e3:2e:26:35:09:9b:68:b6:
         17:ac:01:c2:2c:15:8d:e2:82:c1:22:4b:99:32:41:f5:ba:fe:
         a5:07:29:b1:9e:ed:0f:21:a9:f3:bd:27:28:a3:98:7d:b9:4c:
         87:69:da:9a:cd:39:fb:5e:38:d7:97:2a:35:da:39:89:a0:fb:
         a0:d3:08:34:80:e8:fd:21:69:73:30:f8:cd:0e:ef:4f:84:a3:
         64:2e:95:c8:0f:48:0d:a7:29:76:8b:23:7d:7a:4f:27:dd:72:
         01:54:e0:32:50:24:e8:8c:3f:4b:1d:0e:19:31:06:41:f2:97:
         94:79:c4:b0:f1:78:12:7e:e5:04:73:09:0f:c7:61:cf:dd:58:
         b0:13:d3:3e:4f:71:7a:ce:91:a9:05:8f:10:b0:cc:c9:a1:49:
         be:0f:e0:d1:6d:13:dc:0b:ab:f2:55:0e:ab:2a:08:a9:06:e6:
         74:8b:6a:8a:aa:fa:88:39:2d:fc:eb:ae:c3:ad:69:25:bd:71:
         e5:18:3e:c0:b2:b0:c3:a4:8d:e5:48:67:8e:1b:68:b9:6d:9a:
         b6:27:cf:c6:db:8d:4b:93:45:19:08:70:39:65:62:2b:ab:63:
         45:db:f9:47:63:2b:62:6b:72:6d:e4:6a:d8:ff:f7:32:aa:52:
         d0:7f:de:6a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZIGuSQfshSRzO8/L3XnNpEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwOTE4MjAwMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzcwNWUwOTMyYmYzYTZiNWNlYzcyM2QxNDdkZWExYzVlNzgxOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRKfSE/hkr9+IQIKcIM79zXEWb6G
XPglqRy66tg8cEh5tL9ylWsiVuw0RYuA8FmjGd4MGzCZKMcVFJGyM94EWPmdBB8P
Iu5jjPcoghgIU1j1G+F+2rQXSyuE7zlFNVwoCmgZ2BTcATQa7etIe8p/LDkiR3Wa
INpppPWvoVWMF0luaHb57htyn/pSd+GU+gaIr8iswPb7hkHl2O+Va9fG8/0NUEN/
LIq+O121bQZ/FUqwwuGo4noQ0cT/+0gNSJLe2AVzXGGiJvPef68NCbasQXO1ttp4
o9lT1PVAdPskaDq8QynWyhcmKgb6GuzYp1jeKGlbvBn/oYYjh11w5/2/0QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOxwXgkyvzprXOxyPRR96hxeeBlvMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvN0hCZUNUS19PbXRjN0hJOUZIM3FIRjU0R1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg53gAMF
AyoRO0AwDQYJKoZIhvcNAQELBQADggEBAGV2EGs2B6IxLmvjLiY1CZtothesAcIs
FY3igsEiS5kyQfW6/qUHKbGe7Q8hqfO9JyijmH25TIdp2prNOfteONeXKjXaOYmg
+6DTCDSA6P0haXMw+M0O70+Eo2QulcgPSA2nKXaLI316TyfdcgFU4DJQJOiMP0sd
DhkxBkHyl5R5xLDxeBJ+5QRzCQ/HYc/dWLAT0z5PcXrOkakFjxCwzMmhSb4P4NFt
E9wLq/JVDqsqCKkG5nSLaoqq+og5LfzrrsOtaSW9ceUYPsCysMOkjeVIZ44baLlt
mrYnz8bbjUuTRRkIcDllYiurY0Xb+UdjK2Jrcm3katj/9zKqUtB/3mo=
-----END CERTIFICATE-----