Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/_vBxre45pVTpkbWV06I321guIPI.roa
File:                     _vBxre45pVTpkbWV06I321guIPI.roa (raw, json)
Hash identifier:          A1nSt1/4K3o3CvtNDdcZb3lXzzt5C3KdjR9KkaLf3Zg=
Subject key identifier:   FE:F0:71:AD:EE:39:A5:54:E9:91:B5:95:D3:A2:37:DB:58:2E:20:F2
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018F061F0B8F1E66DC8F6BCA778CB88C0A63
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/_vBxre45pVTpkbWV06I321guIPI.roa
Signing time:             Mon 22 Apr 2024 14:04:08 +0000
ROA not before:           Mon 22 Apr 2024 14:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a0d:afc2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0b:8f:1e:66:dc:8f:6b:ca:77:8c:b8:8c:0a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Apr 22 14:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fef071adee39a554e991b595d3a237db582e20f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9e:6f:43:f2:51:54:79:21:be:f3:e1:29:94:
                    f0:45:3f:c8:63:a5:51:3b:f7:b7:74:81:f0:25:d8:
                    b8:01:4d:b9:23:3d:6c:87:5b:c2:cf:1a:1c:be:84:
                    bf:51:45:b7:bc:93:27:93:94:bd:0b:bc:ed:d3:60:
                    01:9e:9a:bf:f1:0d:0f:07:fb:6d:6e:4e:02:b6:94:
                    aa:21:c0:f3:09:0b:19:31:e0:33:3e:c9:c8:02:b0:
                    b3:dd:ce:85:a8:99:9a:cb:8a:b4:2d:2d:85:83:f0:
                    37:83:ae:08:3f:32:92:79:0e:b9:79:78:de:7d:9b:
                    fe:98:90:d7:f3:ed:aa:65:e8:7c:0b:9c:64:58:4c:
                    c3:d2:bf:94:6b:45:82:f0:e9:d3:2f:b3:43:64:75:
                    8a:78:cd:49:5f:df:32:18:7b:2b:6f:6a:86:0a:c7:
                    3d:e0:89:82:86:71:2b:fd:c2:55:b3:25:70:55:a6:
                    e2:0b:e2:22:ab:cc:45:56:ff:3c:01:2a:f2:88:56:
                    37:cc:75:b0:bb:0e:75:89:6e:4c:5a:99:c6:a2:ed:
                    88:12:38:b6:01:eb:7d:25:8f:13:f4:29:05:c4:54:
                    ae:43:f4:ad:77:ea:24:74:92:7e:2a:67:90:1b:d4:
                    b0:29:a9:e5:17:cb:f4:ee:8a:5b:54:b3:43:f8:5a:
                    9f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F0:71:AD:EE:39:A5:54:E9:91:B5:95:D3:A2:37:DB:58:2E:20:F2
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/_vBxre45pVTpkbWV06I321guIPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:afc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         cf:ac:d0:57:b6:4e:52:27:93:aa:37:9f:29:c8:d6:f7:68:82:
         b4:26:22:a3:84:df:89:00:e6:be:66:e6:32:46:31:92:21:83:
         f7:fa:ea:8b:66:ab:96:7b:cc:f0:75:3d:07:f8:5b:bf:95:b5:
         36:0e:94:bf:cf:d6:0a:e4:ec:cd:f4:a2:57:90:d8:63:e1:16:
         79:ba:81:46:77:45:db:55:c5:c6:49:c5:83:a9:a0:08:84:ca:
         73:03:87:2f:91:a4:8a:09:21:3c:94:97:ac:ce:2d:86:4a:f2:
         68:d1:36:63:8a:e9:5e:35:c3:9b:d0:94:f8:0f:69:6e:73:4c:
         23:94:82:68:0b:5b:2a:bd:ee:55:51:4f:92:df:23:3f:b8:ee:
         dc:1a:6b:fd:2f:cb:ef:10:0b:65:ac:1c:af:9a:d5:14:bb:74:
         bd:89:c7:7d:75:a3:ff:b6:f9:f3:ce:5e:ad:df:ba:df:29:0e:
         64:5a:1b:be:09:92:2f:79:24:c3:91:4b:5b:57:e4:ef:d9:d4:
         8e:e9:53:e8:19:e0:75:0f:0a:0f:bd:33:db:ee:12:b3:f0:93:
         ba:c2:37:78:41:aa:16:6b:ec:f5:5a:27:7c:1e:97:77:46:c4:
         c0:74:f1:72:b2:6d:43:76:27:fb:58:54:8a:13:ca:6d:03:ea:
         7b:5d:62:46
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8GHwuPHmbcj2vKd4y4jApjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwNDIyMTQwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWYwNzFhZGVlMzlhNTU0ZTk5MWI1OTVkM2EyMzdkYjU4MmUyMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs55vQ/JRVHkhvvPhKZTwRT/IY6VR
O/e3dIHwJdi4AU25Iz1sh1vCzxocvoS/UUW3vJMnk5S9C7zt02ABnpq/8Q0PB/tt
bk4CtpSqIcDzCQsZMeAzPsnIArCz3c6FqJmay4q0LS2Fg/A3g64IPzKSeQ65eXje
fZv+mJDX8+2qZeh8C5xkWEzD0r+Ua0WC8OnTL7NDZHWKeM1JX98yGHsrb2qGCsc9
4ImChnEr/cJVsyVwVabiC+Iiq8xFVv88ASryiFY3zHWwuw51iW5MWpnGou2IEji2
Aet9JY8T9CkFxFSuQ/Std+okdJJ+KmeQG9SwKanlF8v07opbVLND+FqfIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP7wca3uOaVU6ZG1ldOiN9tYLiDyMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvX3ZCeHJlNDVwVlRwa2JXVjA2STMyMWd1SVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2vwjAN
BgkqhkiG9w0BAQsFAAOCAQEAz6zQV7ZOUieTqjefKcjW92iCtCYio4TfiQDmvmbm
MkYxkiGD9/rqi2arlnvM8HU9B/hbv5W1Ng6Uv8/WCuTszfSiV5DYY+EWebqBRndF
21XFxknFg6mgCITKcwOHL5GkigkhPJSXrM4thkryaNE2Y4rpXjXDm9CU+A9pbnNM
I5SCaAtbKr3uVVFPkt8jP7ju3Bpr/S/L7xALZawcr5rVFLt0vYnHfXWj/7b5885e
rd+63ykOZFobvgmSL3kkw5FLW1fk79nUjulT6BngdQ8KD70z2+4Ss/CTusI3eEGq
Fmvs9VonfB6Xd0bEwHTxcrJtQ3Yn+1hUihPKbQPqe11iRg==
-----END CERTIFICATE-----