Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/0ptmVBV1DyEncq9O8T89ZmDyDBg.roa
File:                     0ptmVBV1DyEncq9O8T89ZmDyDBg.roa (raw, json)
Hash identifier:          +/L837iF6nmWac7iLw69RfwCdm1ukbhmppGWfyRIXgs=
Subject key identifier:   D2:9B:66:54:15:75:0F:21:27:72:AF:4E:F1:3F:3D:66:60:F2:0C:18
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018EF61F3C6BFFC046493138B835FE973AC2
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/0ptmVBV1DyEncq9O8T89ZmDyDBg.roa
Signing time:             Fri 19 Apr 2024 11:30:25 +0000
ROA not before:           Fri 19 Apr 2024 11:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51659
IP address blocks:        2a0d:b9c6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:1f:3c:6b:ff:c0:46:49:31:38:b8:35:fe:97:3a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Apr 19 11:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d29b665415750f212772af4ef13f3d6660f20c18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:35:83:02:a9:a6:17:6e:35:26:d8:3d:e6:dc:
                    fc:ea:7c:24:7b:ef:49:7a:4b:62:64:45:70:c5:5b:
                    d3:91:28:ac:8d:d6:1c:83:cc:5c:97:ba:25:21:07:
                    8d:04:96:c3:cc:58:92:af:90:2c:14:37:c7:28:7e:
                    9f:83:9b:bf:30:3e:fa:15:19:4b:24:17:1b:ca:8b:
                    22:d9:20:d6:1a:92:0d:ee:08:53:95:65:e3:cf:23:
                    8f:ba:27:01:5d:c0:f4:bc:b1:bf:be:49:b7:d1:86:
                    f5:ec:bb:10:44:23:b7:aa:16:57:da:a1:a0:a1:a1:
                    5b:21:4f:79:3f:85:8c:41:12:33:8a:28:14:01:a5:
                    54:06:62:61:2b:48:dc:6d:32:8d:a4:42:bd:55:94:
                    05:26:84:38:a7:d3:66:4d:82:79:85:46:e0:22:b3:
                    04:83:07:ed:4d:d6:fb:e1:e0:79:8c:85:a2:db:b9:
                    33:9f:33:f4:c6:10:a1:4b:53:f6:24:1a:42:15:46:
                    1b:3d:f3:ef:19:ea:15:de:e3:2f:36:0e:01:5c:5a:
                    a9:6c:63:49:de:a1:34:3d:8c:7b:c6:89:ed:78:71:
                    58:bc:85:a1:c1:76:a2:78:79:db:87:35:f3:df:54:
                    99:7e:c9:77:a4:ea:6d:54:75:ba:bb:c3:e2:d0:19:
                    cc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:9B:66:54:15:75:0F:21:27:72:AF:4E:F1:3F:3D:66:60:F2:0C:18
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/0ptmVBV1DyEncq9O8T89ZmDyDBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:b9:dc:b2:3e:5a:05:7e:44:e6:05:6e:5f:04:18:50:02:f1:
         2b:00:47:27:ae:86:17:42:88:6d:32:68:a2:0a:e9:cb:23:02:
         7d:93:84:8c:8d:38:c3:91:33:28:e4:41:06:df:63:a3:f1:ff:
         51:ba:9b:80:f6:44:5e:19:44:10:4e:37:6d:67:89:61:64:58:
         7f:d7:32:88:ae:0e:ce:c3:20:25:99:13:fa:62:9d:47:b0:b9:
         fd:da:51:4d:8e:88:cd:70:82:67:0e:1b:30:49:6d:a5:dd:06:
         30:13:81:db:92:3e:a6:84:a3:4d:b2:31:0c:c7:8c:d1:19:a3:
         4f:2d:d9:3c:43:18:6a:71:98:fb:df:83:87:d2:b6:5f:ac:35:
         d1:2a:23:65:d1:5a:0d:32:4e:4e:8f:ac:f9:be:b0:7f:62:b5:
         24:21:b7:b0:3b:c3:9c:b7:6c:f5:60:7f:39:62:82:f9:e4:dd:
         a2:2b:64:6e:eb:db:0b:76:96:0c:94:b8:50:d3:7c:41:bd:88:
         69:22:f3:37:82:c0:ea:02:9f:76:69:69:9b:76:9f:c8:5f:03:
         28:90:ba:6e:45:bd:ef:67:d0:2b:8f:c2:5c:64:2b:b8:cd:53:
         fd:a9:19:87:67:30:b3:88:cf:22:5e:6c:35:72:3e:41:88:04:
         5a:8f:2e:99
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY72Hzxr/8BGSTE4uDX+lzrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNDE5MTEzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjliNjY1NDE1NzUwZjIxMjc3MmFmNGVmMTNmM2Q2NjYwZjIwYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzWDAqmmF241Jtg95tz86nwke+9J
ektiZEVwxVvTkSisjdYcg8xcl7olIQeNBJbDzFiSr5AsFDfHKH6fg5u/MD76FRlL
JBcbyosi2SDWGpIN7ghTlWXjzyOPuicBXcD0vLG/vkm30Yb17LsQRCO3qhZX2qGg
oaFbIU95P4WMQRIziigUAaVUBmJhK0jcbTKNpEK9VZQFJoQ4p9NmTYJ5hUbgIrME
gwftTdb74eB5jIWi27kznzP0xhChS1P2JBpCFUYbPfPvGeoV3uMvNg4BXFqpbGNJ
3qE0PYx7xonteHFYvIWhwXaieHnbhzXz31SZfsl3pOptVHW6u8Pi0BnMpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNKbZlQVdQ8hJ3KvTvE/PWZg8gwYMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvMHB0bVZCVjFEeUVuY3E5TzhUODlabUR5REJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg25xjAN
BgkqhkiG9w0BAQsFAAOCAQEAmbncsj5aBX5E5gVuXwQYUALxKwBHJ66GF0KIbTJo
ogrpyyMCfZOEjI04w5EzKORBBt9jo/H/UbqbgPZEXhlEEE43bWeJYWRYf9cyiK4O
zsMgJZkT+mKdR7C5/dpRTY6IzXCCZw4bMEltpd0GMBOB25I+poSjTbIxDMeM0Rmj
Ty3ZPEMYanGY+9+Dh9K2X6w10SojZdFaDTJOTo+s+b6wf2K1JCG3sDvDnLds9WB/
OWKC+eTdoitkbuvbC3aWDJS4UNN8Qb2IaSLzN4LA6gKfdmlpm3afyF8DKJC6bkW9
72fQK4/CXGQruM1T/akZh2cws4jPIl5sNXI+QYgEWo8umQ==
-----END CERTIFICATE-----