Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/r2fMVW-IDkAJ5LeDSFJjM_dq-c4.roa
File:                     r2fMVW-IDkAJ5LeDSFJjM_dq-c4.roa (raw, json)
Hash identifier:          bS92CnkuxdwUJdm6yfdyJaUhVnsL6UHHMAgPPhGG0Pk=
Subject key identifier:   AF:67:CC:55:6F:88:0E:40:09:E4:B7:83:48:52:63:33:F7:6A:F9:CE
Certificate issuer:       /CN=93503061e1ae503ec63d970b30875dd93ffabbdf
Certificate serial:       018F589A95CF144DD7F7AF3CD1B3DF5D9896
Authority key identifier: 93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/r2fMVW-IDkAJ5LeDSFJjM_dq-c4.roa
Signing time:             Wed 08 May 2024 14:27:56 +0000
ROA not before:           Wed 08 May 2024 14:27:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206834
IP address blocks:        2a01:bb20:2000::/36 maxlen: 36
                          2a01:bb20:3000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:9a:95:cf:14:4d:d7:f7:af:3c:d1:b3:df:5d:98:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93503061e1ae503ec63d970b30875dd93ffabbdf
        Validity
            Not Before: May  8 14:27:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af67cc556f880e4009e4b78348526333f76af9ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9f:67:bf:57:34:5d:ed:11:2a:45:ff:68:ae:
                    c3:e0:a2:de:b2:da:e4:a2:5f:50:c9:37:a7:d5:b7:
                    88:bd:a0:1a:a9:71:0c:6d:2b:ed:da:9f:e1:15:e1:
                    78:49:21:7f:21:96:5b:c3:72:11:b1:6d:5d:2c:6d:
                    cc:50:18:89:f3:56:6d:d2:7f:dc:32:28:99:ec:21:
                    5d:58:51:56:76:2c:45:b2:4d:6b:f6:f8:9a:6b:5d:
                    9c:8c:b7:07:a7:58:6e:e7:d0:b4:b5:02:78:1d:ef:
                    8c:99:29:f7:67:e4:b6:2f:9d:d2:6c:7c:8b:24:74:
                    af:cb:0a:76:e4:49:de:0d:10:59:81:20:ff:eb:13:
                    ed:62:bc:53:c1:7b:6a:29:f5:e8:6b:3b:a6:ce:3b:
                    85:a4:7e:4c:48:63:96:07:7c:eb:0d:79:3d:ae:d1:
                    1d:94:07:84:ea:01:40:41:a4:c8:95:8f:8f:98:ec:
                    1d:4b:b4:51:03:da:f6:a9:43:c2:30:1d:ee:62:fc:
                    24:d6:8c:31:34:99:14:92:e2:f8:79:84:d6:60:6c:
                    7b:cf:f5:ee:61:a8:f2:c1:c4:41:a2:c0:9d:aa:5b:
                    9c:74:4e:e7:23:a4:e4:f2:e3:76:6d:67:83:53:3c:
                    28:52:f3:ce:06:56:38:f7:88:ec:33:e9:6e:d2:d8:
                    57:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:67:CC:55:6F:88:0E:40:09:E4:B7:83:48:52:63:33:F7:6A:F9:CE
            X509v3 Authority Key Identifier:
                keyid:93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/r2fMVW-IDkAJ5LeDSFJjM_dq-c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:bb20:2000::/35

    Signature Algorithm: sha256WithRSAEncryption
         a1:08:b3:87:28:61:15:b5:49:ac:f2:f3:73:1f:27:f6:75:aa:
         11:36:56:7b:ee:6e:af:cb:35:c5:ad:76:e5:7e:09:90:f5:33:
         19:39:a0:f7:02:de:f6:ad:1d:8c:ba:e0:e6:d2:04:18:9f:2f:
         b3:15:01:f7:07:b5:35:5d:be:a5:62:5c:30:2a:84:97:de:47:
         67:47:5b:a3:37:04:1e:b0:ef:2e:a1:fd:c4:04:0d:9e:c6:f1:
         89:ce:45:5c:50:5e:3a:68:9c:09:cf:ca:ed:8b:ab:ea:01:6e:
         5b:7c:c0:04:ee:59:fa:22:5d:e9:77:71:de:8d:d8:ea:91:4a:
         d0:a6:95:55:28:cd:d6:bc:bf:e6:e9:dc:5d:db:b5:01:e6:3a:
         c6:be:64:a0:10:11:40:75:89:3a:72:f5:56:29:80:d9:09:f7:
         3a:6d:b9:93:2f:7d:ea:e8:97:c1:e2:d5:ac:2d:b3:dc:d6:9a:
         19:08:f4:bf:76:a2:69:3c:0b:9c:65:03:76:74:cd:37:f0:ed:
         b4:51:95:6c:ca:fd:42:5b:00:07:e6:2d:4e:cf:86:84:84:18:
         4d:f8:11:78:38:1e:1c:c9:16:9c:99:52:48:37:fe:1c:d1:de:
         46:4a:ab:32:e9:98:85:5d:f9:69:41:ae:dd:11:d9:41:6e:82:
         23:06:4c:a8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY9YmpXPFE3X96880bPfXZiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNTAzMDYxZTFhZTUwM2VjNjNkOTcwYjMwODc1ZGQ5M2Zm
YWJiZGYwHhcNMjQwNTA4MTQyNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY3Y2M1NTZmODgwZTQwMDllNGI3ODM0ODUyNjMzM2Y3NmFmOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr59nv1c0Xe0RKkX/aK7D4KLestrk
ol9QyTen1beIvaAaqXEMbSvt2p/hFeF4SSF/IZZbw3IRsW1dLG3MUBiJ81Zt0n/c
MiiZ7CFdWFFWdixFsk1r9viaa12cjLcHp1hu59C0tQJ4He+MmSn3Z+S2L53SbHyL
JHSvywp25EneDRBZgSD/6xPtYrxTwXtqKfXoazumzjuFpH5MSGOWB3zrDXk9rtEd
lAeE6gFAQaTIlY+PmOwdS7RRA9r2qUPCMB3uYvwk1owxNJkUkuL4eYTWYGx7z/Xu
YajywcRBosCdqlucdE7nI6Tk8uN2bWeDUzwoUvPOBlY494jsM+lu0thXWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK9nzFVviA5ACeS3g0hSYzP3avnOMB8GA1UdIwQY
MBaAFJNQMGHhrlA+xj2XCzCHXdk/+rvfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEt
YzYyM2VkOGYyZjI4LzEvcjJmTVZXLUlEa0FKNUxlRFNGSmpNX2RxLWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEtYzYyM2VkOGYyZjI4
LzEvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgG7ICAw
DQYJKoZIhvcNAQELBQADggEBAKEIs4coYRW1Sazy83MfJ/Z1qhE2Vnvubq/LNcWt
duV+CZD1Mxk5oPcC3vatHYy64ObSBBifL7MVAfcHtTVdvqViXDAqhJfeR2dHW6M3
BB6w7y6h/cQEDZ7G8YnORVxQXjponAnPyu2Lq+oBblt8wATuWfoiXel3cd6N2OqR
StCmlVUozda8v+bp3F3btQHmOsa+ZKAQEUB1iTpy9VYpgNkJ9zptuZMvferol8Hi
1awts9zWmhkI9L92omk8C5xlA3Z0zTfw7bRRlWzK/UJbAAfmLU7PhoSEGE34EXg4
HhzJFpyZUkg3/hzR3kZKqzLpmIVd+WlBrt0R2UFugiMGTKg=
-----END CERTIFICATE-----