Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/pagqcjCQpq7Lz4brRvg_LDoVkQ0.roa
File:                     pagqcjCQpq7Lz4brRvg_LDoVkQ0.roa (raw, json)
Hash identifier:          SP++COwS+geERy/hBmBPAqcvOJkU4SKcBIebYec+riU=
Subject key identifier:   A5:A8:2A:72:30:90:A6:AE:CB:CF:86:EB:46:F8:3F:2C:3A:15:91:0D
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018F061F0BB4A649E869BDF3BF93CA350C09
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/pagqcjCQpq7Lz4brRvg_LDoVkQ0.roa
Signing time:             Mon 22 Apr 2024 14:04:08 +0000
ROA not before:           Mon 22 Apr 2024 14:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a0d:b9c1::/32 maxlen: 32
                          2a0d:b9c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0b:b4:a6:49:e8:69:bd:f3:bf:93:ca:35:0c:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Apr 22 14:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5a82a723090a6aecbcf86eb46f83f2c3a15910d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:be:99:fa:a3:64:a2:c2:f9:2f:ed:02:bc:79:
                    36:10:fa:53:58:6f:f3:fa:96:3d:45:1f:fc:a6:5e:
                    0f:3b:0b:9d:3c:bb:c9:b8:49:9d:37:a1:59:39:ec:
                    b0:4b:39:27:22:ab:44:ea:3b:bc:ae:9e:33:b4:02:
                    2e:96:cc:ca:96:67:20:4d:cd:90:94:9b:f1:66:9e:
                    57:f1:71:21:8e:60:f3:b7:87:c6:5b:1e:40:2e:8c:
                    e8:c9:56:f8:ad:a5:97:7b:76:ec:d4:6a:eb:2f:8d:
                    5e:7f:02:28:c2:77:20:cd:a0:5b:20:0e:c9:23:7e:
                    54:b2:66:3d:f6:25:52:f7:00:51:63:6d:e3:fc:37:
                    58:5e:98:0a:7e:76:ea:7a:48:d9:e0:e7:79:47:0f:
                    07:63:ed:4c:74:12:c0:d5:04:b6:9a:bc:5c:90:d3:
                    de:60:e0:7c:e1:6d:b8:d7:aa:9a:86:86:61:ea:e2:
                    32:18:bd:55:a0:8e:6d:84:a0:c1:0c:b1:09:aa:2b:
                    d4:d7:b8:22:92:10:57:9f:b4:60:9b:ae:c9:04:9c:
                    f0:b2:3a:eb:48:b8:ae:2a:20:ce:4b:84:ef:ff:2e:
                    16:a3:b4:92:4f:2d:5f:c1:32:4a:2b:e5:c5:1e:e3:
                    b7:8d:a9:09:e5:e8:23:68:53:2a:fd:cf:19:3c:8c:
                    71:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A8:2A:72:30:90:A6:AE:CB:CF:86:EB:46:F8:3F:2C:3A:15:91:0D
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/pagqcjCQpq7Lz4brRvg_LDoVkQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c1::/32
                  2a0d:b9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:55:44:b0:e5:c7:73:e4:20:0f:76:57:c9:e9:7e:26:76:cd:
         ae:6b:47:31:b9:dd:72:fa:d3:1f:26:89:0d:55:2b:16:d2:37:
         10:dc:66:11:90:7c:69:d8:3a:b1:e3:f7:20:30:75:6f:89:98:
         52:d4:67:d9:97:e8:b8:42:4e:c2:7c:5b:b9:28:d3:6e:17:80:
         b6:7b:ba:43:6a:02:47:53:97:5c:20:51:d4:ac:28:84:58:e3:
         00:cd:1b:f0:4f:68:ae:90:15:04:34:5f:eb:00:d3:9c:d5:58:
         29:45:42:7a:b9:5c:75:07:07:64:61:20:e4:b8:a2:1f:47:12:
         7e:c5:c6:42:ac:21:b2:99:64:eb:59:e4:31:13:fb:45:ba:f8:
         5f:eb:f0:10:a6:2c:de:bf:61:ca:d3:4d:65:12:02:98:1d:42:
         a0:20:36:90:e4:8b:4c:9a:2e:9a:13:d7:d7:0f:9d:79:11:91:
         47:ed:72:6e:aa:ac:7d:2e:fe:74:cd:4a:13:2a:05:b8:b3:0f:
         b7:91:aa:67:dc:b5:2f:67:6c:11:90:03:88:75:bc:d9:39:54:
         13:11:24:af:73:a0:5a:ab:d4:86:f3:fd:ab:ad:d5:5d:b5:9e:
         04:3d:6c:1f:d6:2f:5e:9e:87:9e:ac:f5:0b:a0:d3:25:62:14:
         f4:58:82:88
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8GHwu0pknoab3zv5PKNQwJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNDIyMTQwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWE4MmE3MjMwOTBhNmFlY2JjZjg2ZWI0NmY4M2YyYzNhMTU5MTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi76Z+qNkosL5L+0CvHk2EPpTWG/z
+pY9RR/8pl4POwudPLvJuEmdN6FZOeywSzknIqtE6ju8rp4ztAIulszKlmcgTc2Q
lJvxZp5X8XEhjmDzt4fGWx5ALozoyVb4raWXe3bs1GrrL41efwIowncgzaBbIA7J
I35UsmY99iVS9wBRY23j/DdYXpgKfnbqekjZ4Od5Rw8HY+1MdBLA1QS2mrxckNPe
YOB84W2416qahoZh6uIyGL1VoI5thKDBDLEJqivU17gikhBXn7Rgm67JBJzwsjrr
SLiuKiDOS4Tv/y4Wo7SSTy1fwTJKK+XFHuO3jakJ5egjaFMq/c8ZPIxx+QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKWoKnIwkKauy8+G60b4Pyw6FZENMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvcGFncWNqQ1FwcTdMejRiclJ2Z19MRG9Wa1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg25wQMF
ACoNucUwDQYJKoZIhvcNAQELBQADggEBAIBVRLDlx3PkIA92V8npfiZ2za5rRzG5
3XL60x8miQ1VKxbSNxDcZhGQfGnYOrHj9yAwdW+JmFLUZ9mX6LhCTsJ8W7ko024X
gLZ7ukNqAkdTl1wgUdSsKIRY4wDNG/BPaK6QFQQ0X+sA05zVWClFQnq5XHUHB2Rh
IOS4oh9HEn7FxkKsIbKZZOtZ5DET+0W6+F/r8BCmLN6/YcrTTWUSApgdQqAgNpDk
i0yaLpoT19cPnXkRkUftcm6qrH0u/nTNShMqBbizD7eRqmfctS9nbBGQA4h1vNk5
VBMRJK9zoFqr1Ibz/aut1V21ngQ9bB/WL16eh56s9Qug0yViFPRYgog=
-----END CERTIFICATE-----