Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/uujsdnGfUjWZvmqGTuemV6wgp9Y.roa
File:                     uujsdnGfUjWZvmqGTuemV6wgp9Y.roa (raw, json)
Hash identifier:          KXQKugngTsbnK2OtJ5XwltQmU7zrUhxFQWQ+Z+Px+BU=
Subject key identifier:   BA:E8:EC:76:71:9F:52:35:99:BE:6A:86:4E:E7:A6:57:AC:20:A7:D6
Certificate issuer:       /CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
Certificate serial:       0190F34774317D61B1A7B0324F6EFB2493DB
Authority key identifier: C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/uujsdnGfUjWZvmqGTuemV6wgp9Y.roa
Signing time:             Sat 27 Jul 2024 08:21:04 +0000
ROA not before:           Sat 27 Jul 2024 08:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208816
IP address blocks:        2a0e:9481::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/x-nHqlNLEwC_ck__DwwbBRnVBbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/x-nHqlNLEwC_ck__DwwbBRnVBbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f3:47:74:31:7d:61:b1:a7:b0:32:4f:6e:fb:24:93:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e9c7aa534b1300bf724fff0f0c1b0519d505bb
        Validity
            Not Before: Jul 27 08:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bae8ec76719f523599be6a864ee7a657ac20a7d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2d:f8:a9:fc:f1:9e:a4:f1:ca:7d:db:7e:23:
                    e2:45:f7:3b:b4:f6:c8:c6:df:2e:ed:be:cb:1f:6f:
                    89:7f:41:c1:e4:42:90:07:02:d7:af:f1:a3:b6:ae:
                    0e:de:b9:d6:7f:09:a1:04:81:85:3b:da:6c:a8:c9:
                    86:f1:67:93:be:ac:6d:d0:aa:3c:78:96:34:4b:bf:
                    10:c6:c6:c0:6f:bc:a4:f9:ba:8a:35:18:b1:dc:0d:
                    d1:9a:9f:8e:3c:c9:24:69:3a:35:04:bd:4b:5c:2c:
                    9e:75:2b:19:93:ee:5d:5a:d9:de:d2:73:6a:b1:b5:
                    39:74:f8:b8:25:d2:a2:19:6a:5d:49:7b:7d:ba:23:
                    7a:1c:0b:58:1c:2e:be:b9:4f:8f:3e:f5:d6:7d:fc:
                    cf:71:cc:ca:19:e9:1a:03:82:dc:64:c1:4a:08:3c:
                    5d:da:df:cc:8c:35:73:98:04:a9:28:98:fd:61:06:
                    b8:26:b2:8b:17:80:c3:21:00:c6:5d:fb:25:f3:57:
                    76:95:38:05:81:7a:ae:14:44:6e:e9:2d:2d:07:b9:
                    df:97:72:70:96:90:31:0a:c4:19:da:d0:f2:05:c2:
                    94:59:59:8d:52:b0:20:02:8f:36:ac:66:f1:e7:24:
                    ac:01:bc:4e:1b:55:5c:4e:14:29:26:2a:33:42:f7:
                    5a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E8:EC:76:71:9F:52:35:99:BE:6A:86:4E:E7:A6:57:AC:20:A7:D6
            X509v3 Authority Key Identifier:
                keyid:C7:E9:C7:AA:53:4B:13:00:BF:72:4F:FF:0F:0C:1B:05:19:D5:05:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-nHqlNLEwC_ck__DwwbBRnVBbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/uujsdnGfUjWZvmqGTuemV6wgp9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/50abef-374c-4ea6-b7d4-ce500827ff7f/1/x-nHqlNLEwC_ck__DwwbBRnVBbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9481::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:fb:9b:92:b2:df:ce:f2:3a:2b:ed:98:c1:59:cc:89:60:98:
         7d:35:4f:58:ab:7d:51:b8:60:31:64:07:ac:a3:30:12:46:16:
         34:e9:6e:87:e3:9b:1c:a4:e8:8d:c6:36:79:b2:e6:57:48:65:
         b2:9c:39:c8:04:ab:0d:53:9f:dd:d8:2f:4a:4f:ea:82:d7:d4:
         ab:99:06:6c:1b:a9:a2:bf:1e:7b:34:87:61:bb:cc:cc:44:ed:
         ed:df:8b:68:54:77:b2:ce:67:d3:09:29:8a:c8:0f:4c:d5:95:
         09:c2:40:d1:12:f2:13:a1:cb:cd:b4:a8:4d:85:d9:bd:9d:13:
         2f:76:37:44:d1:66:e3:dd:3d:78:58:94:13:f3:9d:52:93:65:
         77:42:11:fd:8a:62:26:c7:6d:73:62:7f:71:6f:10:ff:64:d8:
         67:fc:25:1e:ec:9f:20:b1:db:1e:e6:7e:0d:5a:72:bc:12:07:
         0c:31:32:de:11:17:73:70:24:be:a4:32:8d:83:08:61:9b:ea:
         0b:32:2d:f3:87:90:97:d3:93:8a:8a:8f:6d:8b:5e:2b:d3:bb:
         bf:75:04:de:38:26:c3:b1:c2:c0:a4:6a:21:1a:0f:d2:23:fe:
         c8:b8:eb:48:ec:d4:ec:45:57:84:f7:4e:76:ec:36:47:9a:c4:
         84:1f:eb:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDzR3QxfWGxp7AyT277JJPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZTljN2FhNTM0YjEzMDBiZjcyNGZmZjBmMGMxYjA1MTlk
NTA1YmIwHhcNMjQwNzI3MDgyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWU4ZWM3NjcxOWY1MjM1OTliZTZhODY0ZWU3YTY1N2FjMjBhN2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC34qfzxnqTxyn3bfiPiRfc7tPbI
xt8u7b7LH2+Jf0HB5EKQBwLXr/Gjtq4O3rnWfwmhBIGFO9psqMmG8WeTvqxt0Ko8
eJY0S78QxsbAb7yk+bqKNRix3A3Rmp+OPMkkaTo1BL1LXCyedSsZk+5dWtne0nNq
sbU5dPi4JdKiGWpdSXt9uiN6HAtYHC6+uU+PPvXWffzPcczKGekaA4LcZMFKCDxd
2t/MjDVzmASpKJj9YQa4JrKLF4DDIQDGXfsl81d2lTgFgXquFERu6S0tB7nfl3Jw
lpAxCsQZ2tDyBcKUWVmNUrAgAo82rGbx5ySsAbxOG1VcThQpJiozQvdaVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLro7HZxn1I1mb5qhk7nplesIKfWMB8GA1UdIwQY
MBaAFMfpx6pTSxMAv3JP/w8MGwUZ1QW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQt
Y2U1MDA4MjdmZjdmLzEvdXVqc2RuR2ZValdadm1xR1R1ZW1WNndncDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC81MGFiZWYtMzc0Yy00ZWE2LWI3ZDQtY2U1MDA4MjdmZjdm
LzEveC1uSHFsTkxFd0NfY2tfX0R3d2JCUm5WQmJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6UgTAN
BgkqhkiG9w0BAQsFAAOCAQEAf/ubkrLfzvI6K+2YwVnMiWCYfTVPWKt9UbhgMWQH
rKMwEkYWNOluh+ObHKTojcY2ebLmV0hlspw5yASrDVOf3dgvSk/qgtfUq5kGbBup
or8eezSHYbvMzETt7d+LaFR3ss5n0wkpisgPTNWVCcJA0RLyE6HLzbSoTYXZvZ0T
L3Y3RNFm4909eFiUE/OdUpNld0IR/YpiJsdtc2J/cW8Q/2TYZ/wlHuyfILHbHuZ+
DVpyvBIHDDEy3hEXc3AkvqQyjYMIYZvqCzIt84eQl9OTioqPbYteK9O7v3UE3jgm
w7HCwKRqIRoP0iP+yLjrSOzU7EVXhPdOduw2R5rEhB/rkQ==
-----END CERTIFICATE-----