Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/2_wJzxusAvws3MNZKPb9P94rLes.roa
File:                     2_wJzxusAvws3MNZKPb9P94rLes.roa (raw, json)
Hash identifier:          XR0z5l3z55jkl8TZYTbDUtqegyaHEiuqQahwgz9qMHs=
Subject key identifier:   DB:FC:09:CF:1B:AC:02:FC:2C:DC:C3:59:28:F6:FD:3F:DE:2B:2D:EB
Certificate issuer:       /CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
Certificate serial:       01905996E3FF476F27C167EB2E984DAF91FC
Authority key identifier: 64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/2_wJzxusAvws3MNZKPb9P94rLes.roa
Signing time:             Thu 27 Jun 2024 12:06:19 +0000
ROA not before:           Thu 27 Jun 2024 12:06:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34432
IP address blocks:        2a0d:f9c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:96:e3:ff:47:6f:27:c1:67:eb:2e:98:4d:af:91:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
        Validity
            Not Before: Jun 27 12:06:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbfc09cf1bac02fc2cdcc35928f6fd3fde2b2deb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:56:41:40:86:de:4b:ab:53:7d:6d:84:84:19:
                    75:c2:c8:0c:6a:3f:58:08:46:2c:27:4a:b1:37:00:
                    3b:de:62:37:7b:c4:87:16:c2:de:a3:ad:4f:02:24:
                    70:d0:c9:53:8a:7a:3c:5d:07:31:0d:5c:90:a5:60:
                    0c:63:85:ad:7f:43:58:fb:f5:12:25:e0:2e:dd:9c:
                    ea:ca:52:8e:b3:1b:9c:cb:0b:98:2c:84:ef:1d:51:
                    92:ae:dd:e9:7a:12:fa:6a:04:f0:b3:a0:23:2c:13:
                    1a:1c:75:f4:7e:07:a2:1d:cb:de:97:bc:b0:50:c2:
                    5a:a1:35:55:ac:7e:1a:f9:58:4c:ae:14:66:79:4c:
                    aa:aa:ca:a2:2e:9d:e8:cf:0b:bc:77:0b:77:78:a6:
                    95:84:a7:15:c1:b9:79:58:d0:77:0e:0c:57:a0:66:
                    15:fd:e3:1d:d1:3d:2d:b4:2a:a3:6a:0f:7c:00:50:
                    69:91:39:02:06:6e:cf:8e:4f:bc:ab:f8:16:82:c5:
                    e7:dd:76:f2:97:9f:ca:95:a7:af:d0:34:97:1c:05:
                    1c:0b:6f:2d:c5:1e:31:02:73:2c:32:21:ba:6c:79:
                    c8:20:0a:0d:cc:2b:c7:fd:a9:c0:64:0e:3f:f8:b2:
                    64:72:0f:b6:8c:9f:af:d5:d9:95:72:22:d8:7e:30:
                    84:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FC:09:CF:1B:AC:02:FC:2C:DC:C3:59:28:F6:FD:3F:DE:2B:2D:EB
            X509v3 Authority Key Identifier:
                keyid:64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/2_wJzxusAvws3MNZKPb9P94rLes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f9c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:72:25:9c:5e:a7:ce:80:7e:f8:13:8d:79:e1:48:bc:81:e4:
         c7:cb:1f:38:14:e0:2a:a0:e5:85:83:b8:28:b4:8f:61:ed:17:
         58:18:73:5a:e6:6b:79:2e:4f:2c:a4:84:e9:5b:70:d1:e5:ff:
         7e:ac:16:27:36:c6:01:24:26:69:6c:35:1d:68:cc:be:f6:df:
         eb:2d:83:7b:02:4a:e2:e6:e3:e1:e9:5d:ce:17:b5:58:91:5e:
         e2:64:38:dd:d9:34:98:48:39:93:68:e0:6f:08:73:d3:33:f9:
         2c:2a:41:68:6e:a2:de:31:77:d3:92:0d:f0:9e:ed:7e:03:f0:
         35:00:12:ff:8d:75:17:23:0e:95:e3:6f:51:0b:7c:c8:01:4d:
         25:64:14:cd:26:60:d8:05:11:c5:bd:74:fc:5e:18:99:c3:9c:
         0c:36:a0:96:83:1e:c8:23:ca:db:04:ed:a5:59:df:e2:d7:58:
         3f:6b:57:35:f7:7a:f3:d0:29:d8:fe:5b:03:0b:9c:32:28:60:
         4a:71:13:80:1d:db:b0:cb:01:b5:43:61:0b:13:1d:5b:c3:90:
         8f:6d:8f:77:b0:ef:b0:78:60:e8:d5:9a:72:65:09:0e:54:92:
         b6:f2:a7:78:4e:35:8e:7e:05:57:17:27:90:4d:bc:53:40:98:
         ff:73:c5:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBZluP/R28nwWfrLphNr5H8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0M2UxYmE5MWM1NjlhOGIyMWE2ZDJkNjdmNWRiYmQ2YzA0
ZTQzZWEwHhcNMjQwNjI3MTIwNjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZjMDljZjFiYWMwMmZjMmNkY2MzNTkyOGY2ZmQzZmRlMmIyZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVZBQIbeS6tTfW2EhBl1wsgMaj9Y
CEYsJ0qxNwA73mI3e8SHFsLeo61PAiRw0MlTino8XQcxDVyQpWAMY4Wtf0NY+/US
JeAu3ZzqylKOsxucywuYLITvHVGSrt3pehL6agTws6AjLBMaHHX0fgeiHcvel7yw
UMJaoTVVrH4a+VhMrhRmeUyqqsqiLp3ozwu8dwt3eKaVhKcVwbl5WNB3DgxXoGYV
/eMd0T0ttCqjag98AFBpkTkCBm7Pjk+8q/gWgsXn3Xbyl5/Klaev0DSXHAUcC28t
xR4xAnMsMiG6bHnIIAoNzCvH/anAZA4/+LJkcg+2jJ+v1dmVciLYfjCEXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNv8Cc8brAL8LNzDWSj2/T/eKy3rMB8GA1UdIwQY
MBaAFGQ+G6kcVpqLIabS1n9du9bATkPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAt
ZmVhMGFmZjM1OWY1LzEvMl93Snp4dXNBdndzM01OWktQYjlQOTRyTGVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAtZmVhMGFmZjM1OWY1
LzEvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg35wTAN
BgkqhkiG9w0BAQsFAAOCAQEAB3IlnF6nzoB++BONeeFIvIHkx8sfOBTgKqDlhYO4
KLSPYe0XWBhzWuZreS5PLKSE6Vtw0eX/fqwWJzbGASQmaWw1HWjMvvbf6y2DewJK
4ubj4eldzhe1WJFe4mQ43dk0mEg5k2jgbwhz0zP5LCpBaG6i3jF305IN8J7tfgPw
NQAS/411FyMOleNvUQt8yAFNJWQUzSZg2AURxb10/F4YmcOcDDagloMeyCPK2wTt
pVnf4tdYP2tXNfd689Ap2P5bAwucMihgSnETgB3bsMsBtUNhCxMdW8OQj22Pd7Dv
sHhg6NWacmUJDlSStvKneE41jn4FVxcnkE28U0CY/3PFcQ==
-----END CERTIFICATE-----