Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/B_3VwEN62U0yvrjqrFhERcAQGIs.roa
File:                     B_3VwEN62U0yvrjqrFhERcAQGIs.roa (raw, json)
Hash identifier:          mZWTJkvU2u59xdZgqsVpAwJlFBYhs7xRgtFsuCl++2o=
Subject key identifier:   07:FD:D5:C0:43:7A:D9:4D:32:BE:B8:EA:AC:58:44:45:C0:10:18:8B
Certificate issuer:       /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial:       018DF95159C681AE8172F18BA53E677B9FE9
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/B_3VwEN62U0yvrjqrFhERcAQGIs.roa
Signing time:             Fri 01 Mar 2024 09:21:14 +0000
ROA not before:           Fri 01 Mar 2024 09:21:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60783
IP address blocks:        2a04:3480::/29 maxlen: 29
                          2a0a:8fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:51:59:c6:81:ae:81:72:f1:8b:a5:3e:67:7b:9f:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
        Validity
            Not Before: Mar  1 09:21:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07fdd5c0437ad94d32beb8eaac584445c010188b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8c:c0:52:9b:5f:d1:32:8c:30:ab:1d:a3:07:
                    7e:6c:08:1b:9b:65:ad:a1:18:a0:42:0d:c3:d5:48:
                    43:7d:9c:f5:d4:35:0d:9d:52:9e:1b:83:90:7e:ad:
                    2f:e1:e5:67:90:51:48:18:40:e5:30:4a:56:a4:e3:
                    a6:32:4b:73:a1:e8:c1:61:20:fb:1f:1d:26:55:0b:
                    b3:b5:71:5a:6c:4f:85:37:b4:44:fa:9d:00:d4:be:
                    0f:ad:a0:5a:4f:01:01:07:c5:35:72:6a:71:57:0b:
                    0b:77:25:a1:21:1d:e0:3c:d5:f9:a9:a5:72:99:8f:
                    11:4a:af:5c:a7:78:2c:f0:e7:bf:1d:01:71:ab:ce:
                    d3:0a:cc:8e:fd:8d:20:45:15:12:55:8b:eb:ee:95:
                    6b:cc:8f:42:90:ca:59:8e:28:0a:9e:a6:a9:b4:cd:
                    09:15:0a:6b:a5:91:83:73:b7:c2:58:e2:80:5e:78:
                    9f:2a:db:7c:91:c8:b3:97:49:bf:bc:82:4b:69:39:
                    d2:ed:ab:57:7a:c2:cb:9f:eb:f4:4a:b1:96:b0:bb:
                    36:1c:ef:d8:5d:71:d2:67:dc:e9:d9:25:3a:71:41:
                    b2:46:61:4e:81:34:78:8f:95:02:08:df:94:6c:41:
                    a7:66:0b:c2:a3:fc:fa:78:29:fe:87:0e:42:52:b2:
                    a4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FD:D5:C0:43:7A:D9:4D:32:BE:B8:EA:AC:58:44:45:C0:10:18:8B
            X509v3 Authority Key Identifier:
                keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/B_3VwEN62U0yvrjqrFhERcAQGIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:3480::/29
                  2a0a:8fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:98:43:23:aa:52:62:1d:18:8b:37:46:16:c0:12:0e:f7:56:
         92:a7:d0:38:6c:7c:2f:35:28:4e:ed:94:f1:42:9e:fa:ce:bb:
         ca:9e:2f:34:b2:11:08:eb:4a:93:85:79:45:90:3b:45:9b:0c:
         66:59:a7:bf:7f:08:8b:f6:69:c1:9a:41:7d:52:3c:c2:75:cc:
         8c:a7:2e:2c:ab:a9:f3:b2:80:9e:1c:a2:d1:7c:e6:d8:11:de:
         be:ed:5f:1d:95:de:95:c5:5f:92:2d:fd:14:b6:d0:9f:6c:97:
         5e:8d:7a:ed:50:c5:94:34:75:84:0b:22:4e:3a:cd:19:17:68:
         df:e1:ee:a3:c6:ec:4e:d6:d8:aa:c4:50:9b:eb:48:b6:b0:48:
         62:18:4f:fc:37:fd:11:2e:d0:17:2b:f3:1f:00:d6:24:be:3d:
         96:d9:5b:f6:53:80:79:2e:28:1e:48:b6:45:7a:a8:98:27:93:
         f9:58:af:2a:d2:9f:b9:2b:05:ad:56:4a:c2:ef:a4:d7:ad:99:
         11:10:80:ae:d0:21:86:45:77:40:60:13:44:47:b3:0d:3f:3c:
         56:c4:02:8c:a9:4d:fd:07:3f:02:e5:10:c1:58:1d:46:ad:86:
         a9:9f:c5:cf:07:3c:cf:18:6b:76:e1:cf:a5:10:6c:ad:9b:d7:
         19:8f:71:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY35UVnGga6BcvGLpT5ne5/pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjFkYjBlMDA4MjA4NzZkZmEyMGJlYzliNzE5YWE3OTVh
Y2MxZGUwHhcNMjQwMzAxMDkyMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZkZDVjMDQzN2FkOTRkMzJiZWI4ZWFhYzU4NDQ0NWMwMTAxODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqozAUptf0TKMMKsdowd+bAgbm2Wt
oRigQg3D1UhDfZz11DUNnVKeG4OQfq0v4eVnkFFIGEDlMEpWpOOmMktzoejBYSD7
Hx0mVQuztXFabE+FN7RE+p0A1L4PraBaTwEBB8U1cmpxVwsLdyWhIR3gPNX5qaVy
mY8RSq9cp3gs8Oe/HQFxq87TCsyO/Y0gRRUSVYvr7pVrzI9CkMpZjigKnqaptM0J
FQprpZGDc7fCWOKAXnifKtt8kcizl0m/vIJLaTnS7atXesLLn+v0SrGWsLs2HO/Y
XXHSZ9zp2SU6cUGyRmFOgTR4j5UCCN+UbEGnZgvCo/z6eCn+hw5CUrKksQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAf91cBDetlNMr646qxYREXAEBiLMB8GA1UdIwQY
MBaAFKqx2w4Aggh236IL7JtxmqeVrMHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGIt
MjNlMzgxMzY1MWQ0LzEvQl8zVndFTjYyVTB5dnJqcXJGaEVSY0FRR0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGItMjNlMzgxMzY1MWQ0
LzEvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgQ0gAMF
AyoKj8AwDQYJKoZIhvcNAQELBQADggEBAKOYQyOqUmIdGIs3RhbAEg73VpKn0Dhs
fC81KE7tlPFCnvrOu8qeLzSyEQjrSpOFeUWQO0WbDGZZp79/CIv2acGaQX1SPMJ1
zIynLiyrqfOygJ4cotF85tgR3r7tXx2V3pXFX5It/RS20J9sl16Neu1QxZQ0dYQL
Ik46zRkXaN/h7qPG7E7W2KrEUJvrSLawSGIYT/w3/REu0Bcr8x8A1iS+PZbZW/ZT
gHkuKB5ItkV6qJgnk/lYryrSn7krBa1WSsLvpNetmREQgK7QIYZFd0BgE0RHsw0/
PFbEAoypTf0HPwLlEMFYHUathqmfxc8HPM8Ya3bhz6UQbK2b1xmPcaY=
-----END CERTIFICATE-----